In today’s mobile and cloud world, cyber security is not as easy as it used to be in the desktop times. An organisation, whether big or small can be attacked through any place and device which is why employees today are pressurised to keep organisations’ data secure. On a 24/7 basis, they’re accessing highly sensitive data over company networks and systems through smartphone, laptop or tablet to myriad applications, cloud services and collaboration platforms.
Cybercriminals are increasingly targeting organisations with threats such as malicious apps, phishing schemes and ransomware. A recent survey by Cyren indicates that 71% of US SMBs were hacked in the past year, with 71% suffering a malware-related security breach, 43% a successful phishing attack, 36% suffering a virus or worm infection and 23% falling victim to ransomware.
Cyber attacks not only compromise data of an organisation but can have disastrous consequences on public safety, health, the environment and even the economy. Industries such as utilities, oil and gas, transportation, chemical/critical manufacturing, etc. all rely on industrial control systems (ICS), which leverage IT to control physical machinery. Manipulation of these systems can be dangerous.
The Internet of Things (IoT)-fitness trackers, home thermostats, and security systems, medical devices, WIFI printers, self-piloting cars can be exploited to access other connected devices or manipulated to cause mayhem in and of themselves.
Despite this heightened risk, many employees are not very careful when it comes to cybersecurity. Poor user awareness of cyber vulnerabilities is the primary mobility risk their organisations confront, according to 73 percent of 1,735 global executives, information security managers and IT leaders who responded to EY’s Global Information Security Survey 2016-17.
Today’s interconnected business ecosystems create complex relationships and unlimited opportunities for a motivated hacker. For example, if the target is a certain notable executive and the objective is retribution through reputational damage, his/her legal counsel might be a place to start, not as the final target, but a launching point for a social engineering or email spear phishing attack that will ultimately get to that executive. Many legal and accounting firms are small businesses that may be unaware of these types of risks and have limited resources to address them.
A major security implication of flexible working is the lack of mobile security in correlation to the rise of employees using personal devices for work. Typically, just 24% of people are likely to have internet security on mobile devices, and only 5% bother to encrypt the data on their mobile. Vulnerabilities on mobile platforms in general are very fast-moving. “Hackers have recognised [this] as a weak link, given the growth in viruses, malware and malicious code designed to take advantage of mobile devices,” said Sean Sutton, director of EMEIA Advisory in Cybersecurity for EY.
As more workers use personal mobile devices when out of the office, they will continue to be a key point of entry for malicious activity. A Ponemon Institute report found that the economic risk of mobile data breaches can be as high as $26.4m for enterprises, and 67% of the organisations surveyed reported having had a data breach as a result of employees using their mobile devices to access the company’s sensitive and confidential information.
Organizations are increasingly relying on modern IT environments — including mobile, apps and cloud to improve efficiency. However, these new technologies have dramatically diversified and increased the attack surface. Unfortunately, many organizations are still putting the majority of their security investments in preventative technologies that aren’t designed to stop every intrusion into this complex, dynamic infrastructure.