Story image

Why cyber threats are draining your resources

01 Oct 2018
Sponsored

Article by Martin Lipka, Head of Connectivity Architecture, Pulsant 

Switch on the news, pick up the newspaper, or log onto the internet and you are faced with a story concerning cyber security. News about large-scale hacks and data breaches are making headlines more frequently than ever before, from the infamous WannaCry incident to the recent BA data breach.

Cyber security is no longer an issue the IT department is solely responsible for – it’s now an organisation-wide priority. And it’s not just the financial element of cyber crime, which costs businesses about $600 billion globally, according to one estimate. It’s also the damage to an organisation’s reputation when it emerges that it has been hacked, or lost customer data.

The sheer number of cyber threats can seem overwhelming, even for businesses with large IT departments. But with planning, clear thinking and the right technology, all businesses can improve their IT security and mitigate the cyber threat.

Not all attacks are obvious

Approximately 19% of attacks are carried out by advanced hackers supported by the state or those involved in corporate espionage. Unless you are a large organisation, they are unlikely to target you. The other eighty per cent of attacks are perpetuated by hackers who simply use known vulnerabilities to exploit the weaknesses in company systems . 

Another misconception is that attacks or breaches are noticed immediately. British Airways experienced a cyber attack in August this year, but it took them over two weeks to notice that their customers’ card payment details had been compromised.  It takes companies 191 days on average to find a data breach, according to global research published in 2017.

It is almost an inevitability that businesses will face a cyber attack at some point, which means cyber security is more about mitigating your risks rather than eliminating them. 

Use a risk-based approach 

•Start by reviewing your IT systems and look for possible vulnerabilities that hackers or a rogue employee could exploit – an unpatched operating system, or a worker’s smartphone containing sensitive commercial data.

•Next, assess the severity of the security threat (i.e. the damage would it cause your business if security was breached). One proven method for assessing IT security is a “risk-based” approach (an in-depth assessment of your IT risks and how to deal with them). Work out how to fix the problem or decrease the security risk. 

•Review your IT security − ideally each year and train your staff in cyber security – not just those in IT. If your business lacks the budget or skills and experience to do all these things, outsourcing part could save you time and money.

•If you work with a trusted partner you can benefit from their industry knowledge, in-house skills and the large investment they have made into all areas of their business.

Look to the future 

As cyber threats multiply and become more advanced, corporate IT security budgets are likely to carry on increasing. The Global Cyber Security Market is accounted for $95.15 billion in 2017 and is expected to reach $365.26 billion by 2026.

The number of attacks is also likely to increase due to demand for “crime as-a-service”  (hackers for hire who can write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials).

We will also see a shift in the devices that are being targeted. While today most attacks revolve around PCs and laptops, this will slowly change to mobile phones, where users typically hold a huge amount of personal data and information. 

Conclusion 

The emergence of technologies like AI, machine learning and IoT will undoubtedly change the landscape in new and unpredictable ways, and this is something you need to keep in mind when creating cyber security strategies.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.