A bee hive is an industrious place of team work, communication and productivity. Worker bees communicate and work together in an intricate and finely balanced system harvesting pollen and protecting their assets to produce the highest quality and volume of honey possible. Now imagine a vulnerability in one of the entrances to the hive, and a passing wasp taking its opportunity to force entry, steal, feed and wreak havoc.
Your business is its own hive of information and opportunist hackers will seek out vulnerabilities to hack your systems or data. As a bare minimum, this impact will be significant disruption to your workforce and possibly irreparable brand reputation damage. Building and maintaining a positive and visible brand reputation is vital for business success. But reputation can very easily be destroyed by a hacker on a mission, much like the aggressive opportunistic wasp. Many types of businesses are protected by their Guard Bee, the Service Provider, from a large scale cyber-attack. Increasingly businesses won’t be targeted by a swarm, but by a single hacker or small group of criminals, who are more targeted and will spot vulnerabilities in the network structure that could easily go un-noticed. Therefore, reliable and secure technology with clear visibility of the network is essential for today’s organisations. With a growing number of devices becoming connected, demands for transformative technology, along with users’ insistence that their data is secure, means the problem is not going to go away.
The impact of cybercrime and the integrity of our systems to protect data is a huge concern everywhere. The importance of secure data combined with policies and regulations such as GDPR means that organisations are obliged to take the required technical measures to help keep their customers safe and avoid reputational impact.
The variety of structured and unstructured attacks that cybercriminals can deploy has increased, and with it, threats relating to cybersecurity are growing. With a constantly changing threat landscape, businesses must stay fully informed and prepared.
Here we look at five security trends that will shape the way you secure your network hive.
- Protecting the honeypot
Regulatory developments and the need for compliance
With the EU General Data Protection Regulation (GDPR) set to come into effect in less than a year’s time, any business that handles personal data must be well on track towards compliance. Stringent regulation like this, combined with the obvious reputational damage that accompanies a data breach, means that companies have more impetus than ever to protect their customers’ information.
The terms of GDPR ensure that businesses face concrete sanctions for non-compliance – namely administrative fines of up to €20m or 4 per cent of a company’s annual turnover (whichever is greater). In practice, they have a legal obligation to alert the relevant supervisory authority and, in some cases the customers affected, of a data breach within 72 hours of it occurring. This has also been used by hackers as a ransomware advantage – using this as a ‘threat window’ to give people less than 72 hours to settle the breach, so they don’t need to disclose.
Data protection must therefore form an integral part of the architecture of every organisation, considering the way people work and communicate and how it can be done as safely and efficiently as possible.
- Stability in flight
Data privacy in a cloud-led world
Cloud-based technologies can provide powerful and agile content to deliver the best customer experiences and flexibility for an increasingly IT led workforce. All organisations need to balance the level of importance of the data held, where it comes from, how it is hosted, and who it goes to (including all interactions with internal operations, partners, suppliers and so on), with the level of security measures they put in place.
Naturally, one of the main issues businesses may have about storing data in a public cloud is the loss of control. If the cloud provider itself is compromised, your data in turn is vulnerable. Some SMEs, in particular, drawn in by the affordability and scalability of public cloud services, may not be fully aware of the risks presented by outsourcing their data. As mentioned, a hacker will target a vulnerable network, but won’t always know what he is looking for and will be seeking opportunity. Because it hasn’t been an issue to date, a Service Provider) may not have invested in their own security protection. But as their brand builds and they become more noticed, they will become a clearer target.
Ultimately, whether you secure it in-house or through cloud-based technologies, the users are responsible. If upgrades and patches to applications are not made, they can be exploited. However, many modern businesses are increasingly adopting a hybrid cloud approach, with a combination of in-house and public cloud-based architecture, which requires a specific approach.
- A colony of hives
Expansion of data from the Internet of Things
High profile attacks on Internet of Things (IoT) devices, such as the Mirai botnet, have left businesses pondering how to harness the undoubted power of IoT without sacrificing security. Whilst threats to PCs, servers and networked devices are widely understood, there are many unknown or poorly understood threats that IoT brings. It is therefore up to the business to ensure these devices – which are essentially remote controls for the world to operate – are secure and remain accessible by authorised personnel and devices only.
Potentially all these devices, if not secured, are open doors for any malicious organisations or individuals to gain access to internal networks or the device itself. Consequently, businesses need to ensure that they seek advice and expertise from professionals that are aware of the risks and vulnerabilities as well as the mitigation and prevention methods.It has been predicted that 20 billion connected devices will be in circulation by 2020, so the problem must be addressed and rectified before it gets out of control and risks global security.
- The Queen Bee
Protecting Brand Reputation
Today’s 24-hour news cycle and the increased coverage of cyber security in the media means that the impact of a hack or data breach is far wider reaching than the loss of money or information.
It’s not just customers that are affected if security is breached; suppliers and partners are too. After a serious attack takes place and becomes public, the perception by media and social media of the organisation and its partners can nosedive within minutes.
Today, an attack is virtually impossible to contain before anyone hears about it. Taking years to gain and seconds to lose, reputation is intangible but should be taken as seriously as the ‘physical’ risks to a business.
As Henry Ford once said: “you can’t build a reputation on what you are going to do.”
- The intricacies of Honeycomb
Managing fraud in a multichannel environment
Fraud is well understood and most organisations have dedicated solutions for this. However, in a multichannel environment, with sales being taken in one channel and fulfilment handled by another, it’s easy to become a target for exploitation if they do not have a complete understanding of all the processes involved. Because of more demand and usage of internet led services for small businesses, cybercriminals are taking the chance to run low cost and low risk activity that targets less protected systems, meaning that these smaller businesses more than ever need to take clear steps to protect the business and their customers.
Protecting your hive and its colony
We are connected to each other day and night, and our technology hive only works if everyone is working together to protect the business. There are many important steps that should be taken to help ensure cyber-safety for workers such as encryption and software updates. But every size of business must consider how the network can help deliver insight while also protecting your systems and data. Network security management is an advanced process which must fully map out the challenges and risks run by an organisation. Only by analysing and defining the landscape first, can a decision be reached on the security measures to put in place.
A sustainable framework for data governance and security, crisis management procedures and IT architecture needs to be established to achieve a strong security ecosystem and should be at the heart of every piece of technology used. Without it, the damage is not only to the hive, but to its reputation, if a cyberattack disrupts the running of the business, your business will go elsewhere.
[su_box title=”About Russell Crampin” style=”noise” box_color=”#336588″][short_info id=’102935′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.