Business Newsletter December 2017
INCLUDED THIS MONTH:
- Predicted Cyber Threats 2018
- The growth of Cloud Computing
- Security within the Workplace
Predicted Cyber Threats of 2018by Jezz Gobran
The last few pieces I have written have had a GDPR focus and not surprising given we have only 6 months until D-Day. I thought this time with New Year around the corner it would be worthwhile looking at what is likely to be the biggest cyber threats of 2018 and what this means for your business.
Crime as a service
We've seen software as a service(among other things) for a while now and no doubt you will have some 'as a service' from CSCM. But in 2018 it is expected that with the cost of cyber attacks being pennies or free to facilitate the increase in people offering such attacks is on the rise and these attacks don't require large numbers of people, just a knowledge of 'how to', Google, YouTube and the dark web can all help with this.
Internet of things
Over the last few years more and more devices/electrical items are being connected to the internet, in many cases little or no consideration has been given to the level of security on those devices and on the whole once they are connected to the internet, there is nothing to stop someone accessing those devices and in turn the network or router they are attached to.
One to watch this Christmas are the toys brought on Ebay (typically from China) at little expense or no postage cost. There is a reason they are cheap!
A supply chain has always been an issue and will increase in 2018. Irrespective of how robust your own business is, a weak security position of your suppliers is the easiest way into your business. For many businesses they simply take their suppliers at face value when they are told that they are secure. Ask questions, go to see for yourself the measures they are taking.
Regulations - GDPR
Everything I have outlined above and more is covered under the GDPR where personal data is concerned. Understanding the data you hold, where it is, how it is accessed, how it's managed and protected. It's a risk based approach that's required.
Nothing new again here, hand on heart, how many owners and board Directors truly understand the threats to their business and information through either cyber-attacks or data protection breaches. The answer is not enough and in many cases their expectation is that someone else will be looking after it. Understand the risk, determine the response and make it happen, don't leave it to someone else.
They are all big enough problems on their own, but together,,,,,
If you are the decision maker in your business, do you understand the risks and what you need to do to protect your business from all angles?
To discuss this further please get in touch.
Encryption prevents unauthorised access to your data by keeping communication secure between the parties involved. Data sent from one person to another is scrambled into a code meaning it's unreadable for anyone except the sender and recipient.
As a result data received or intercepted by the wrong person will make no sense as they do not have the key to decrypt it.
If implemented properly end to end encrypted data could take years and years for Cyber criminals to hack into as it uses complex mathematical algorithms and numerical sequences.
The Growth of the Cloud
According to the Cyber Security Breaches Survey 2017, the use of cloud computing is increasingly widespread among UK businesses, with 59% of businesses using some kind of externally-hosted web service(a 10% increase since 2016). Micro businesses in particular have seen a significant increase from 39% in 2016 to 57% in this year's survey. Among all size brands a majority of businesses are now using these services as the image below shows.
Of businesses who use externally-hosted web services:
- 60% store commercially confidential information on the cloud
- 55% store at least some personal data relating to customers, staff or suppliers on the cloud.
To read the full survey findings, click here.
Security within the Workplace
As we come to the end of 2017, we feel it may be remembered as the year of multiple significant cyber-attacks. We expect 2018 to bring more of the same as cyber attackers become more sophisticated. For this reason businesses will need to recognise the importance of investing in their security.
Train employees to make them aware and understand how data policies affect their everyday jobs. Security awareness initiatives fail because simple overviews here and there are not enough. Perhaps create and relate training material specific to an employees own position to make it easier to remember.
The other common failing point in cyber security training is lack of measurement. If you do not monitor the effectiveness of a program, you may not know how well it is working. Use testing services to send fake emails to employees and see if they fall for it. Technicques like these can give you quantifiable performance data and will also keep employees alert.
Lastly by using refresher sessions and reminders such as posters and screen savers you can help embed the security measures that are in place.
Cloud services providers will play a huge part in offering full security packages to businesses in order to manage and monitor their data. If you would like to speak to one of our experts please contact us.
Want to get in Touch?
Contact Us - 08431 668866
Read our Blogs