01 Jun 2018

Educating the business on network security

Now that the mobility genie is well and truly out of the bottle, the task of policing and protecting so-called network ‘endpoints’ has become both harder and more important for organisations.

It’s also meant that workers outside of the IT department – including senior management of course – need to be properly educated and informed as to their role in ensuring the organisations’ data and operations remain safe and secure.

IT can’t be expected to do it all on their own anymore.

The introduction of Australia’s NTB (Notifiable Data Breach) laws in late February have helped further underscore the importance of making security a company-wide responsibility. Likewise the EU’s General Data Breach Regulations (GDBR), which came into effect in May.

Australian firms that fail to declare breaches to the OAIC (Office of The Australian Information Commissioner) face fines of up to $2.1 million, with individuals liable to be stung for up to $360,000.

Financial hits like these – on top of the rising fiscal and reputational costs of successful malware attacks – mean cybersecurity needs to be a core business priority for everyone in the organisation.

Increased mobility demands greater vigilance

It’s now estimated the average worker has between three and four devices connected to the corporate network at any one time.

Meanwhile, staff are increasingly making ‘unauthorised’ ‘shadow’ technology decisions, such as downloading mobile apps and other cloud-based tools, which are cheap and easy to procure.

People outside of IT need to be made more aware of the consequences of their actions in this regard. Having policies around best-practice technology usage is one thing, but staff need to understand why they’re in place.

The sense of urgency is underscored by the fact cybercriminals continue to stay ahead of the authorities when it comes to creating and distributing malware.

Among the key trends in cybersecurity is the move to more targeted attacks, as opposed to the traditional scatter-gun approaches preferred by cybercriminals in the past.

These days cyber-attacks are more likely to use some sort of vulnerability or ‘exploit’ as their main vehicle. And as the number of mobile devices and apps continues to explode, it stands to reason the number of security vulnerabilities is increasing too.

In fact, over the past few years it’s emerged that loss and/or theft of mobile devices in the workforce accounts for double the number of serious data security breaches than those wrought by actual malware.

It’s no exaggeration then to say many people literally hold the integrity of their company’s security settings and policies in their own hands.

Being held to ransom

The fastest-growing form of malware these days is ransomware.

As the name suggests, this popular new form of malware works by encrypting an organisation’s critical data until it submits to paying what is usually a modest fee (they can be large too of course!) to have the encryption removed and the victim’s operations restored to normal.

A 2017 study by cyber-security specialists, Sophos found that 54 percent of global firms surveyed had been hit by ransomware in the previous 12 months.

But despite ransomware now accounting for the lion’s share of malware attacks around the world, traditional anti-virus solutions are typically light on features that address it directly.

The Sophos study revealed almost three-quarters of organisations that reported having experienced a malware attack were using the most up-to-date versions of their chosen security solution.

Healthcare was the top target, followed by energy, professional services and retail.

Just under a half of all Australian organisations surveyed by Sophos reported having been hit by ransomware in the previous 12 months. This earned us the unflattering distinction of being one of the top 10 countries in the world targeted by ransomware hackers.

What’s next?

The inexorable shift to mobile computing is leading to an explosion in the number of network endpoints companies – that their IT managers need to identify and manage.

And their ability to do so depends heavily on educating, informing and constantly updating everyone in the organisation about the risks of cyber-attacks, and especially their role in helping to mitigate against them.

Even the most vigilant companies will always be one step behind the criminals, so it’s important to have all hands on deck, especially as the so-called internet of things (IoT) looks like ushering in a whole new world of challenges.

Connect with Brennan IT today to begin the discussion about how to develop a security strategy that involves informing everyone about the risks currently out there and their individual role in keeping them at bay, or read more about Managed Security 

Top