With new enterprise technology comes new security concerns. Cloud computing, social media, mobile technology, the Internet of Things (IoT), and other technologies are making it easier to access and use business-critical data, but each new technology seems to bring its own risks. With more businesses relying on digital information, the thing that keeps owners of small businesses and CIOs up at night is keeping that information safe from cyber threats.
According to an IBM-sponsored research study, the average consolidated cost of a data breach is $3.8 million, which is up 23 percent since 2013. The cost of a data breach extends beyond the loss of intellectual property or customer records and includes other factors such as liability, loss of business, remediation, and more. The cost of a single stolen customer record is $154, and if customer records are compromised, the laws in 48 states require timely notification of every party affected, which adds more expense. And while more businesses are investing in cyber insurance, research shows that most companies are woefully underinsured; Target reported losses of $252 million following its 2013 data breach but the company was only insured for losses up to $90 million.
Stopping every threat to your data security may be impossible, but you can prevent most security problems once you understand what to expect.
1. HackersMalicious attacks have always been a problem and hackers are still targeting networks. Depending on your business, your data could be more or less attractive to attack. Retailers, for example, are targets because they store transaction information, such as credit card data, which has immediate value. There are new technologies in place to protect credit cards, such as EMV chips, that make it harder to steal data, but hackers continue to try. Medical records are more valuable on the black market since they contain social security numbers, Medicare data, prescription information, and other sensitive personal information that can be used for various types of high-profit fraud.
2. RansomwareLike hackers, ransomware has been with us for some time, but the problem is growing. Ransomware typically works by infecting a computer or server with malicious code which is usually introduced through a phishing attack, a browser extension, or unauthorized software. Once infected, the code encrypts files, locks the computer screen, or disables the system until you pay a fee to unlock your system. Anti-malware solutions can eliminate much of the ransomware, but some may still creep into the system.
3. IoT ZombiebotsIoT is booming and IoT technology is hackable, like anything else. Even smart cars are vulnerable to attack, as proven by hackers who have already figured out how to take over a Jeep Cherokee or hotwire a Tesla S using a laptop. As IoT technology makes its way into other aspects of network computing, new IoT hacks will be developed, including using IoT devices for botnets. Hackers will be able to take over CCTV systems, smart TVs, and other devices and use them to launch attacks on specific targets, such as banks. It’s difficult to know if your smart toaster has been taken over as the newest recruit in the IoT zombiebot army.
4. Mobile EnterpriseMore users are demanding data access from handheld devices to enhance productivity. Whether you are enabling BYOD so employees can use their own devices to access company data, or you are issuing your own smartphones and tables, mobile technology brings added risk. Laptops and mobile devices often access the Internet from public Wi-Fi hotspots that are extremely insecure. Mobile devices can be lost or stolen, which could give thieves access to the company network. And then there are new potential threats, such as law enforcement gaining access to mobile data. Following the San Bernardino shootings, the FBI announced that they were able to break into one of the attacker’s iPhone to retrieve evidence. If that’s true, it means that any mobile device seized in the commission of a crime, even a routine traffic stop, could be unlocked and its contents exposed, and if law enforcement has that capability then the bad guys can’t be far behind.
5. Careless UsersBy far the biggest threat to network security is users. Employees download unauthorized software, add illicit browser plug ins, move sensitive data to insecure locations, and do other things to undermine data security, whether it’s intentional or not. For example, employees in a department will share passwords to access database files or other intellectual assets. Or a careless worker leaves company passwords on a note taped to a terminal. There are dozens of ways to compromise company data security and not even realize it.
There was a time when data security was mostly a matter of having a strong electronic moat around your network, but today you have to secure data inside and outside the network. That requires strong authentication and data encryption. You also have to make sure that you have the latest anti-malware software and security systems in place to filter out inbound threats.
Most important of all, you need to have strong security protocols and best practices in place to make sure that data is stored securely, passwords and authentication strategies are updated regularly, and users are properly trained to be security conscious.
It’s always challenging to police your own organization. It’s easy to overlook an insecure system or protocol that could unlock access to the rest of your network. That’s why it’s best to work with outside professionals who understand network and cloud data security strategies.
Are there other IT security threats we should be talking about? Let us know in the comments below!