For the second year in a row, cyber risk and data security have topped Risk.net’s top 10 operational risks for the year. This is no real surprise. However, what has changed in 2017 is the nature of the threat, the omnipresence of the cloud, the near-realisation of the Internet of Things (IoT), and the imminent arrival of new data compliance regulations. These are the common security threats that every business needs to be aware of.

In this post, we will explore the most prevalent internal and external threats facing organisations today. To do this, we will look at the global cybersecurity landscape, paying attention to:

  • the impact of the cloud
  • the threat from cyberattacks
  • the need for data compliance
  • the future impact of IoT

 

1.  The impact of the cloud

Moving to the cloud is advantageous for businesses that want to switch to cheaper, virtual servers and storage instead of maintaining their own expensive hardware on-premises. Many companies have already migrated completely from on-premises or have adopted a hybrid solution.

Microsoft is undoubtedly king of the cloud in the enterprise space – as of April 2017, Office 365 has over 100 million active user accounts. The numbers are staggering and show just how willing organisations are to use cloud technology. It also shows how the cloud has become a fundamental piece of the digital-workplace-jigsaw. Cloud and mobile working allow for more functionality and flexibility, which is how modern knowledge workers want and expect to work.

However, a lot of people have security concerns. Many are worried that their data is at risk in the cloud, that it is more vulnerable to breaches and leaks.

What do you need to do?

Organisations need to make sure they take an inventory of what, when, and how data is being stored. The more security knowledge you have about your data in the cloud, the more you can do to protect your company from common security threats. Organisations need to remain vigilant and proactively look out for abnormal activity on the cloud.

 

2.  The threat from cyberattacks

2017 has seen several high-profile cyberattacks, including the WannaCry ransomware attacks, which affected over 150 countries. However, the way these attacks are reported on the news can sometimes disguise the fact that small to mid-size businesses are at risk too.

Fortunately, most organisations are aware of the risk. One survey found that 74% of world’s businesses expect to be hacked in the next year. Unfortunately, only 14% rate their ability to mitigate cyberattacks as effective. And, what’s even more alarming is that 60% of small companies go out of business within six months of a cyberattack.

The threat posed by cybercrime is changing. Recent years have seen an increase in nation-state sponsored attacks, as was allegedly the case with the Sony attack in 2014. If national security reports are correct, this was an unprecedented attack from a nation-state on a private company.

The other change is that hackers are now actively targeting the reputations of companies, knowing that they will pay to avoid any embarrassing breaches. This is particularly powerful in the era of social media, where news spreads fast.

What do you need to do?

Keep on top of the latest threats and always update systems and devices. Companies like Microsoft are working hard to stay on top of all common security threats, and want to help their customers do so too. Following their security updates can be very useful. When it comes to mitigating cyberattacks, knowledge is power.

 

common security threats

3.  The need for data compliance

From May 2018, the General Data Protection Regulation (GDPR) will apply to all businesses that handle the personal data of EU citizens. Any business that handles personal information – anything which can be used to identify someone, e.g. name, location, email address, social media posts, IP address etc. – will be accountable. And there are large fines for non-compliance – up to €20 million or 4% of an organisation’s global annual turnover.

The main goal of the legislation is to give private citizens more control over their personal data. Following several high-profile data breaches, the public has grown cautious about what their data is used for, where it is stored and how long for.

Over the last 20 years, there have been unprecedented shifts in how consumers use the internet. It is generally accepted that the changes are long overdue, so the GDPR will better reflect today’s ever-changing digital environment. In terms of security, the GDPR is undoubtedly a good thing. It will reduce the number of data breaches and protect people’s data.

What do you need to do?

To become GDPR-ready, you may need to hire a Data Protection Officer. As part of the GDPR, any organisation over 250 people is required to, but many smaller companies are doing so anyway.

 

4.  The future impact of IoT

Many businesses already have a problem with the number of devices their employees are bringing into work, and the Internet of Things (IoT) is only going to make security matters more complicated.

It might seem like IoT is everywhere already, but the truth is the era of smart technology is only just beginning. IoT devices are set to proliferate with reports claiming that there will be over 40 billion active connected devices by 2020, and hackers will increasingly target these devices as they are introduced into our homes.

What do you need to do?

Stricter Mobile Device Management (MDM) is important. The key is to have good security protocols for all devices used at work. This can be complicated with extensive BYOD schemes, but it needs to be done. But, perhaps even more important is multi-factor authentication, where someone can only gain access to a system if they can provide several different pieces of authentication.

 

Are you prepared?

To make sure your business is prepared for all common security threats, you can read the CIO assessment Whitepaper or contact us here.

 

common security threats