2017 saw some significant cyber-attacks that brought down both large institutions and small businesses, to the tune of 5 billion. The WannaCry attack on the NHS alone cost at least £180 000. The next 12 months is unlikely to pass without cyber threats to your own business, or a business that you work with. There is benefit in knowing how trends are developing, so you can focus your IT teams on shoring up your defences. Get ahead of the issues before they arise. Here are the top cyber security threats to prepare for in 2018.
Small and medium businesses are increasingly becoming targets as larger entities like banks deploy serious protocol that is difficult to crack. Smaller businesses are less likely to have the cyber security firepower of large corporations, and can be more susceptible to phishing attacks. In addition, CaaS opens up the potential for jilted ex-employees and mischievous actors to cause more damage than ever before. For example, there is anecdotal evidence to suggest they are less likely to stick to the premise of ransomware attacks (pay ransom and get your data back), but rather to continue withholding data after payments have been taken. Talk to your IT providers to revaluate your staff access permissions and overall network security.
Getting the board on board
Depending on the size of your organisation, there may be some difficulty communicating to your decision makers about the need for increased spending on IT, and cyber security needs in particular. While it may be obvious that cyber security protocols are a necessity, it may be wise to communicate the monetary value that your IT team provides. Outline the likely costs your business could incur as a result of a successful attack. Connect data security to the incoming GDPR regulations (more below) and the potential for astronomical fines if your networks are breached.
There is a need to be agile and aware of the surroundings, to be responsive but also proactive. If you’re hamstrung by budgets or burdensome approvals processes, you may be too slow to stop an attack. Be prepared to market your information in a way that makes the risks obvious, and don’t forget to illustrate the ‘what’s in it for me’ principle for both the boss and the business. No department head or board member wants to be held responsible for an avoidable cyber security catastrophe.
GDPR is coming, and it’s drawing in a lot of attention and resources. It has the potential to be very resource-intensive and the penalties for breaches are so severe that you ignore them at your peril. It’s both a protective measure but also a potential threat, as worrying about it can be distracting, and take away focus from protecting your assets. Your team will need to be across the implementation requirements, and be able to communicate and demonstrate your compliance to regulators and clients alike. Your business will likely see an increase in costs as the adjustment period and implementation occurs.
The Internet of Things (IoT)
The Internet of Things (IoT) is still young, and like any nascent technology, it continues to grow faster than pro-security actors can protect it. Internet connected devices can range from tea kettles to wind turbines, and there are plenty of examples of how those devices have been found to have few protections against malicious incursion. If a device is breached, it can act as a gateway to entire networks. The rise of automated consumer devices that are programmed to listen in to conversations is a high-risk vulnerability for businesses. It may be wise not to have them in your workplace if you value your confidential data. It’s unknown or opaque about how companies are using and storing that data, and how secure the devices, transmission processes and storage are.
As large industrial equipment is also seeing an increase in connectivity, there is a risk that these may be compromised and directed to cause harm or damage. Conducting a thorough audit of your connected devices via penetration testing may reveal weaknesses that can be improved upon.
Prevention of Crime as a Service (CaaS)
Increasingly, criminally minded individuals are getting organised and beginning to form entities that operate similarly to regular businesses or corporations. Sometimes in coordination with established criminal networks, they offer services such as hacking, and malware code writing. People with malicious intent no longer need to know how to inflict damage – they can purchase access to the programs that can cause havoc for your business.
No business operates as an island. In some form or another, you will be sharing sensitive data with third parties. This is not a problem in and of itself, however, it can be difficult to vouch for the security of your data once it’s passed from your hands. If consumer or corporate data is compromised, confidence in your brand will plummet, regardless of where along the supply chain it was compromised. It’s also important to consider the notion that supply of goods or services may be impacted if your suppliers become victim to a cyber-attack. It is good business to communicate with your vendors and suppliers about cyber security. It’s almost impossible to protect your data once it’s out of your hands. Taking a proactive approach with your external stakeholders may help reduce the risk of a data breach.
In conclusion, 2018 is shaping up to be a challenging year for IT teams across Ireland. If you are responsible for IT security in your business, you may find your role including more communication time as you liaise with both your board and your suppliers. Audit your smart devices and sensor-connected equipment.
Get your business GDPR compliant. If you can do these things, you will be better prepared to fend off an attack or a challenge to your security in 2018.