Story image

Why cyber threats are draining your resources

01 Oct 18
Sponsored

Article by Martin Lipka, Head of Connectivity Architecture, Pulsant 

Switch on the news, pick up the newspaper, or log onto the internet and you are faced with a story concerning cyber security. News about large-scale hacks and data breaches are making headlines more frequently than ever before, from the infamous WannaCry incident to the recent BA data breach.

Cyber security is no longer an issue the IT department is solely responsible for – it’s now an organisation-wide priority. And it’s not just the financial element of cyber crime, which costs businesses about $600 billion globally, according to one estimate. It’s also the damage to an organisation’s reputation when it emerges that it has been hacked, or lost customer data.

The sheer number of cyber threats can seem overwhelming, even for businesses with large IT departments. But with planning, clear thinking and the right technology, all businesses can improve their IT security and mitigate the cyber threat.

Not all attacks are obvious

Approximately 19% of attacks are carried out by advanced hackers supported by the state or those involved in corporate espionage. Unless you are a large organisation, they are unlikely to target you. The other eighty per cent of attacks are perpetuated by hackers who simply use known vulnerabilities to exploit the weaknesses in company systems . 

Another misconception is that attacks or breaches are noticed immediately. British Airways experienced a cyber attack in August this year, but it took them over two weeks to notice that their customers’ card payment details had been compromised.  It takes companies 191 days on average to find a data breach, according to global research published in 2017.

It is almost an inevitability that businesses will face a cyber attack at some point, which means cyber security is more about mitigating your risks rather than eliminating them. 

Use a risk-based approach 

•Start by reviewing your IT systems and look for possible vulnerabilities that hackers or a rogue employee could exploit – an unpatched operating system, or a worker’s smartphone containing sensitive commercial data.

•Next, assess the severity of the security threat (i.e. the damage would it cause your business if security was breached). One proven method for assessing IT security is a “risk-based” approach (an in-depth assessment of your IT risks and how to deal with them). Work out how to fix the problem or decrease the security risk. 

•Review your IT security − ideally each year and train your staff in cyber security – not just those in IT. If your business lacks the budget or skills and experience to do all these things, outsourcing part could save you time and money.

•If you work with a trusted partner you can benefit from their industry knowledge, in-house skills and the large investment they have made into all areas of their business.

Look to the future 

As cyber threats multiply and become more advanced, corporate IT security budgets are likely to carry on increasing. The Global Cyber Security Market is accounted for $95.15 billion in 2017 and is expected to reach $365.26 billion by 2026.

The number of attacks is also likely to increase due to demand for “crime as-a-service”  (hackers for hire who can write malware, create highly effective spear phishing campaigns and develop bogus websites for harvesting login credentials).

We will also see a shift in the devices that are being targeted. While today most attacks revolve around PCs and laptops, this will slowly change to mobile phones, where users typically hold a huge amount of personal data and information. 

Conclusion 

The emergence of technologies like AI, machine learning and IoT will undoubtedly change the landscape in new and unpredictable ways, and this is something you need to keep in mind when creating cyber security strategies.

How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."