Our Blog

06

Sep

Understanding the threat landscape and how you can protect your business

Most organisations are, by now, well aware of the need for a strong cybersecurity posture. They know that cybercriminals are constantly trying to gain access to corporate networks to steal information that they can either monetise or use to compromise the business (or both).

Security readiness: understanding the threat landscape

However, many decision-makers put security measures in place then get on with the business of running their organisation. If that sounds familiar, it may be time for you to review your organisation’s security posture.

The important first step is to understand the threat landscape. This means getting an overarching view of the types of threats that could compromise your organisation.

Key threats in 2018

Cybercrime continues to rise and there are no indications that it will begin to fall off anytime soon. Evolving technology brings with it significant business benefits but it also opens up new attack vectors for cybercriminals.

Here are five of the key threats to look out for in 2018:

Senior executives and board members contribute to risk

According to Gartner, by 2020, 100 per cent of large enterprises will be asked to report to their board of directors on cybersecurity and technology risks at least annually. This increasing involvement and understanding will help organisations strengthen their positions. However, it could be a double-edged sword.

There is an assumption among senior executives and board members that the increasing budgets being allocated to cybersecurity will result in full protection for the organisation. While that would be ideal, the truth is that it’s impossible to guarantee that an organisation is fully secure at all times. However, the result is that busy business leaders can tend to forget the risks and neglect to follow basic security procedures. Phishing attackers are aware of this; that’s why they often target senior executives in their campaigns.

Cybersecurity professionals need to communicate honestly and openly with board members and senior executives to ensure everyone understands the threats that face the organisation and what’s being done to mitigate them. They need to understand that security is everyone’s responsibility and no amount of state-of-the-art security tools can prevent an attack when human error is the starting point.

Criminals continue to be organised

Cybercriminals are increasingly organised with hierarchies and organisations that mimic corporations. They are well-funded and sophisticated, and highly incentivised. The resources available to cybercriminals far outstrip those available to individual businesses, so it’s important for businesses to automate security functions where possible and share cyberthreat information to get ahead of the game.

Phishing attacks continue to yield results

As automated security tools get better at identifying and preventing attacks, cybercriminals are relying on the age-old approach of social engineering. They send emails purporting to be from legitimate sources requesting the recipient to click on a link, confirm their passwords and login details, or verify their bank details. Some look like they come from senior management, directing staff members to pay certain bills or purchase certain items. Regardless of the specifics, the outcome is usually the same: financial losses for companies; and an increased risk of identity fraud affecting individuals.

Only consistent, fact-based training and reinforcement can overcome social engineering campaigns by cybercriminals. As their methods become more convincing, the risk of falling for them becomes more real. It’s therefore essential to ensure that all staff members are aware of what a phishing email could look like and what to do if they think they’ve received one.

Third parties create risk

The increasing interconnectedness of businesses leads to streamlined processes and automation, which delivers efficiencies and cost savings. However, it also means that, if one company in the network is compromised, all the organisations connected to them could be compromised as well.

Businesses need to do due diligence with third parties to ensure their security systems are strong and reliable. Otherwise, they could open themselves up to being attacked regardless of their own security measures and tools.

The Internet of Things offers new targets

IoT devices include sensors and other connected endpoints that have just enough intelligence to be dangerous. These devices are proliferating fast, but many have either no security or weak security built in. Furthermore, many users are implementing IoT devices without changing the default username and password, making it incredibly easy to crack them. Numerous attacks this year have originated with IoT devices and the problem isn’t going away.

Businesses need to choose IoT devices from manufacturers that build in more than just rudimentary security functions. And, they need to immediately change the default usernames and passwords on each of these devices to make them harder to crack. This way, businesses can reap the benefit of the rapidly-expanding IoT without incurring unnecessary risk.

By being aware of these key risks, as well as other threats that may be specific to your industry, you can start to build a security posture that meets the challenge head-on. For more information about how Empired can help, contact us today.

Need help? Talk to us 

This is part of the Security Readiness series, discussing how cloud computing is transforming the way that organisations deliver business solutions to their workforce. To find out more, talk to us.

Posted by: Gavin van Niekerk, Principal Consultant | 06 September 2018

Tags: Security, Security Readiness, Threat landscape


Top Rated Posts

Blog archive

Stay up to date with all insights from the Empired blog