[BreachExchange] Five security trends that threaten your network hive

Destry Winant destry at riskbasedsecurity.com
Thu Jul 27 03:39:37 EDT 2017


http://continuitycentral.com/index.php/news/technology/2180-five-security-trends-that-threaten-your-network-hive

A bee hive is an industrious place of team work, communication and
productivity. Worker bees communicate and work together in an
intricate and finely balanced system harvesting pollen and protecting
their assets to produce the highest quality and volume of honey
possible.  Now imagine a vulnerability in one of the entrances to the
hive, and a passing wasp taking its opportunity to force entry, steal,
feed and wreak havoc.

Your business is its own hive of information and opportunist hackers
will seek out vulnerabilities to hack your systems or data. As a bare
minimum, this impact will be significant disruption to your workforce
and possibly irreparable brand reputation damage. Building and
maintaining a positive and visible brand reputation is vital for
business success. But reputation can very easily be destroyed by a
hacker on a mission, much like the aggressive opportunistic wasp.

Many types of businesses are protected by their Guard Bee, the service
provider, from a large scale cyber attack. Increasingly businesses
won’t be targeted by a swarm, but by a single hacker or small group of
criminals, who are more targeted and will spot vulnerabilities in the
network structure that could easily go un-noticed. Therefore, reliable
and secure technology with clear visibility of the network is
essential for today’s organizations. With a growing number of devices
becoming connected, demands for transformative technology, along with
users’ insistence that their data is secure, means the problem is not
going to go away.

The impact of cybercrime and the integrity of our systems to protect
data is a huge concern everywhere. The importance of secure data
combined with policies and regulations such as GDPR means that
organizations are obliged to take the required technical measures to
help keep their customers safe and avoid reputational impact.

The variety of structured and unstructured attacks that cybercriminals
can deploy has increased, and with it, threats relating to cyber
security are growing.  With a constantly changing threat landscape,
businesses must stay fully informed and prepared.

Here we look at five security trends that will shape the way you
secure your network hive.

1. Protecting the honeypot: regulatory developments and the need for compliance
With the EU General Data Protection Regulation (GDPR) set to come into
effect in less than a year’s time, any business that handles personal
data must be well on track towards compliance. Stringent regulation
like this, combined with the obvious reputational damage that
accompanies a data breach, means that companies have more impetus than
ever to protect their customers’ information.

The terms of GDPR ensure that businesses face concrete sanctions for
non-compliance – namely administrative fines of up to €20m or 4
percent of a company’s annual turnover (whichever is greater). In
practice, they have a legal obligation to alert the relevant
supervisory authority and, in some cases the customers affected, of a
data breach within 72 hours of it occurring. This has also been used
by hackers as a ransomware advantage – using this as a ‘threat window’
to give people less than 72 hours to settle the breach, so they don’t
need to disclose.

Data protection must therefore form an integral part of the
architecture of every organization, considering the way people work
and communicate and how it can be done as safely and efficiently as
possible.

2. Stability in flight: data privacy in a cloud-led world
Cloud-based technologies can provide powerful and agile content to
deliver the best customer experiences and flexibility for an
increasingly IT led workforce. All organizations need to balance the
level of importance of the data held, where it comes from, how it is
hosted, and who it goes to (including all interactions with internal
operations, partners, suppliers and so on), with the level of security
measures they put in place.

Naturally, one of the main issues businesses may have about storing
data in a public cloud is the loss of control. If the cloud provider
itself is compromised, your data in turn is vulnerable. Some small and
medium sized enterprises, in particular, drawn in by the affordability
and scalability of public cloud services, may not be fully aware of
the risks presented by outsourcing their data. As mentioned, a hacker
will target a vulnerable network, but won’t always know what he/she is
looking for and will be seeking opportunity. Because it hasn’t been an
issue to date, a service provider may not have invested in its own
security protection. But as their brand builds and they become more
noticed, they will become a clearer target.

Ultimately, whether you secure data in-house or through cloud-based
technologies, the users are responsible. If upgrades and patches to
applications are not made, they can be exploited. However, many modern
businesses are increasingly adopting a hybrid cloud approach, with a
combination of in-house and public cloud-based architecture, which
requires a specific approach.

3. A colony of hives: expansion of data from the Internet of Things
High profile attacks on Internet of Things (IoT) devices, such as the
Mirai botnet, have left businesses pondering how to harness the
undoubted power of IoT without sacrificing security. Whilst threats to
PCs, servers and networked devices are widely understood, there are
many unknown or poorly understood threats that IoT brings. It is
therefore up to the business to ensure that these devices - which are
essentially remote controls for the world to operate - are secure and
remain accessible by authorised personnel and devices only.

Potentially all these devices, if not secured, are open doors for any
malicious organizations or individuals to gain access to internal
networks or the device itself. Consequently, businesses need to ensure
that they seek advice and expertise from professionals that are aware
of the risks and vulnerabilities as well as the mitigation and
prevention methods. It has been predicted that 20 billion connected
devices will be in circulation by 2020, so the problem must be
addressed and rectified before it gets out of control and risks global
security.

4. The Queen Bee: protecting brand reputation
Today’s 24-hour news cycle and the increased coverage of cyber
security in the media means that the impact of a hack or data breach
is far wider reaching than the loss of money or information.

It’s not just customers that are affected if security is breached;
suppliers and partners are too. After a serious attack takes place and
becomes public, the perception by media and social media of the
organization and its partners can nosedive within minutes.

Today, an attack is virtually impossible to contain before anyone
hears about it. Taking years to gain and seconds to lose, reputation
is intangible but should be taken as seriously as the ‘physical’ risks
to a business.

As Henry Ford once said: “you can’t build a reputation on what you are
going to do.”

5. The intricacies of Honeycomb: managing fraud in a multichannel environment
Fraud is well understood and most organizations have dedicated
solutions for this. However, in a multichannel environment, with sales
being taken in one channel and fulfilment handled by another, it’s
easy to become a target for exploitation if organizations do not have
a complete understanding of all the processes involved. Because of
more demand and usage of Internet-led services for small businesses,
cybercriminals are taking the chance to run low cost and low risk
activity that targets less protected systems, meaning that these
smaller businesses more than ever need to take clear steps to protect
the business and their customers.

Protecting your hive and its colony

We are connected to each other day and night, and our technology hive
only works if everyone is working together to protect the business.
There are many important steps that should be taken to help ensure
cyber safety for workers such as encryption and software updates. But
every size of business must consider how the network can help deliver
insight while also protecting your systems and data. Network security
management is an advanced process which must fully map out the
challenges and risks run by an organization. Only by analysing and
defining the landscape first, can a decision be reached on the
security measures to put in place.

A sustainable framework for data governance and security, crisis
management procedures and IT architecture needs to be established to
achieve a strong security ecosystem and should be at the heart of
every piece of technology used. Without it, the damage is not only to
the hive, but to its reputation: if a cyber attack disrupts the
running of the business, your business will go elsewhere.


More information about the BreachExchange mailing list