Understanding The Cyber Security Landscape
39% of businesses surveyed found a BYO device on their network that had downloaded MALWARE
As we come to depend more on technology in business as within our day-to-day lives, the threat to our systems is evolving. We’ve moved on from simple viruses that attack a vulnerable PC leading to hours of removal and repair work. We’re now in an era where the wireless technology is being used to control devices across the organization; where each individual has their own smart phone.
Now, each team member has their own role to play in protecting their organization and its customers from outside threats. And so, the question becomes: What can organizations do to empower and guide individuals in supporting organizational security in this era of increased digital dependency?
An evolving threat
With an increasing consumer awareness on security breaches and data risks, companies must now be more proactive in how they manage their systems. The studies show that cyber-attacks are increasing in both frequency and scale. Research by digital services company Gemalto found the number of data breaches worldwide increased by 164% between 2016 and 2017. And many growing companies across the country are still not prepared to face the new and emerging threats.
Let’s look at the factors that are influencing the current cyber security landscape and shaping the marketplace.
The diversity and number of devices that both employees and customers of the modern organization use is increasing. Whether it’s the latest iOS system or the newest Android release, mobile devices are now increasingly being targeted by hackers directly as a way to access business information and extract valuable data.
The newest devices might feature the latest security protocols, but companies must still put safeguards in place, and educate employees on the benefits of their use. This is particularly true within an organization with a BYOD policy, where outside devices are being brought into the office.
Policies of this nature might give employees more flexibility and autonomy within their positions, but they also present a threat to companies in which data control and access limitations are critical security considerations.
The Internet of Things is a developing marketplace in which every item within the office, from the thermostat to the refrigerator, is connected to the Internet to provide a constant data link that helps automate various elements of office life. While this increasing automation is making the life of the modern employee easier, and helping companies reduce costs, it also presents a very real security risk.
In an environment where many systems are connected to the same server, it only takes a small flaw in a rarely used product to allow access to the entire data infrastructure. And, all too often, connected devices are left vulnerable through the use of default passwords, and standard security protocols that have long since been infiltrated by hackers.
The IoT trend has given rise to the looming threat of botnets, which are automated systems that scan large swaths of information in seconds for potential weaknesses. Botnets use default passwords and other standard security processes to log-in to unprotected devices, allowing them to control the device after entry and then use the data they find to impact the company, its staff and employees.
In capitalizing on the IoT trends within their companies, teams must maintain clear sight on their security goals and mitigate the impact of automation on their security structure.
Lack of Onsite Skills
With the increasing need for IT security guidance and the rising challenges emanating from across the globe, there’s a dearth of onsite skills for the modern business to utilize. Specialists in IT security, particularly in modern IT security threats are few and far between.
Recent data shows that 75% of organizations worldwide lack a cybersecurity expert on their staff4. And this is leading companies to turn to outside sources for a response to the challenge. It’s the reason many are outsourcing their security education and working with trusted companies in ensuring their IT teams and other office staff have the information they need to make more effective security choices.
New Forms of Attack
In recent years, attackers have also devised novel ways in which to attack organizations and access data. One of the more common methods in large scale attacks in recent years has been the use of ransomware. Ransomware attacks involve infecting an organization’s systems and then asking for a form of “ransom” in order to stop the attack and remove the infection.
The success of these types of attacks was highlighted by the WannaCry event, in which 250,000 computers in over 150 countries, including systems in 16 NHS medical centers, were infected within less than a day.5 As with the Equifax breach, a patch would have resolved the issue but, without a proactive focus on IT security, organizations incurred a significant cost.
Business email compromise is another form of attack that is on the rise in recent years. The data shows that between October 2013 and December 2016, hackers stole over $5.3billion in the U.S. alone through BEC attacks. 6 This style of threat is becoming more popular along with BYOD policies. Companies allowing their employees to bring their own devices must be acutely aware of the importance of email security and threat analysis.
Many experienced professionals have fallen victim to sophisticated email attacks in recent years, simply due to a lack of education within organizations and a lack of attention to detail. The goal for the modern company is to train employees to identify out of the ordinary requests and common strategies used by attackers to gain data access.
Prediction Models an Important Security Element within the current security field, AI-based prediction modeling has become another important element in safeguarding companies against potential threats. Studies involving the use of AI-based machine learning programs are helping to determine when an organization is most vulnerable to attacks and through which channel a threat might be arise. This can give companies the upper hand in terms of defending their data and in threat mitigation over the coming years. The focus is now on helping staff work with these machine learning systems and on learning the measures to take when a threat is highlighted.
Use of Applications as a Threat
While mobile applications are now helping improve the performance of smartphone and increasing the capabilities at the hands of the mobile workforce, the data on mobile applications is at significant risk of attack in the modern area. Many organizations are now harnessing sever-less apps, which support greater scalability. These applications also capitalize on the use of data in transit.
Data being sent between networks is at its most vulnerable state and can be captured by coordinated attacks seeking out specification information on a company, its employees and customers. The use of applications within their workforce can make companies more vulnerable to DDOS attacks, in which a server-less architecture might fail to scale with the demand for service, leading to expensive disruptions for the company.