2019 is well under way with strategies and projects being approved and budgets being allocated. However, it’s important to take note of the current landscape, where we’re heading in 2019 and how we can improve.
Users & Risk
How people work has evolved over the years. Bring your own device (BYOD) initiatives are becoming more common in the workplace, as well as remote workers seeing a significant increase—one studying showing that 70 percent of professionals work remotely at least one day a week, while 53 percent work remotely for at least half of the week. This means sensitive company data is potentially being exposed to insecure networks and other potential threats.
As a result, we need to shift our thinking toward managing risk based on specific users, user behaviour and the devices being used. Take, for example, two employees attempting to connect to the organisation’s network. The first employee has a trusted work device and is connecting from within the company network. The second is an employee connecting via their home network using a personal mobile device.
In this particular case, the first employee presents far less of a risk and should be granted access easily. However the second user, connecting from their own mobile device from home, might have a multifactor authentication safeguard added to minimise potential risks.
Likewise, we might use this approach to help businesses identify specific users whose roles or activities pose more of a risk. The example Solarwind’s Cybersecurity Predictions uses is the head of human resources who has access to confidential employee data. Someone in this role would require more rigorous security coverage than a graphic designer who might only have access to design files.
You could then require the head of human resources always connect via a VPN in order to guarantee that their device is safe and clean.
Enterprise Approach
Forbes lists industries like healthcare, finance and law as being especially vulnerable to attack, due to their storage and management of large amounts of sensitive data.
While large corporate breaches tend to dominate the headlines, cybercriminals are equal opportunists, which means businesses of all sizes are potential targets. This means smaller organisations should begin to think like larger enterprises and enlist the cybersecurity approaches and strategies they use.
The small to medium sized organisations should be looking to enlist ways to detect and monitor threats in real time, as well as develop strategies to respond in an appropriate and timely manor. Forbes claims small to medium businesses and small enterprises should be considering the large enterprise level approach as larger organisations will begin to demand specific security standards of the businesses they work with.
The Rise of Data Leaks
Breaches caused by a hacker exploiting specific vulnerabilities are far less commonplace. However, people are more often their own worst enemy with a lack of security knowledge, human error or just sheer laziness leaving data exposed far more often than we think.
In 2018, spikes in the number of data leaks and exposures where data was not being protected…at all, not even by a password, saw a significant increase.
Many websites and services in 2018 were exposed for various reasons, many of which resulted from unsecured servers exposing customer records and information— FedEx, Amazon and MindBody.
With data exposures showing no clear sign of slowing down in 2019, it’s now more important than ever to review all aspects of your IT infrastructure to not only fill gaps, but to improve overall security and efficiency.
Sources:
Brown, T 2019, ‘4 Cybersecurity Predictions for 2019’, Solarwinds MSP Blog, https://www.solarwindsmsp.com/blog/4-cybersecurity-predictions-2019
Browne, R 2018, ‘70% of people globally work remotely at least once a week, study says’, CNBC, https://www.cnbc.com/2018/05/30/70-percent-of-people-globally-work-remotely-at-least-once-a-week-iwg-study.html
NeSmith, B 2018, ‘Cybersecurity Predicitions For 2019’, Forbes, https://www.forbes.com/sites/forbestechcouncil/2018/12/28/cybersecurity-predictions-for-2019/#6e9a2fc44a27
Whittaker, Z 2019, ‘Here’s what to expect in cybersecurity in 2019’, Tech Crunch, https://techcrunch.com/2018/12/31/cybersecurity-predictions-2019/
