[BreachExchange] Cyber security and data privacy: what are you over-looking?

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jul 16 21:23:35 EDT 2018


https://www.itproportal.com/features/cyber-security-and-
data-privacy-what-are-you-over-looking/

Not a day seems to go by without news of another data breach or cyber
security threat hitting the headlines. From Talk Talk and Tesco to Adidas
and even Fortnum and Mason, no organisation is safe. That’s without
mentioning wider issues around how organisations are using people’s data.
Facebook and Cambridge Analytica have been under the spotlight, and Google
also recently confirmed that private emails sent and received by Gmail
users can sometimes be read by third-party app developers, not just
machines.

When it comes to cyber security and data privacy, there are almost endless
scenarios to consider. While cyber attacks and breaches are often referred
to in the same way, there are actually many different types of threat, that
all access and attack systems in various ways. Added to this, they are all
constantly evolving to stay one step ahead of attempts to thwart them.

As such, the term ‘know your enemy is key’. From phishing, spear-phishing
and whaling, ransomware and malware, to ghostware, blastware and DDoS,
keeping on top of threats is increasingly difficult – especially because as
soon as a solution to one issue is found, another version pops up. Cyber
security isn’t just an issue of time and resource for organisations; it can
also be one of cost. Indeed, according to Gartner, cyber security will cost
businesses $96 billion in 2018.

In addition, organisations are having to respond to increasing customer
awareness about the value of their data growing pressure to not only keep
it safe from malicious attack, but also use it responsibly, and not exploit
it in the way organisations such as Cambridge Analytica have been accused
of.

Of course, customers aren’t the only ones applying pressure when it comes
to data protection. GDPR has transformed consumer data best practice across
all sectors. It is also playing an important role in placing the power
firmly back where it belongs, in the hands of the consumer.

Increased regulation, such as GDPR, which promotes better handling,
collecting, storing and processing personal data is to be welcomed, as is
increased awareness of the various cyber threats. However, with so much
focus on the ‘big’ issues listed above, organisations are increasingly over
looking some serious security and digital privacy vulnerabilities.

So, what are the key areas that are often overlooked?

1.    Bring Your Own Device (BYOD)

The way people work is rapidly evolving, enabled in large part by advances
in technology. In many ways, this is a hugely positive thing as employees
are able to work anytime, anywhere. However, the use of personal
smartphones, tablets and laptops to carry out business does increase the
risk of data loss – either through human error or by providing a way in for
cyber criminals.

A study from Ovum found that 79 per cent of employees found that BYOD
enabled them to do their jobs better, but nearly 18 per cent claimed their
employers IT department had no idea they use their own devices for work.

2.    The Cloud

Cloud computing is convenient, increasingly popular, and is generally
considered to be secure. However, this is not always the case. In a public
cloud, all data is stored within the provider’s network, and, as such, is
open to attack. Even a private cloud, which is not open to the world, with
data stored in a private network, is still not infallible.

As both public and private clouds are essentially centralised systems with
just one point of vulnerability, it is relatively easy for someone to
‘leave the door open’ either through incompetence or maliciously.

3. Voice and video

Many organisations also fail to consider how telecoms, and increasingly,
video factor into their overarching cyber-security strategy. Of course, it
is essential for any business to have effective communications, from
informal conversations between colleagues, to confidential client
discussions. However, voice and video are just as susceptible to hacks as
other systems.

This is especially true when it comes to VoIP. Every communication made
over IP – including voice - is potentially valuable to hackers and open to
attack. This isn’t something organisations tend to consider when using
Skype, for example, but voice and video should be treated with the same
attention as any other security and data risk.

4. People

All too often, people are the weak link in the security chain. This is not
always malicious, but human error is a huge cause of cyber attacks and data
breaches. IBM’s 2016 Cyber Security Intelligence Index found that more than
60 per cent of corporate breaches were caused by employees or others from
inside the organisation. Of these more than 30 per cent were accidental.

Huge issues can arise from something as simple as sending information to
the wrong email address, losing a phone or laptop or using default
passwords. Then there are also the situations where employees wilfully
cause security attacks or leak data.

Fortunately, there are key steps that organisations can take to help ensure
that cyber security and data privacy threats are mitigated.

Creating a culture of security

A strong, company-wide sense of security is a vital part of keeping
organisations safe from attacks and data breaches. Each employee should be
aware of relevant risks and threats and the role they can play in
mitigating these.

Taking control

Digital security and privacy should be an automatic right for businesses,
yet sadly they are not. However, there are ways for organisations to make a
stand and take back control, allowing them to enjoy a private and secure
digital life.

Solutions – such as Siccura – are available which enable businesses to
control all data through a centralised administration system, synchronise
all business email accounts, track all business communication and data and
encrypt all files.

Covering all bases

As there are so many ways that attacks and breaches can occur, it is key
for any comprehensive security strategy to take advantage of a solution
that can cover not just email, but instant messages, SMS, voice and video
calls, servers and any documents and files stored on cloud, local and
removable storage, across a wide range of devices.

Not only this, organisations also need to consider whether they have the
ability to take back, block access to and destroy data if necessary, for
example if an employee leaves or if an employee’s phone, which they have
been using to access company emails, is lost.

Keeping it simple

An organisation can implement the most robust security measures there are,
but if they are not intuitive, simple and easy to use, employees will find
ways to side step them, which defeats the object somewhat!

There is no escaping the fact that the way people work is changing and any
draconian security measures that don’t enable flexible and agile working
will not be effective. Leaders need to find solutions that can offer
complete security, while also being easy and practical for all employees to
use.

Cyber security and data privacy may be big issues for businesses of all
sizes, but with the right approach and by taking advantage of innovative
solutions available to help combat cyber threats, organisations can take
back control of their digital lives.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180716/83a52aba/attachment.html>


More information about the BreachExchange mailing list