Digital threats are becoming increasingly sophisticated, therefore it is essential for organisations to ensure they are equipped with a high level of security protection and sufficient security management to mitigate against these threats. As enterprises step up their use of IoT devices, developing a thorough understanding of the new IT security risks still remains the biggest challenge for companies.
According to a Gartner’s report[1], more than 65 percent of organisations will be deploying IoT products by that year by 2020. It also reveals that by then more than 25 percent of identified attacks in enterprises will involve IoT, although IoT will account for less than 10 percent of IT security budgets. While data security and software updates is top priority, it is equally important to ensure that strenuous security measures are in place to protect hardware, employees and other assets ensuring they are secured before they become a potential window of access.
A recent Cisco study[2], that compared 11 countries in APAC, found that 90 percent of Australian companies deal with 5,000 threats per day, with 33 per cent of them hit with 100,000 to 150,000 attacks daily. As the number of attacks continue to rise, security experts need to understand how safe a system is in order to protect against an attack.
Below are some of the key best practices for businesses to help understand and identify potential gaps in the security environment and how to plug these.
- Sideline “fat-fingers”
It is hard to believe that a “fat-finger” mistake can cripple a company’s operational efficiency, and often with devastating consequences. Realistically the odds are high that sensitive attachments could fall into the wrong hands if an email is accidently send to the wrong person, for example. While many cyberattacks are caused by an external source, human error is one of the highest causes of data breaches or financial loss.
According to the recent NDB Quarterly Statistics Report: January–March 2018[3], human error was reported to have caused more than 50 percent of reported data loss. To avoid this, organisations must keep track of how its devices are used and continually enforce best practices in security, as an example having employees go through additional authentication steps when using external devices. Interestingly, data[4] from last eight months since the notifiable data breach (NBD) scheme came into effect shows that 59 per cent of privacy compromises have come from malicious attacks and 36 per cent of businesses that reported a data breach happened because of simple human error.
Partial automation, especially around cloud provisioning or database configuration, helps to minimise human involvement and reduce the chances of mistakes. Allocating resources correctly and having security guidelines on acceptable and dangerous behaviours regarding use of passwords and what data can be stored on private devices is also critical to avoid these “fat-finger” mistakes.
- Assess your infrastructure
IT security and infrastructure assessments are crucial for companies of all sizes in order to maintain a functioning business. It is highly also highly important to conduct network assessments and audits on a regular basis to identify and prevent any security vulnerabilities. Post the audits it is recommended routinely backup data by reorganising and storing it on external drives, servers or the cloud.
While assessing infrastructure for holes, IT professionals should ensure the infrastructure is safe from viruses, malware and other malicious software. It is mandatory in the current climate of attacks to get a clear picture of all the IoT devices, both authorised and ‘rogue’ that are being used by the employees and contractors in the course of their work. It is also key to have all the devices protected by anti-virus and anti-spam software, whilst also undergoing regular software checks.
Do not forget the physical infrastructure though, it is a potential open-door for data theft as it stores a large portion of business crucial information; however people tend to prioritise it below the digital infrastructure.
- Integrated security strategy
Managing security is no longer confined to a single on premise office location, as businesses continue to expand their online capabilities and more workers connecting to networks remotely, central endpoint protection has never been more critical. The additional layers of complexity that come from increasing cloud and IoT offerings also makes an integrated endpoint security system almost mandatory.
Having an integrated security model that unifies IT and physical security sits at the core of a solid network defence, helping to monitor threats whilst putting strategies in place to avoid assets being comprised. Identifying redundant or outdated software and leveraging on software patching can support process security efficiency ensuring the systems are current, up to date and protected. This enables organisations to react faster in the event of a threat in a cost and time effective manner.
A solid asset management program for IoT devices, an accurate view of inventory, access control to prevent files being encrypted with ransomware and application control to stop devices outside the authorised geo-location from executing applications, are some of the must-do steps. It is only by understanding and identifying potential gaps that companies can truly position themselves as off limits to the ever evolving threat environment.
[1] https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf
[2] https://www.theaustralian.com.au/business/technology/cisco-report-australians-dealing-with-more-cyberattacks-than-any-other-country-in-asia-pacific/news-story/ebcaefb2326271f6d7bf0e12ebc9ef57
[3] https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics/Notifiable_Data_Breaches_Quarterly_Statistics_Report_January_2018__March_.pdf
[4] https://www.smh.com.au/business/small-business/human-error-to-blame-for-30pc-of-data-breaches-commission-20181010-p508u7.html
