2018 looks to be a year where more importance is placed on information security for businesses than ever before. Viruses and data breaches will continue to present themselves as threats, leading to downtime, data loss, and rising expenses, but they won’t be the only ones. Here are 10 information security threats that will challenge IT data management and how they can be addressed:
1. Adopting new tech too early
While new technology tools may seem like a great idea functionally, that doesn’t mean they are the safest thing to use on a secured network. Early adopters often face security issues and bugs. This was the experience of many universities that adopted Windows Vista in 2006 when it launched. Waiting a few months for general antivirus and firewall definitions to catch up is a really good idea, especially when sensitive data is on the line.
2. Connecting every device and appliance to the Internet
Sometimes it’s a good idea to keep the power controls, security doors and HVAC system off the grid and programmed by hand. Everything connected to the Internet means that just like the user can have access, so can anyone else who can override controls. Hackers love these sort of connections and can play havoc with any device remotely if they’re not properly secured. Recently, hackers are targeting smart home and other internet connected devices, so it’s only a matter of time before businesses that often have more at stake become targets. There’s even a malware (Mirai) created specifically for IOT devices, such as routers and security cameras. Secure your devices by setting your own router login and password, rather than relying on your ISP’s. Other defenses include making sure the product you’re buying has the ability to be updated with new software.
Software and systems have long been at the forefront of security protections, but according to the Harvard Business Review, “As organizations have come to rely more and more on data-driven algorithms, risks are increasingly present in the data itself.” From biometric systems to voter fraud, anything that relies on an algorithm for its digital decisions has a core vulnerability when that algorithm is compromised. And that’s easy to do if an intruder can get access to the algorithm itself. A redundancy system located in the cloud, so it can always be recovered, can offset related information security threats.
4. Welcome to politics
If a company has sensitive databases, it’s likely someone in a foreign government office is thinking about how to hack it. Big companies can often be targeted by rogue government states for any information that can be used to create wealth, find blackmail weaknesses or cause disruption via state-sponsored hacking groups. Again, disconnecting convenience via access to the Internet provides an effective defense, as does encrypting data, taking every precaution to ensure your servers and databases are protected, and utilizing reports and logs of frequently changing files. Such reports may highlight intrusions such as ransomware where a higher than usual number of files are being renamed, moved around, or encrypted. By backing your data up to the cloud, you can access these reports while simultaneously creating a reliable backup of your data that you can restore from when disasters strike.
5. Unreasonable executive demands for work performance create risky behavior
Executive management frequently push lower level organizational work tasks. Unreasonable pressure can result in reporting up that everything is “okay” and on schedule when it’s not, leading to rushed work that may be subpar. This “yes-man” behavior to avoid executive disapproval can hide real IT risks and cover up vulnerabilities. In their urgency to complete tasks, employees may not follow all their development precautions, may go forward without testing, and may go live without security checks. Executives need to remember to aim for what’s feasible and insist that subordinate managers report accurately.
6. Independent security research is being litigated into silence
Software companies are increasingly suing on slander and libel grounds when researchers point out their security vulnerabilities, which can often hurt sales. This issue often comes into the forefront when vendors and researchers don’t see eye to eye on the grounds of vulnerability disclosure. With vendors wishing that issues be disclosed prior to a solution being implemented, and researchers publicly posting a vulnerability in order to force a vendor’s hand to create a patch, legal battles are bound to ensue. To keep security up to par, vendors and researchers will need to work together to patch and report vulnerabilities quickly in order to minimize the damages and keep consumers safe.
7. Insurance is less attainable
Cyber insurance is designed to address unforeseen damages to a company, such as hackers and viruses. However, in light of high cost attacks and their growing frequency, insurance companies are raising premiums and deductibles. This often makes the cost of insurance unaffordable to some companies, especially those that are deemed “high risk.” Many insurers are limiting their policies to $100 million. To put that into perspective, Target’s data breach in 2013 ramped up over $260 million in costs. Data loss prevention, virus and hacker protection are becoming far more important, as a result — especially for companies who opt to forgo their premiums and go without cyber insurance entirely, or on a plan that offers less coverage than they need.
8. Relying on bureaucracy
Government agencies are getting proactive cybersecurity regulations. While mandated cybersecurity defenses, like having physical, technological, and administrative protections to reduce data breaches and hacks can create a foundation for cybersecurity, businesses must be careful not to rely on this foundation entirely. Cyber attackers don’t answer to regulations or play by any of the same rules, so businesses must go above and beyond minimum regulations to cover all of their vulnerabilities and keep threats at bay.
9. Privacy vs law enforcement agencies
New companies with market-disruptive new products or services will trigger more government reaction being seen as information security threats. With governments getting more involved with tech companies, bigger issues can arise. Apple recently fought against the FBI to create a backdoor to their OS, which Apple argued would allow hackers to break into iPhones. In order to keep technology secure, businesses will have to take a stance and get more involved in policies to protect their rights and the balance between law enforcement needs vs rights to privacy.
10. Internal personnel
However, despite all the above, the biggest risk among information security threats remains people, particularly internal employees and partners not following IT policies. No matter how robust a system, one person can compromise it. Eric Snowden and the NSA leak incident are a clear example of this. Your employees can create information security threats, both intentional and unintentional. To limit these threats, you’ll need to set technological safeguards, such as cloud backup for data to thwart accidental and purposeful data loss, employee training to limit physical and technological security vulnerabilities, and more.
Threats to information security can live both inside and outside your organization. By following the tips above and securing against these 10 information security threats, you can keep your business data protected and limit repercussions.