Category: Cybersecurity

Tech Magazine subcategory

Categories
Cybersecurity Tech Magazine

10 Essential Steps to Ensure Cybersecurity

The U.K.’s National Cyber Security Centre (NCSC) proposes a series of cybersecurity guidelines for IT leaders and security experts to protect their company
Cyber Security guide

As businesses around the world begin preparations for the return to the office, a shadow still looms over IT departments: cybersecurity.

At the beginning and height of the pandemic, the surge in remote work and a new wave of malware attacks put extra strain on network and infrastructure security. Now, with some employees staying at home while others go back on-site, these challenges remain a priority.

In 2012, the U.K.’s National CyberSecurity Centre (NCSC) debuted a series of cybersecurity guidelines that are now used by most companies in the FTSE350. It is never a bad idea for IT leaders and security experts to consider these 10 proposed steps when assessing their company’s overall security measures.

Define risk management strategy for cybersecurity

First things first — Make a full inventory of all business-critical assets and infrastructure. Then, make sure you get the full picture of your strengths and weaknesses. Once that is done, IT and senior management should decide together what level of risk can be assumed and outline a comprehensive security strategy. All concerned stakeholders, from staff to partners and suppliers, must be made then aware of said policy.     

Secure configuration

Then, no one sets out on a journey without first doing a thorough check-up of the vessel. Make sure all your systems and tools are configured properly and that the latest updates are installed. Disable unnecessary functionalities and fix any issues that might compromise your ecosystem.  

Network security

The IT network of today’s businesses is vast, intricated and somewhat obscure. It combines different physical locations with cloud services and remote workers and collaborators. In this context, you must think of any and all vulnerable points of entry and put processes like VPNs in place to minimise risks.

Malware protection

Also, invest in the malware prevention tools, paying special attention to the functionalities offered in relation to your current and future needs. These tools can come in the form of both software solutions and policies regarding the exchange of information.  

Defining user privileges

Not all employees and users need access to everything in your network. So, split your users into levels and assign different privileges to each of these groups, limiting access to the most sensitive information to a few users. Moreover, it is a simple step that can save you a lot of trouble if an attack gets through, effectively serving as a firewall around the more critical parts of your network.

Incident management

In addition, outline and implement a clear process for identifying and managing incidents whenever they appear. When doing so, keep in mind response time and inter-departmental collaboration to ensure a smooth and efficient response.

User education and awarenes with cybersecurity

Then, put in place security awareness programs and carry out training when necessary. Human error is still the first cause behind enterprise data breaches. Therefore, simple-to-avoid malware tactics like phishing can be effectively managed by promoting a security-conscious culture across your stakeholders.

Home and mobile working

Also, COVID-19 has made it more evident than ever that work extends beyond the office doors. Your employee training and awareness programs should include recommendations on how to work remotely in a safe manner. Make sure you complement this approach with the proper software and network security tools like the aforementioned VPN.

Removable media controls

This is another area in which education and awareness play a big role. Removable devices such as USB sticks and hard drives are a great conduit for malware to spread. They also complicate the safeguarding of any information that is exported out of the system. Awareness initiatives in this area should be accompanied by specific software tools and policies, like limiting what information can be exported and by who.

Monitoring

Finally, remember to stay alert. None of the above steps will suffice unless you establish a comprehensive and ongoing surveillance system. Set up all the monitoring software that you will need to protect your network and train your IT staff to spot any irregularities early on.  

Categories
Cybersecurity Tech Magazine

Data security : Is your cloud data secure?

Data security: Is your cloud data secure?
How is your data security? Around 50% of all business data is already stored in the cloud, while 48% of this data can be considered sensitive in nature.

Digital transformation is well underway. An estimated 50% of all business data is already stored in the cloud; while 48% of this data can be considered sensitive in nature. These figures, which were reported on Monday in a global study by Thales and IDC, paint a promising future for the enterprise cloud industry. They also seem to signal growing confidence in the technology’s security and privacy capabilities. So, regarding data security, is your cloud data secure?

