Taking steps to thwart the 5 top data security threats
To say 2017 was a tumultuous year for the cybersecurity industry would be an understatement. Indeed, last year cybersecurity further cemented itself as top concern spanning industries, cultures and continents. And we saw emerging trends take hold, like the thinning line between cyber threats and physical threats and the rise of politically-motivated data leaks.
In response, organizations can better mitigate risks and proactively combat future threats by applying lessons learned from the past year, and by gaining a greater understanding of these threats to prepare for what’s ahead.
Toward that effort, here are some of the top challenges that IT security professionals and their employers should proactively prepare.
1. Take preventative and proactive steps to protect critical infrastructure
Electrical grids, public transportation systems and other critical infrastructures are becoming increasingly attractive to cyber criminals. The National Infrastructure Advisory Council (NIAC) has warned that public sector and private sector organizations alike are failing to defend critical systems from aggressive cyberattacks. As almost all facets of modern life involve or rely on critical infrastructure, too much is at stake to depend on a reactive approach to cybersecurity.
Apart from employing predictive technology solutions to combat threats, businesses must implement a continuity plan to ensure operations continue despite interruptions of any kind: power failures, IT system crashes, natural disasters, supply chain problems and more.
2. When it comes to GDPR, time is of the essence
The EU’s General Data Protection Regulation (GDPR) will fundamentally alter the way companies collect and handle the personal data of EU citizens, affecting all U.S. organizations that process, store or secure any type of data on EU citizens.
It’s important to note that both data processors and data controllers must follow these rules, meaning the cloud and software solutions will not be exempt from GDPR enforcement. GDPR defines a controller as an entity who “determines the purposes, conditions, and means of the processing of personal data,” while the processor “is an entity which processes personal data on behalf of the controller.”
As the May 25, 2018 GDPR compliance deadline nears, U.S. companies can avoid hefty fines by conducting a comprehensive data storage assessment to ensure they have the adequate data security measures in place and that data protection plans are updated to fulfill GDPR requirements. IT leaders should also prioritize assessing an organization's cloud storage and software solutions for GDPR compliance, which are prone to breaches and may be more challenging to ensure compliance.
3. Don’t overlook state-sponsored threats
For cybercriminals working for foreign entities, any sensitive data is relevant, not just that of government agencies or political figures. The rise of state-sponsored cyber threats has broad implications for every business and their intellectual property.
State-sponsored hackers often rely on traditional hacking tactics like spearfishing in an effort to blend in with regular network traffic. Businesses can help protect themselves and their customers by enhancing prevention efforts through layered defenses including routine security testing, threat intelligence, employee education and continuously-monitored breach detection.
4. Gear up for a battle of AI vs. AI
Artificial Intelligence (AI) is becoming a double-edged sword, with organizations looking to AI to mitigate risk and cyber criminals using the technology to do their work more efficiently and effectively.
While leveraging AI capabilities to enhance multifactor authentication and other security measures is critical, companies must understand that hackers can harness the power of AI with malicious intent. Remaining vigilant in following the latest in threats and attacks, as well as critically assessing AI platforms can help organizations balance both the opportunities and the risks of AI.
5. Recognize the new wave of threats brought on by the Internet of Things (IoT)
As the explosion of new connected devices continues, the range of attacks and vulnerabilities will also increase. There may be as many as 25 to 50 billion devices by 2025, according to studies. With the growing interconnectedness of IoT devices, there are too many single-points of failure and sensitive personal information being collected, making these devices prime targets for advanced hacks and ransomware.
While software developers need to anticipate security vulnerabilities, businesses must also integrate IoT-specific precautions into their response plans. System administrators must understand the inventory of where these IoT devices are, their connections and how to update them. Similarly, employees should be trained on the risks of using connected devices to access company-owned information.
It should come as no surprise that cyberattacks will only continue to grow in complexity and scope this year and in the years to come. While the forecast may be ominous, organizations have an opportunity to take proactive security measures that help safeguard intellectual property, employees and customers.