With the frequency and severity of high-profile hacks over recent years, it’s now more important than ever that companies are vigilant when it comes to security issues. When you consider that hackers were able to compromise TalkTalk, Carphone Warehouse and Ashley Madison, you begin to understand the complexity of the problem.
In fact, such is its prevalence, according to data published by NTT Com Security, some 18% of senior business decision makers now see poor IT security as the single biggest risk to their business, compared with just nine per cent in 2014.
The Threats
Cyber threats are continually evolving and the pace and changing nature of the threats will not slow over the coming year. Here we look at some key areas that IT Lab feel will present challenges to both large and small organisations, across all sectors throughout 2016.
Ransomware
Blocking a company’s access to its systems until ransom has been paid, ransomware is proving to provide a continual pipeline of cash for criminal and terrorist groups operating globally, with a 165% increase in malware instances in 2015 according to the McAfee Labs Threats Report. Many users and service providers are often so desperate to unlock devices and not draw attention to the breach that they pay ransom amounts to regain control.
Data, Borders and Cloud
We operate in an increasingly flexible business world, taking advantage of global internet connectivity and cloud providers able to offer multi-tenancy. Much of the data transiting these global networks is protected by minimal of faulty SSL encryption. With data also residing in different countries and crossing borders, the legal consideration of your data and the safety and integrity of it should be a concern.
Connected devices
50 billion devices will be connected to the internet by 2020 reports Cisco. Hackers showcasing their capabilities and credentials have taken to displaying their ability to hack a range of connected devices. Kettles, fridges and baby monitors have all been subject to displays of hacking, but these skills can increasingly and easily be transferred to more critical connected devices, such as electricity controls, cars, medical devices and UAVs.
How to Respond to the Threat
Education
Training and awareness are both the easiest and effective measure organisations can take to increase their resilience to cyberattacks. To prevent data breaches, improving training and education is imperative. Making people aware of the risks, tricks and ways in which they may knowingly or unknowingly aid a cyberattack is highly valuable in securing an organisation.
Legislation and Regulation
Government legislations will increasingly provide a legal basis for the reporting of data breaches and the acceptability of IT security measures (e.g. Australian Mandatory Data Breach Notification Laws). In tandem, regulators will structure industry specific regimes to provide greater assurance and testing relating to cyber-specific threats for their related industry (e.g. Bank of England Cyber Testing – CBEST).
Spending to Secure
It is estimated that spend on IT Security will reach between £70 and £100bn globally by 2018. Both companies and consumers will become increasingly aware of security vulnerabilities and will take active roles in trying to secure their corporate and personal data. This will lead to companies investing in IT security services, while most large companies will also look to grow their internal security teams also.
As the UK Government announces its plans to enhance its cyber capabilities with the launch of the National Cyber Security Centre (NCSC), companies large and small should take time to consider what evolving cyber threats they face, how well they are able to protect their data and how well positioned they are to respond to a cyber-attack.