Data security: number and perception

The same survey revealed that only 57% of all cloud-stored sensitive data is protected by encryption, whereas 100% of respondents admit to having at least some unencrypted sensitive data in the cloud. One could think this constitutes further proof of the enterprise’s sense of data security. In reality, the number of respondents that feel their data is vulnerable to cyberthreats (86%) has increased considerably since last year’s report (67%). Furthermore, 47% of businesses report having been breached or failed a security test in the past year.  

There is thus a clear disconnect between the perceived levels of data security and the actual measures being put in place. Many decision-makers are not paying enough attention to their own danger alerts, and that is dangerous.

So — how can you tell if this happening in your organization? There are a few telltale signs.

Choosing the right multi-cloud partners

Achieving optimum levels of data protection is becoming increasingly difficult as more and more companies turn to different cloud providers to meet their various business needs. The vast majority of businesses (81%) report using more than one infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) vendor. Meanwhile, 72% of organisations state they use between 11 and 100 software-as-a-service (SaaS) applications — That’s a lot of potentially breachable data living in the cloud.

Data security: how to implement a proper strategy

These multi-cloud environments add a layer of complexity on top of the already complicated world of cybersecurity. In turn, survey respondents identify complexity as the top barrier to implementing a proper data security strategy.

To protect data integrity, organisations must leverage the appropriate set of tools across platforms and partner with those vendors offering solutions that fit within their ecosystem. Ideally, your various security tools and protocols should cover both on-premises and cloud-based data and be compatible with one another.  

If that’s not the case, it might be time to review your security architecture. Putting together the right team has also become essential for multi-cloud success. Consider hiring a cloud security specialist if you haven’t done so yet.

Data vs network security

Despite 83% of organisations planning to either maintain or increase their security spending in 2020, the portion of the security budget destined to data security remains marginal at 15.5%. Comparatively, companies spend much more on network security. This seems to be due to another important disconnect — that between the major perceived security threats and the reality behind most data breaches.  

While more than half of businesses are worried about cybercriminals, terrorists and corporate espionage; everyday issues that tend to pose greater challenges to data integrity are often less cause for concern. Just in the UK alone, 90% of data breaches experienced in 2019 originated from a human error. Employee communications, system misconfigurations and privileged users with access to sensitive resources are all potential risks that network security cannot mitigate.

Data security: accesses and permissions

A great focus on data security is, therefore, highly recommended. Re-examine and restrict your access protocols and permissions, encrypt greater amounts of data and make sure to store and safeguard the keys properly. Moreover, invest in data recovery and backup tools.

Also, do not rely too much on your providers to protect your data. Sure, the cloud is fundamentally a shared responsibility environment. However, there are many proactive measures that you can implement internally to safeguard this data.

Remember – if there is a breach, it will be the company’s reputation the one to take the biggest hit, not the provider’s.   

The threat of emerging tech

Although most experts do not see widespread quantum computing entering the scene until 15 or 20 years from now. The security risks this emerging technology represents are already in the minds of business leaders. Around 72%% of companies believe quantum computers will start disrupting their encryption efforts within 5 years.

Quantum computations can potentially decipher most cryptographic key systems used today. However, the technology is still in its infancy, and companies shouldn’t worry too much about its security implications just yet. But, if you’d like to start future-proofing your system, there are several vendors out there already working with quantum cryptography methods.

Categories
Cybersecurity Tech Magazine

What to expect from cybersecurity in 2020

What to expect from cybersecurity in 2020
One thing’s clear about what will happen with online threats in 2020: cybersecurity is not getting any easier. What to expect from cybersecurity in 2020?

One thing’s clear about what will happen with online threats in 2020: cybersecurity is not getting any easier. The good news is that it’s the early months of the year and all predictions are in, so there’s still some time to get ready. What to expect from cybersecurity in 2020?

And so, we went on a quest through the vastness of cyberspace in search of the best and finest predictions out there. Then we added our own expertise to the mix. The result is a shortlist of considerations we suggest you keep in mind when designing or implementing your cybersecurity strategy for the year ahead.

