This used to be an easy job. Install your free antivirus and relax, let the software do the work, right? Unfortunately, it’s no longer so simple. Risks are too many and too varied – security cannot be placed on the shoulders of one program, or even one department. (looking at you, IT)
Research by the Ponemon institute tells us that $3.62 million was the average cost of a data breach in 2017 – numbers that are likely to make any executive hot under the collar. It follows that C-level figures in many organisations are now keeping a keen eye trained on their organisation’s cyber security approach. If this is your responsibility, keep a keen eye on the following issues.
The consensus among cyber security professionals is that any organisation’s greatest weakness is their people. Yep, not firewalls or wires or unsecured networks, but the human element.
Many hackers ‘hack people’ in the sense that they can obtain phone numbers or emails, and simply get access to private information by manipulating employees – and why wouldn’t they? If they can simply get what they want by lying over the phone, why bother with complex hacking activities? To this end the priority of your cyber security strategy should be equipping employees to be guarded against ‘social engineering’.
Executives need to pay attention to security holistically and make sure that there is training in place alongside spoken or physical systems of verification that can eliminate the risk of an outsider posing as employee. Internal reminders, boot camps or even posters reminding people to stay vigilant can help to encourage a culture of awareness around the issue.
Any organisation who has prepared thoroughly for GDPR is likely now aware of the data controlled or processed by third parties working alongside them. Sharing data with another organisation establishes a link between you. It is advisable to understand the level of data security within your third parties (if possible) before working with them. As there is a chance that a breach affecting them will also cause trouble for you.
Data minimisation is a key tenet of Europe’s new law for a reason. By drastically reducing the amount of data that you process, you are further reducing the impact of a data breach with the added benefits of freeing up some more room for storage. A Data Protection Impact Assessment will put you on the path to sensibly minimising.
“IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.” – Nicole Eagan
‘Internet of things’ (IoT) devices now present a risk to your data security as well. Your watch, your car or even your kettle have become connected, consequentially they have also become vulnerable. It was reported recently that a casino was hacked through a digital thermometer in one of its fish tanks – allowing hackers to extract important information as it was connected to a main database. Something as innocuous as a thermometer is now a vector for risk.
With that said, it’s not very likely that your kettle will be hacked. The real risk lies in the smaller, sensor based technology that is used to often regulate temperature or control infrastructure. Units like these could be a huge oversight in your data security practice, so take inventory of these devices and ensure they are protected.
As the world becomes more connected, data security will become exponentially more important. Older risks and current problems must be looked after, but as with anything in technology, it’s imperative to keep an eye on the future landscape – to be prepared for new threats.
Share this article