Be vigilant urges CRIBB Cyber Security’s Patrick J Carolan
With highly publicised data breaches and cyber-attacks occurring daily, cyber security is a major concern for all organisations, their staff and their customers. Large corporations have shown just how much damage can be done when a malicious actor accesses and manipulates an organisation’s systems. A hack can result in immediate financial and operational consequences. Breached businesses often face class-action lawsuits, regulatory fines, reputational damage and a collapse in share price.
In this age of digital transformation, data needs to be considered as the most important asset of an organisation. Companies need to be investing in cybersecurity, making it a primary focus instead of a secondary thought. With cyber-attacks growing exponentially, criminals are using multiple tactics to breach businesses’ security. Cyber security and the prevention of a cyber-attack requires constant vigilance, understanding and preparation.
The table below shows how the attack vectors have increased substantially, however this has only been reflected through a minimal increase in investment into cybersecurity.
|Organisations victimised by one or more successful cyber-attacks||62%||77%|
|Optimism for dodging a successful cyber-attack in the coming year||62%||38%|
|IT security’s weakest links||Mobile devices Laptops / notebooks Social media||Containers Mobile devices Cloud infrastructure|
|IT security’s greatest inhibitors||Low-security awareness among employees||Lack of skilled IT security personnel|
|Greatest cyberthreat concerns||Malware|
|Hottest network security technology planned for acquisition||Next-generation firewall (NGFW)||Advanced malware analysis|
|Hottest endpoint security technology planned for acquisition||Advanced malware analysis||Containerisation /micro-virtualisation|
|Change in next year’s IT security budget||No change||Increase 5-9%|
Report Defense Cyberthreat 2018
From this table, it’s easy to conclude that businesses must develop their Cyber Protection strategy in line with their expansions in current/future technology and business growth. Establishments are aware that cyber-crimes are on the increase, however many underestimate the required security to prevent criminals from successfully accessing data. There are many methods which a scammer will utilise to exploit vulnerabilities in an organisation’s infrastructure. Here are two areas in which organisations are frequently exposed to a cyber-attack:
Inadvertent engagement by staff
More often than not, cyber-attacks are introduced to networks via an interaction from an employee or user of the system. Phishing and ransomware often require input from an employee to allow it to interact with the IT infrastructure. This can range from an employee opening up an email attachment to inadvertently providing valuable information to the attacker.
Ransomware has quickly become one of the largest threats to organisations; once accidently enabled by a staff member, the software is able to infiltrate networks quickly with potentially costly repercussions. Additionally, it is critical to manage supply chains to ensure that hardware and software is being sourced from reputable and trustworthy companies. Inside vulnerability is often something that is overlooked; ensuring that all staff members are able to recognise threats will result in a reduction in a company’s cyber risk.
Vulnerable IT infrastructures
Companies are now becoming increasingly aware that attempted cyber-attacks will take place. Despite this, many organisations are still making basic mistakes when protecting their networks. Cloud security is often under-established due to organisations believing that the cloud host is responsible for cloud security and not the company themselves. In addition to cloud spaces being left vulnerable to hacks, many organisations are also relying on overly-simple single-factor password methods to protect valuable assets.
Many companies believe they are taking precautions to prevent attacks however, through misinformation and naivety, the precautions being taken are often too basic to address the threat of sophisticated cyber criminals. Establishing complex and thorough security procedures is the only way of reducing the risk of a cyber-attack. With information security and data protection a highly serious matter, firms must respect the acumen of cyber hackers and the tranches of data they can retrieve through intelligent technology.
Some or all of these attack scenarios will be affecting your business and most probably have been for years. It’s crucial to be vigilant and to educate yourself and your staff. In our next article we will follow up with a detailed breakdown of key IT threats facing companies in 2019.