FACING WORKPLACES IN 2018
As we approach the end of 2018, companies around the globe are facing increasingly innovative, advanced threats from those outside their internal networks and systems — whether rogue individuals or teams sponsored by nation-states.
While external threats can easily capture the attention of everyday citizens, seasoned security professionals will also be aware of the threats posed by insiders: Employees and contractors alike can access proprietary (and even highly confidential) information. Unfortunately, this trust can be abused, as evidenced by numerous access control scandals that have occurred in the past decade. Cases range from Edward Snowden’s historic leak of highly-classified National Security Agency files to a former UCLA Health System employee sentenced to federal prison for violating HIPAA.
So we’ve compiled a list of the top six cybersecurity issues that could affect workplaces in 2018. It includes threats that can develop both inside and outside of a company’s networks, further highlighting the dynamic threat environments that today’s businesses must tackle.
External threats: 3 common tactics used in today’s security landscape
Cybersecurity challenge #1: Ransomware
Ransomware is one of the most aggressive tactics used by today’s hackers. These threats take a computer, and sometimes even entire networks, as hostage. Often, all the files and data previously stored on a system become inaccessible until the victim (i.e. someone in the workplace) hands over a ransom fee, typically paid in cryptocurrency like bitcoin.
Cybersecurity challenge #2: Cloud-based services and computing
The creation of software as a service (SaaS) solutions has enabled companies in every industry to become more agile. Companies no longer have to pay for bulky, expensive software, as SaaS solutions are all based in the cloud and are available for only a small monthly fee.
But SaaS solutions also present novel security threats, in part due to the current insecurities of APIs and various hardware vulnerabilities.
Cybersecurity challenge #3: The Internet of Things
The Internet of Things (IoT) is on the fast track to fundamentally change how future economies will operate. The ability to place a sensor on everyday objects for very little cost is certainly exciting, but can present a nightmare scenario for security professionals. IoT devices are notoriously insecure and can be easily exploited for their computing power for use in bonnet-based DDoS or ransomware attacks.
How can workplace professionals address external threats?
While the security needs of each business are unique, there are a few universal guidelines that can help protect against external cyber-attacks:
- Conduct frequent cyber risk assessments.
- Implement sensible data security safeguards and monitoring systems: Use data encryption, multi-factor authentication, or a disaster recovery as a service (DRaaS) solution.
- Create a framework for ongoing threat management, operational oversight, risk management, and regular reviews of contracting businesses with whom you’ve partnered; document plans to handle threats and mitigate the impact of attacks with a data backup solution in place.
Internal threats: Understanding threats from within your organization
Cybersecurity challenge #4: Access to confidential information
Most external threats are easy to recognize and identify. But internal threats are far more ambiguous, especially when it involves access control and information flow within a company.
For example, let’s say an individual with access to confidential information downloads a file that doesn’t directly relate to their work. Is this a malicious attempt to steal company information? Or is this a case of simply mistaking one file for another?
Cybersecurity challenge #5: Information flow among various devices
Most employees today will bring their own devices to work — for example, smartphones, tablets, and laptops. But if these devices are doubling as both work and personal devices, this could compromise your company’s confidential information or data.
Cybersecurity challenge #6: Managing employee credentials
Ensuring that only the proper employees and contractors have access to confidential or compartmentalized business information can be the difference between a strong security environment and falling prey to insider cyber threats.
How can workplace professionals address internal threats?
Every company has a unique threat landscape when it comes to insider threats. To effectively defend against such cyber-attacks, here are several solutions:
- Implement strong confidentiality policies that are understood and defined as a part of the employee onboarding process.
- For the duration of an employee’s tenure, continue to conduct basic security trainings, restrict the use of personal devices for work activities, and restrict access to information that is not applicable to an employee’s role within the company.
- When an employee chooses to resign from the company, ensure the offboarding process removes their access to sensitive information. Additionally, conduct exit interviews and follow-ups for each employee that moves on to other opportunities.
Today’s modern, globalized workplace demands a strong understanding of possible cybersecurity issues. Both external and internal threats can significantly damage a company’s bottom line and reputation.
Develop a documented cybersecurity incident response plan
A robust cybersecurity incident response plan will incorporate a deep understanding of the unique aspects of today’s common external and internal threats.
The North Group has worked with businesses of all sizes to conduct cyber risk assessments and implement the appropriate preventive measures. To find out how we can help, contact us today!