As businesses unwind for the holidays, many may take stock of the multiple data breaches, which exposed both corporate and customer data this year. Though some people might assume the festive period is a quiet one for hackers, this is certainly not the case. If anything, businesses could be more vulnerable than ever thanks to the fold of IoT devices expected to be gifted this year. By Martin Walshaw, senior engineer at F5 Networks
The recent DDoS attack of web hosting company OVH using hacked devices provides yet another example of the escalating security threats faced by businesses. It is clear the range of security threats are growing both in size and sophistication, and the chance of businesses being hit by an attack is ever more likely. Before you set off on the Christmas break, consider these five security trends to ensure your business is adequately prepared:
It’s beginning to look a lot like IoT
With one in three people expected to receive IoT devices in their stockings this year, businesses need to be aware of the risks this will pose. Vulnerabilities in the wave of smart, connected devices flooding the market makes them easy targets for cyber criminals, who are beginning to utilise more and more ‘dumb’ devices, such as CCTV cameras.
The OVH example mentioned above will provide a blueprint for other copycat hackers – who, in a couple of clicks, can harness the power of IoT devices and cause havoc via massive DDoS hacks, capable of bringing down company websites and operations. Organisations must be wary of IoT devices, which, although heralded as the future, ultimately provide another vector for cyber criminals to leverage. Businesses need to ensure that they have a DDoS mitigation strategy in place and clear plan, should they be targeted.
POPI is coming’ to town
The Protection of Personal Information (POPI) Act has not yet come into effect, but considering it will take most organisations years to prepare for, it should be on every firm’s agenda. With stricter penalties, such as massive fines and possible prison time, businesses need to get their IT infrastructure in order fast. Elements within POPI around data privacy might cause problems. This is because, for many organisations, the extent of customer data they actually hold is unknown, both in terms of quantity and location.
The biggest challenge organisations face is trying to understand just how much data they are responsible for. Getting caught out by a breach in the future, or data demands from customers, could inflict major damage on the bottom line and harm customer loyalty.
Joy to the cloud
As a business enabler, organisations are becoming increasingly more comfortable with moving their infrastructure into the cloud. Yet, many security concerns remain. Are companies aware of how to operate securely in the cloud or who even holds the key to their information, considering it no longer resides on premise or in the data centre?
Technology is emerging to help organisations securely manage their transition to the cloud. For instance, Cloud Access Security Broker (CASB) solutions apply enterprise security policies across multiple cloud services, giving IT teams control over who can access cloud services, while ensuring company data is sufficiently encrypted.
Organisations with a heavy reliance on apps (i.e. most businesses) need to shift their focus more towards the end user and the protection of credentials. The rise of the mobile worker – including those getting in some extra work during the holidays – has resulted in employees using a plethora of apps to access corporate assets from a range of devices and locations. Any weak point in this network, such as a mobile phone infected with malware, can give cybercriminals the key to the kingdom.
If a cybercriminal is able to gain an employee’s domain credentials, they can ultimately access all company information. By switching focus and resources to app-level security and user awareness, rather than solely to more old-fashioned firewall approaches, organisations can better secure themselves.
All I want for Christmas is single sign on
The rise of the cloud has led to an ecosystem of third-party services for businesses to utilise. Employees can access different online portals, from sales to financial services to holiday allowance, all with the same single sign on (SSO) authentication. If an employee left a company, there are concerns that they may still gain access to vital information through their credentials if they are not removed in time.
Companies, therefore, need to invest in a Federated Services technology that can provide a single sign on approach where the authentication point resides with the employer and redirects employees back to the cloud service to seamlessly access the application. By putting themselves in charge of their employees’ credentials, corporations can regain their position as gatekeeper and better protect against fraud.
Failure to recognise or keep on top of developing issues, such as those above, can stop a business in its tracks. Years of best practice and hard-earned customer loyalty can be shredded by a few clicks of a hacker’s mouse. By identifying threats early, investing in the right cyber security infrastructure, and educating users about the cyber security landscape, businesses can keep ahead of the hackers and improve the likelihood of 2017 being a successful year.