On history and its annoying tendency to repeat itself

Remember WannaCry? The National Health Service surely does after almost £100m in losses and the cancellation of 19.000 appointments. But the NHS was not alone. Around 230,000 computers in over 150 countries were infected in a matter of hours, leading to an estimated $4 billion in total losses. The culprit? An NSA-devised exploit of Windows’ EternalBlue vulnerability, for which Microsoft released a patch shortly after the liability was made public.

The problem with software updates, however, is that not everybody installs them. Furthermore, some users cannot even install the patch since they’re running older software versions that are no longer offered support — Rings a bell?

Microsoft’s Windows 7 service cut is bound to follow the same path. Sure — the company is extending its support to businesses until 2023, so those running business-critical applications that only work on the old OS should be fine. But, that’s only if they are willing and able to pay. Add those who can’t to the forgetful types who won’t be upgrading out of plain carelessness, and you have 2017 all over again.

Be ready for the very real possibility of a massive attack that infects unpatched users and spreads laterally from one organization to another, from one country to the next. It only takes one sloppy third party for disaster to unfold.    

Dark clouds on the horizon

As everyone and their mother moves their infrastructure and business-critical workloads to the cloud, the potential for a massive data breach affecting all the nodes in the network is skyrocketing.

Perhaps the strike comes from a company or cloud provider that didn’t carry out due diligence and didn’t effectively protect their data during transmission, storage or processing. Or, maybe, as Kaspersky Lab suggests, attackers will leverage the cloud themselves to increase the frequency of their attacks until one breaks through.

What is obvious at this point, is that you should tread very carefully when navigating the multi-cloud ecosystem. Make sure all the involved stakeholders understand the extent of your cloud ramifications. Hire a robust security team. Partner with the right providers.   

Cybersecurity in 2020: The advent of 5G

The more connections in a network, the greater the benefit for those who manage to break into it.  As Forescout points out, enterprise 5G adoption is expected to reach critical mass in 2020. The sheer number of connected devices and the amounts of data they hold should be attractive enough for attackers to try to exploit the vulnerabilities of cellular networks.

If you’re betting big on IoT and 5G, make sure your team is prepared for, or at least aware of, these vulnerabilities and is monitoring for potential attacks. The industry as a whole will need to reevaluate 5G security post-deployment, but, in the meantime, response time is key.

Oh, my — AI

Here’s some good and bad news.

The good news first: AI and Machine Learning will be instrumental in helping cybersecurity experts detect attacks and protect data and infrastructure. The benefits are more than evident. Security tools and protocols that can learn and have increased autonomy are great allies for defending your virtual castle. According to Capgemini, 63% of organizations will have AI-based solutions in place by the end of 2020. Most of these applications will have a security focus.  

The bad news? Hackers can do that too. Expect AI-powered hackbots coming to your neighbourhood very soon. Certainly, an eerie thought to entertain.  

Corrupting the root

In the art of sabotage, simplicity is key. Why bother trying to compromise the finished product when you can alter one of its key components right at the factory line? As Enterprise SpA CTO Pierluigi Paganini notes, supply chain attacks are only going to increase with time. Although they still pose a relatively low threat, it can’t hurt to be a bit more cautious with the vetting of third-party suppliers.

Cybersecurity in 2020: Final reflections on the fallibility of the human mind

We often focus solely on the might of technology, its great potential for good and evil. The truth is that people have been duping each other since ancient times. As many of the biggest cyberattacks of the past years remind us, it is usually a human error that starts it all.

An employee that inadvertently exposes vital information. Someone clicking on a link that their boss allegedly sent them. An infected thumb drive. A computer that wasn’t updated.

The human element is a decisive factor in the world of cybersecurity. Organisations need to implement better security training for their employees, as well as improved data hygiene and BYOD policies.

The scary part, however, is that, no matter how many precautions you take, someone can still be tricked – or paid — into letting in the attackers. Kasperky alerts of these perils. As the costs of breaking into a network raise due to improved security, hackers are going to increasingly target employees ­— whether it is through phishing attacks and very convincing deepfake calls, or by paying them money or extorting them.      

Read our article: How the Covid-19 Pandemic is Accelerating the hybridisation of Careers in Tech & IT