In the era of the internet, protecting an organisation’s information has become just as
important as setting up business capital. Information is considered the lifeblood of a successful and profitable business. Throughout Australia, organisations are constantly adopting innovative cyber security and privacy safeguards to manage threats and achieve competitive advantages. With the increasing volume of data being produced and stored, SMBs and large corporations are now prioritising the adoption of security policies around how their information is stored and secured.
Developing proper policies minimises risks and prevents incidents. With this in mind, we’ve identified three of the current biggest cyber security risks for Australian businesses.
1. Security is a moving target with the adoption of IoT
Cyber security breaches are likely to increase as connected devices proliferate the market. Gartner forecasts that 8.4 billion internet-connected devices will be in use worldwide in 2017, up 31 per cent from 2016, and will reach 20.4 billion by 2020.
Each of these devices presents a potential cyber security loophole in a wider IT infrastructure. Given their increasing reliance on internal computers and internet connectivity, everyday devices like factory equipment, mobile phones, cars, air conditioning and hearing aids could find themselves increasingly at risk of cyberattack.
This risk is particularly concerning for healthcare. Worries have been raised around the possibility of people having personal medical devices (such as pacemakers) hacked, particularly as they begin to feature more online integration.
It’s apparent that there needs to be an increased level of investment in IoT security as soon as possible. IT managers need to be taking stock of IoT devices in the office, and looking to minimise risk through any means possible.
2. Ransomware will continue as a growing threat
Ransomware is a surprisingly old technology, dating back to the late 1980s. But it’s only recently that the public have become widely aware of the threat it can pose to businesses and personal users alike. This year’s WannaCry ransomware strain affected hundreds of thousands of computers the world over, making huge headlines in the process.
While Australia was only minimally affected by the WannaCry strain, around a month later a different strain called “Petya” hit our shores. This was significantly more disruptive; unlike most ransomware, which typically relies on people inadvertently running malicious software, Petya was able to run legitimate IT administration tools, grabbing key passwords and data for system access in the process.
Three Cadbury factories and law firm DLA Piper had their operations knocked out as a result of the attack; although 11 successful attacks were initially reported, it’s quite possible that there were more successful attacks which went unreported for fear of reputational damage.
Ultimately, both WannaCry and Petya shone worrying spotlights on how easily system vulnerabilities can be exploited by those with malicious intent.
Ransomware attacks don’t necessarily steal data – but may irretrievably encrypt it, and render it useless in the process. Having key data wiped out can have dire consequences for any firm, potentially even leading to the end of the business. It could also lead to substantial reputational damage, undermining client trust.
The effects of ransomware are often compounded by lax or irregular back-up and updating procedures; losing some work during a ransomware attack is near-inevitable, but many businesses are not taking the necessary steps to secure their data for rapid restoration. Sometimes, the most obvious ways to prevent and recover from cyber security breaches are also the most overlooked. It cannot be assumed that everyone on staff is an IT expert, or even familiar with basic IT precepts. Staff need to be effectively educated on the importance of basic security techniques, such as passwords, not opening dubious emails or downloading from questionable sites. Additionally, regular updates and/or training sessions should be held when new threats are identified – this will help keep staff up-to-date and prevent issues arising.
An important facet of this is also regularly downloading updates for your software; these updates help plug cyber security gaps and exploits in your software. Part of the reason WannaCry was able to spread so readily earlier this year was because people simply weren’t updating their computers, and the ransomware was able to exploit a gap found in older versions of common programs.
3. Bring your own device (BYOD) is an issue that needs to be controlled
Bring your own device (BYOD) policies are rapidly increasing in popularity across a number of industries. This certainly has its pros and cons; With BYOD businesses can keep hardware costs down, while enabling staff to work more efficiently as they utilise devices they’re already familiar with, rather than having to work with office-mandated pre-sets. However, BYOD also contains an element of risk for cyber security. With devices also being used for personal purposes, it’s possible that the office network could accidentally become infected by outside threats as a result of staff carelessness. Disgruntled staff could potentially exploit their access to company data for nefarious purposes. Additionally, the risk of losing valuable information can be increased, as people are not necessarily always connected to a central server while working.
With that said, BYOD is very effective for some workplaces, and there are numerous ways to manage the risk; some companies utilise specific apps or web-based programs. This helps maintain the positive attributes of BYOD while also allowing a relatively closed system. Importantly, data can still be centrally controlled. Access to information can be adjusted in real time, in the event staff are abruptly terminated, or decide to move on to a new role.
Importantly, if a cyber security breach does occur, it will be much easier to determine the source.
Click here for more PR Blogs.