Genisys Linkedin
Avatar
Genisys Group
Posted 4 years ago

The more data is held in the cloud, the greater the risk of cybercrime. So people are understandably worried, especially since the recent global cyberattack thrust data security issues into the headlines once more.

To combat the threat, businesses must understand and prepare for current and emerging risks. And, according to the Information Security Forum (ISF), the top four global security threats faced in 2017 are:

1. Supercharged connectivity and the IoT

The Internet of Things (IoT) needs data to work, and with 25 billion things projected to be connected to the web by 2020, and the average user expected to interact with a connected device every 18 seconds, these exchanges will flood the world with data.

Of course, the more devices a business uses, and the more information these devices have access to, the more we are all exposed. But with modern technology designed to link and share, stringent security could be problematic, and organisations may be tempted to overlook it in favour of convenience.

But with the threat to reputations and even business continuation a real and present danger, when devising and deploying IoT solutions, organisations must ensure they are fully aware of:

  • What devices are being used
  • What data they have access to (and what they need to have access to)
  • Where any threats exist (and the implications of these)
  • What security measures (e.g. access controls) are necessary to minimise the risk.

2. Sophisticated crime syndicates

In 2017, cybercriminals are becoming more sophisticated and diversifying into new markets. They are committing fraud, stealing information, causing havoc and even influencing governments.

Crime as a service has become commoditised, and, in a bid to make as much money as possible, criminal syndicates are now sharing information and collaborating with one another on an unprecedented scale. In addition, as the market becomes more competitive, buyers of these illegal services can access them at a lower cost.

So, here again, an understanding of the risks and a robust disaster response plan are essential. To limit the impact of losing access to your data, you should also put a disaster recovery plan in place. To do this:

  • Conduct a threat assessment
  • Conduct a business impact analysis
  • Establish a comprehensive backup strategy
  • Define SLAs with any data management partners.

What’s more, business and IT must also cooperate more if they want to keep one step ahead of the criminals.

“Everyone faces the same challenges. We just don’t work together as well as the guys with the blackhats.”
Tech ONTAP Podcast

3. New data regulations

As the number of data breaches is expected to grow, tighter data protection legislation is on the way. In fact, the General Data Protection Regulation (GDPR) requires EU businesses to become compliant with the new laws by 25th May 2018, with a failure to adhere incurring a maximum penalty of €20 million or 4% of worldwide turnover.

While many IT managers are confident they have “some”, “good”, or “full” understanding of the General Data Protection Regulation, there are a number that admit they “don’t know what GDPR is.”

The GDPR introduces many changes for organisations including (but not limited to):

  • A broader definition of personal data (bringing more data into the regulated perimeter)
  • More stringent requirements for processing children’s data
  • Changes to the rules for obtaining valid consent
  • The mandatory appointment of a data protection officer (DPO) for certain companies
  • New requirements for data breach notifications
  • New restrictions on international data transfers
  • New requirements for data portability
  • Ensuring that processes are built on the principle of ‘privacy by design’.

These changes are going to require businesses to invest in policies and resources that ensure compliance; with the cost of any breaches about to become very expensive. What’s more, organisations are going to have to make sure they are aware of any additional regulatory changes (in all the jurisdictions they operate in). For example, exactly what happens after Brexit is still unknown and could depend on a variety of factors.

4. Threats to brand reputation and trust

We all know the damage that can be done to an organisation targeted by a cybercriminal. A true cautionary tale, in 2014, code-hosting and software collaboration platform Code Spaces was put out of business in just 12 hours by an attacker who deleted the company’s data and backups. But, while the Code Space hack stopped many people from trusting in the cloud, in reality, the problem was less about the cloud and more about how the company’s data storage solution was designed.

In 2017, in addition to personal information, sensitive corporate data is now a key target for cybercriminals. And, your employee’s ability to recognise threats and respond to them correctly has never been more important. In fact, training your staff to use stringent passwords and be on the lookout for any suspicious emails is still one of the most crucial steps a business can take to protect itself against attacks.

“The most common vector we see today is still email.”
Tech ONTAP Podcast

Likewise, employees need to be aware of the growing threat of social engineering – an attack vector that relies on human interaction and often tricks people into breaking normal security procedures – and what they can do to avoid exploitation.

In conclusion

Today, with robust cloud encryption available, storing valuable and sensitive data in the cloud is often safer than storing it onsite. In fact, 56% of IT managers say that security is a primary motivation for cloud adoption; evidence that trusting cloud providers with data is not perceived to be a security risk. But, as the IoT develops, the issue of security will become more and more complex, and the saga of convenience versus security continues.

“Users do what’s easiest, what’s more simplistic, and most often that goes totally against the grain of security. We {security specialists) are more intrusive, we need to figure out what’s going on, we need to know all the details; visibility is everything so we can do mitigation. But that takes time and gives you extra steps. It’s everything that the end-user doesn’t want. So how do you simplify that?”
Tech ONTAP Podcast

Security and the cloud go together well, but it is increasingly likely that businesses will need to seek professional support and guidance from experts in data storage and security to make sure everything works the way it should if they want to remain protected and compliant.

ebook

Are you making the right data decisions?

Download  

Browse all Genisys resources

genisys ebook
Coming up next