From high profile data breaches of companies like Facebook and British Airways, to mounting evidence surrounding Russian interference in the 2016 US election, it is safe to say that 2018 was a landmark year in terms of security vulnerabilities and emboldened cyber-criminals. So, with 2019 set to bring more technology advancements, what can you do to protect yourself, and what should your priorities be as a business?
The Information Security Forum – also known as the ISF – is a trustworthy source that senior security professionals and board members turn to for guidance on information security and risk management. They have identified 4 key security threats that businesses will be faced with this year – as well as tips for risk management. You can read the full report here.
Key threats for 2019 include:
1. Increased Sophistication of Cyber Crime
In 2017, high-profile incidents, such as the WannaCry ransomware attack, made file-encrypting malware internet enemy number one. 2018 actually saw a decrease in the number of Ransomware attacks, as many businesses invested in backup solutions that eased the impact of a ransomware attack – or even investing in high quality Endpoint Detection and Response (EDR) systems – which basically eliminate the risk altogether. However, there are still many high-profile ransomware attacks happening, which is why this threat remains at the top of our list as a threat to business in 2019.
How to Prepare:
John Zorabedian, author of Sophos NakedSecurity Blog – suggests that preventing ransomware attacks can be as simple as getting the basics of cyber security right. Back up your files regularly, train and retrain employees in your business (we can help with that if you need). Use a password manager and never reuse passwords. Keep up to date with operating system patches and app or software updates. Change the default administrator passwords on things like home routers, modems, and network-attached storage servers.
2.Legislation Falling Behind
Both regional and national legislators are struggling to keep pace with the fast-paced developments in Cyber-security. They are set to fall even further behind in 2019, with most current legislation in place being years behind the technological curve. At the same time, as businesses cry out for more regulation, sweeping changes get made with tight deadlines that don’t allow adequate time for organisations to attain compliance. The ISF identifies how national regulations will also provide a hindrance: “legislation by its nature is government and regulator driven, resulting in a move towards national regulation at a time when cross border collaboration is needed. Organisations will struggle to keep abreast of such developments which may also impact business models which many have taken for granted”.
What Can I do?
Unfortunately, this one is mostly down to government and regulation. Without doubt, there remains much to be done and it requires the collaboration between governments, private initiatives, the academic sector, and of course, users.
3. Smart Devices will Challenge Data Integrity
As the world enters a new era of technology, businesses are implementing smart devices enthusiastically in an effort to impact their business. This is a huge positive; however, many users won’t realise that these devices are often insecure by design, and therefore offer many opportunities for attackers. These types of attacks are on the rise; in 2018, SophosLabs saw significant growth in the volume of attacks targeting IoT devices. One of the reasons for this is that it’s challenging to detect a device is affected until something goes horribly wrong.
There will also be an increasing lack of transparency – vague terms and conditions will allow organisations to use personal data in ways customers did not intend. This will prove problematic for business, as it’ll become less clear to pinpoint what information is leaving their networks or what is being secretly captured and transmitted by devices such as smartphones or conference phones. To add insult to injury, when breaches occur, organisations will be held liable by regulators and customers for inadequate data protection.
Again, the main advice for preventing these types of attacks is to focus on mastering the basics. Make sure all devices are kept updated, and continually updating passwords. A new device that’s being introduced as a replacement for old devices makes it increasingly easy to forget about every connected device on your network. But old devices may carry old security protocols, forgotten passwords, and a whole host of other threats to your networks.
Each device is a potential weak point that has to be secured. So, if there are old access points that you no longer use, you’ll want to thoroughly disconnect them from the network – even going as far as doing a factory reset on the gadget.
4. Supply Chain Assurance Myths
Supply chains are a vital component of any B2B or B2C organisation. They are integral to the smooth running of a business, with valuable – and often sensitive – business information being shared with trusted suppliers. It’s important to remember that when this information is shared, direct control over your data is lost. This year, many organisations will realise that gaining traditional reassurance of their supply chain security is a lost cause. Businesses that continue to focus on assuring supply chain security with approaches such as self-certified audit and assurance, may preserve the illusion of security in the short term, but will inevitably discover that the security foundations they believed to be in place were lacking. Even the smallest supplier, or the slightest supply chain disruption, can have serious impacts on your business. Brand management and brand reputation are subject to the successful security of your supply chain; both are constantly at stake.
What to do:
Refocus on managing key data and understanding where and how it has been shared across multiple channels and boundaries, irrespective of supply chain provider. The best method is to implement a supply chain information risk assurance process, which is focused on information shared with upstream suppliers. This can be done by using supply chain maps to follow the information. Such an upstream information-sharing assessment tracks what is being shared with the suppliers’ suppliers and beyond. The results draw attention to significant concentrations of information, triggering the implementation of additional controls on your suppliers and can mitigate risks.
The unfortunate reality of today’s complex digital marketplace is that it is impossible to prevent every security compromise beforehand, and that no matter how much you prepare, there are still risks. However, being proactive now also means you, and your business will be better able to react rapidly and intelligently when something does happen.
For more information, guidance, and support on making sure your infrastructure is as secure as possible, get in touch with one of our engineers.