So you think you’re digitally secure… but have you forgotten something?

August 16th, 2019

It’s 2019, and it seems that everyone is now battening down the hatches with their security framework strategy. It’s long been known that with the rise in cloud adoption and the mobilisation of identities, devices and data, the role of security has become ever more prominent and multi-dimensional. It is comforting to believe that all your data and devices are secure and protected, however most of the time this is not the case. Here are the three key areas for you to consider as part of your security strategy in 2019.

Secure your data – everywhere

No matter where you store your data, whether it’s on your PC, a server, or on the cloud, you can’t assume its guaranteed security. Your data is one of your most important and valuable assets. For that reason, you should care how it’s protected wherever it is and wherever it goes. How do you do this so you can get on with your day-to-day tasks without worrying about your data being vulnerable? The answer is by using data protection software such as Azure Information Protection. AIP is the fastest growing component in the Azure stack. So, what is it? It is document level security where every single time protected data is viewed, a check is done to see if the person viewing the file is permitted to do so. It can block users based on company, employment status, date, and a lot more, no matter what device they are viewing the file on, even from a USB. Having this level of security is the only way to guarantee full protection of your data.

Managing weaknesses in end point devices, specifically the Internet of Things (IoT)

With the increase in use of third-platform technologies hackers are finding it easier than ever to break into your network. Third-platform technologies include the cloud, mobile and social technologies. The higher risk comes from it being much simpler to detect a poorly protected or managed endpoint device.

This risk is especially high with IoT devices, which are increasing in popularity and use. In our digital world, you now have everything from your washing machine to your house keys connected to the internet. Why is this making it easier for hackers? Often these IoT devices have default credentials that are never changed, and easily found online. They are also designed for continuous connectivity to your network.

In the last year, risks from end point devices have risen significantly, with 64% of organisations suffering from zero-day attacks at their endpoints1. A zero-day attack is an attack that occurs on the same day a weakness is found in your network, giving you no time to fix the weakness before it is exploited. This kind of attack happened to Jeep, when in 2015 “Chrysler announced a recall for 1.4 million vehicles after a pair of hackers demonstrated… that they could remotely hijack a Jeep’s digital systems over the Internet”2. “They remotely hacked into the car and paralysed it on highway I-64… They could even disable the car’s brakes at low speeds”2.

So, what do you do to protect yourself and your organisation from zero-day attacks? This year’s security planning will need to be updated to include some serious endpoint device security strategies and properly structured IoT frameworks.

Targeted phishing attacks

An online phishing attack involves using electronic communications to take advantage of you, by tricking you into giving away personal data such as login credentials and credit card numbers. While these attacks have been around for a long time, being able to spot them has become increasingly difficult as they increase in their complexity. We are much less likely to be asked for money by a Nigerian prince nowadays. Instead, scammers are more likely to duplicate the look and feel of your banking institution or another familiar source in order to trick you into giving away valuable data. Not only this, but scammers are now becoming able to specifically target individual users, making it much harder to discern real communications from fake. These scammers are now also able to target users based on highly localised, geo-based and personalised phishing threats.

Phishing threats have increased by 297% in the last year3, so it is more important now than ever to ensure everyone in your organisation is highly aware of how to spot these attacks, so that your business’ security or data is not breached. “No matter how hardened your IT security measures are, your users will always remain the weakest link in the security chain”4.

Based on the three key digital security trends we have mentioned, how does your organisation’s security stack up? Security strategy will need to be a major focus for organisations this year, with the cloud becoming a more important part of your digital ecosystem. You will also need to be keenly aware of how the Internet of Things and end point devices impact on your security efforts, and ensure your entire team will not be blinded by the clever phishing attacks that are becoming even more prevalent. If you’re worried about how you are going to tackle these challenges in the coming year, or want to know any more information about what security strategy will work for you, contact us to ensure your organisation is protected and ease your concerns.

By Isabella Mitchell