What security threats do we need to prepare for in 2019?
Gone are the days when the only security available to a business is Norton AntiVirus. The security needed to protect a company nowadays is considerably more intricate, often requiring private security, rules and regulations, assessments, numerous training procedures, and so much more.
Over 8000 data breach reports have been filed since General Data Protection Regulation (GDPR) came into play in May 2018. Had GDPR been introduced a few years earlier, companies including eBay, Yahoo and Equifax would’ve all succumbed to multi-million pound fines, due to their lack of processes in place for the reporting and overcoming of a data breach. Had Yahoo’s data breach of over three million accounts - the largest breach in history - happened since GDPR was introduced, the company would’ve been fined up to $160m.
With the media so vocal when it comes to the reputation of well-known organisations, getting security wrong can truly ruin a business, with many wondering how such an entity can be so incompetent.
There are numerous reasons for a breach to occur, so protecting yourself from the get-go is critical when it comes to ensuring you’re ready for whatever security threats come your way. Here are some of the top threats we think it’s worth preparing for.
With the increase in need for necessary cybersecurity staff, we’re now seeing a shortfall in available qualified personnel. A recent survey by the ISSA showed that up to 70 percent of organisations noticed that because it was so difficult to find and employ competent cybersecurity employees, their business suffered negatively. Four years ago, only 23% of businesses found this was the case. A quarter of the 70% of firms believed the lack of skilled cybersecurity staff was a defining factor in security incidents.
It’s now more important than ever for firms to train and upskill their own internal staff from the start, helping to give employees the relevant knowledge so their ignorance in security procedures and protocol is never the reason for a large-scale data or security breach.
Don’t leave your data exposed
Gartner research showed that at least 95 percent of cloud security failures in the next four years will be the customer’s fault. While cloud storage is now considered the most secure solution for storing and sharing files when configured correctly, it’s of little use if the customer can’t set up their solution properly.
Security leaders must ensure that a cloud provider is secure by default, and can then assist with ensuring that security is configured correctly, allowing work to flow without security even being a worry.
Any cloud software used by a business should be a help, not a hindrance that requires constant in-house supervision and maintenance.
Advanced persistent threats (APTs) getting stronger
As well as being well-funded by various organisations, motivated and sophisticated, advanced persistent threats are a type of cyberattack that establishes a foothold in the IT infrastructure of organisations, and steals data from all relevant systems. An ATP could be a criminal group trying to make a quick buck, to hostile nation states.
It is predicted that the groups responsible for these attacks will become even more sophisticated and find different ways of targeting organisation every day for years to come.
Defence against these criminals requires skill and a level of security controls that the average business doesn’t have. By moving the most sensitive data into a cloud service, you’ll be ensuring that the service you use has the resources to hire the staff and deploy countermeasures to defend against these attacks.
If done in-house, having a dedicated security operations centre (SOC), incident response, and even a forensic analysis specialist are a few steps that can help you to detect and defend against these attacks.
Test. Test. Test. (And Repeat!)
By running simulated hacking exercises against corporate networks and systems to ascertain how cybercriminals could gain entry, also known as penetration testing, you can highlight functionality that can be utilised by a hacker looking to gain access to your system. Although just using penetration testing as a tick-box exercise, or to appease auditors, isn’t enough.
When testing is done properly, any vulnerabilities can be found and overcome with relative ease, if caught early enough. Unchecked exposures put the security of all services and data within any given company at significant risk. It’s up to each individual company to run their own tests of third party systems where critical data is stored, to ensure that any weak spots that they’ve uncovered have been addressed.
So it’s clear from the above that the main focal point in 2019 is testing your systems to check that they’re failsafe, and having the relevant security procedures in place from the start, so security doesn’t always need to be at the forefront of your mind - it’s working just fine!