As threats evolve and grow more sophisticated, securing IT systems is more important than ever.
We may welcome in the New Year with open arms, but we must also prepare for the cybersecurity threats ahead of us. The 2015 Cost of Data Breach Study from IBM and the Ponemon Institute put the average cost of a data breach at $3.79 million, and that figure is expected to grow in the year ahead. With the right resolutions, you can drastically reduce your chances of falling prey to cybercriminals.
1. Cloud services
As more and more of the services we use reside in the cloud, IT departments can lose oversight and control. Employees are bypassing IT to snag the services they feel they need, and there’s a real danger that they’re bypassing security protocols and systems in the process. You should take steps to ensure that your IT department has full visibility.
Even approved cloud vendors must be scrutinized on an ongoing basis. Do you know where your data resides? Do your cloud service providers meet your security standards? If they aren’t in compliance, their failure to meet regulatory requirements could be something that you’re liable for. Don’t take it on trust, test your third-party vendors and verify for yourself.
The impact of ransomware is growing. According to the Cyber Threat Alliance, the recent CyrptoWall v3 threat has cost hundreds of thousands of users worldwide more than $325 million so far. This kind of attack encrypts important files, rendering data inaccessible until you pay the ransom. It often relies upon social engineering techniques to gain a foothold.
It works, and we expect to see a lot more of it over the next 12 months, because the easiest way for many individuals and businesses to get their data back is just to pay the ransom. With a bit of forethought, better education and real-time security protection, not to mention a regular, robust backup routine, the threat of ransomware can be cut down to size.
3. Spear phishing
Cybercriminals follow the path of least resistance and the easiest way for them to gain access to your precious data is usually by tricking a person into handing over the keys, not by writing a clever piece of code. Phishing attacks are growing more sophisticated all the time, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems.
The targeting of high-level execs or anyone with a high security clearance is on the rise. If cybercriminals can hack a CEO’s account, for example, they can use it to wreak havoc and expose a lot of sensitive data. Educating potential targets about the dangers is not enough. You need a combination of real-time monitoring and scanning systems, with protective blocking capabilities. That said, sometimes laying down a security policy for employee education is all you need.
4. Known vulnerabilities
The open source movement has leveled the playing field for many companies, and there are also lots of off-the-shelf software packages that are very popular. Integrating this software will often make more business sense than developing something in-house, but you have to keep vulnerabilities in mind. Publicly known vulnerabilities are one of the biggest threats for IT departments.
Consider that HP’s 2015 Cyber Risk Report found that 44% of 2014 breaches came from vulnerabilities that are two to four years old, and you can see the problem. Software must be patched regularly, and expertise is required to avoid common misconfigurations that offer attackers an easy way in.
5. The Internet of Things
We’ve seen a wave of mobile devices and wearables stream into the workplace, each offering a new potential inroad for a cybercriminal, but the Internet of Things represents another looming threat. As connectivity spreads into every corner of our lives and businesses, it becomes more and more challenging to maintain a clear view of entry points and data flow.
The IoT may herald some exciting business opportunities, but we must be mindful about ensuring that access is limited and secure. Sensitive data should be encrypted, access must be restricted, and oversight is needed. It’s important to be able to manage and block access to enterprise devices and networks when necessary.
If you expect to enjoy success in 2016, and you want to ensure that your plans aren’t derailed, then make sure that these cybersecurity trends are on your radar.
This article was recently published in Network World.