Companies are not always up to date with the latest security risks, nor do they consistently take a security and compliance approach that is holistic enough to be effective. This half-hearted approach is leaving businesses exposed.
Why maintaining security and compliance is so challenging
The classic cyber risks are still in place and while most businesses defend themselves reasonably well against these risks, newer threats are emerging, and companies must be aware of the changing landscape in order to remain secure. New threats include:
- Next-gen social engineering. Using AI to electronically generate fake audio and video hackers can easily fool an audience. It also becomes very difficult to protect original materials when faking a video stream is so easy.
- Machine learning sabotage. Machine learning algorithms make use of training data to extract relationships and knowledge that can be applied to real-life situations. This training data can be compromised, wreaking havoc with the results of machine learning algorithms. It may not be easy to detect either as on average it takes 100 days to detect a data breach.
- Quantum decryption. Companies already lose data due to breaches on a regular basis, but thanks to encryption the lost data is often rendered useless. However, with the dawn of quantum computing, it is expected that many encryption algorithms will be rendered useless against quantum computers — in as little as ten years.
- Physical threats. The software that controls everyday objects such as cars, pacemakers and even coffee machines is vulnerable to hacking by cybercriminals. A hacker can now electronically cause substantial physical damage much easier than before.
Recent report from Cisco shows 75% of respondents experienced significant operational impacts after a successful email attack and 47% reported significant financial impacts.
Threats are clearly changing and expanding, staying ahead can be difficult. In some ways, good practice or indeed cyber hygiene is the best way to mount an effective defence against cyber-attacks.
Cyber hygiene training can be very effective
It’s easy to argue that the vast majority of cyber attacks can be prevented if companies simply practice good cyber hygiene. This includes compliance with industry standards, regulations, and basics such as keeping backups up to date.
However, companies often make elementary mistakes in their approach to security and compliance, operating in a way that exposes a business to cybersecurity problems:
- Too many companies rely on legacy systems and processes even as they integrate their critical systems and add new-generation features such as advanced analytics and automation. The result is a skills gap, and risk exposure due to outdated systems in the mix.
- Cloud migration is continuing unabated, and many companies miss the risks that making exclusive use of cloud vendors bring. In fact, where companies do not carefully manage their cloud estate they may find their entire online existence could be erased with just a few keystrokes.
- The perimeter of a company’s network is no longer clearly defined. Bring your own device, the internet of things and remote working makes it more difficult for security teams to police company networks.
Essentially, companies must invest in their personnel to strengthen security and compliance measures in order to build a robust digital estate. That said, few companies have the internal know-how and skills to really support security and compliance processes.
Enroll the support of a technology partner
Security and compliance concerns stem out of the use of technology, but technology can be the solution too. Automation is a key driver, as much as machine learning and AI can introduce security risks, both technologies can also aid in risk reduction.
Many companies will get stuck when evaluating vendors, for example, relying on certification but lacking real insight. Likewise, security operations may get overwhelmed with alerts and struggle to consistently respond to critical flags. In contrast, an automation-driven security platform can help your company identify malicious activity and anomalies before these become a real threat.
Yes, practising cyber hygiene and weaving security practices into your business are essential. Want to learn how your company can more quickly identify and react to risks, while also supporting continuous compliance? We’ll be happy to answer your questions. Get in touch with us!
Originally published at https://eleks.com on July 26, 2019.