The more data is held in the cloud, the greater the risk of cybercrime. So people are understandably worried, especially since the recent global cyberattack thrust data security issues into the headlines once more.
To combat the threat, businesses must understand and prepare for current and emerging risks. And, according to the Information Security Forum (ISF), the top four global security threats faced in 2017 are:
The Internet of Things (IoT) needs data to work, and with 25 billion things projected to be connected to the web by 2020, and the average user expected to interact with a connected device every 18 seconds, these exchanges will flood the world with data.
Of course, the more devices a business uses, and the more information these devices have access to, the more we are all exposed. But with modern technology designed to link and share, stringent security could be problematic, and organisations may be tempted to overlook it in favour of convenience.
But with the threat to reputations and even business continuation a real and present danger, when devising and deploying IoT solutions, organisations must ensure they are fully aware of:
In 2017, cybercriminals are becoming more sophisticated and diversifying into new markets. They are committing fraud, stealing information, causing havoc and even influencing governments.
Crime as a service has become commoditised, and, in a bid to make as much money as possible, criminal syndicates are now sharing information and collaborating with one another on an unprecedented scale. In addition, as the market becomes more competitive, buyers of these illegal services can access them at a lower cost.
So, here again, an understanding of the risks and a robust disaster response plan are essential. To limit the impact of losing access to your data, you should also put a disaster recovery plan in place. To do this:
What’s more, business and IT must also cooperate more if they want to keep one step ahead of the criminals.
“Everyone faces the same challenges. We just don’t work together as well as the guys with the blackhats.”
Tech ONTAP Podcast
As the number of data breaches is expected to grow, tighter data protection legislation is on the way. In fact, the General Data Protection Regulation (GDPR) requires EU businesses to become compliant with the new laws by 25th May 2018, with a failure to adhere incurring a maximum penalty of €20 million or 4% of worldwide turnover.
While many IT managers are confident they have “some”, “good”, or “full” understanding of the General Data Protection Regulation, there are a number that admit they “don’t know what GDPR is.”
The GDPR introduces many changes for organisations including (but not limited to):
These changes are going to require businesses to invest in policies and resources that ensure compliance; with the cost of any breaches about to become very expensive. What’s more, organisations are going to have to make sure they are aware of any additional regulatory changes (in all the jurisdictions they operate in). For example, exactly what happens after Brexit is still unknown and could depend on a variety of factors.
We all know the damage that can be done to an organisation targeted by a cybercriminal. A true cautionary tale, in 2014, code-hosting and software collaboration platform Code Spaces was put out of business in just 12 hours by an attacker who deleted the company’s data and backups. But, while the Code Space hack stopped many people from trusting in the cloud, in reality, the problem was less about the cloud and more about how the company’s data storage solution was designed.
In 2017, in addition to personal information, sensitive corporate data is now a key target for cybercriminals. And, your employee’s ability to recognise threats and respond to them correctly has never been more important. In fact, training your staff to use stringent passwords and be on the lookout for any suspicious emails is still one of the most crucial steps a business can take to protect itself against attacks.
“The most common vector we see today is still email.”
Tech ONTAP Podcast
Likewise, employees need to be aware of the growing threat of social engineering – an attack vector that relies on human interaction and often tricks people into breaking normal security procedures – and what they can do to avoid exploitation.
“Users do what’s easiest, what’s more simplistic, and most often that goes totally against the grain of security. We {security specialists) are more intrusive, we need to figure out what’s going on, we need to know all the details; visibility is everything so we can do mitigation. But that takes time and gives you extra steps. It’s everything that the end-user doesn’t want. So how do you simplify that?” Tech ONTAP Podcast