A bee hive is an industrious place of team work, communication and productivity. Worker bees communicate and work together in an intricate and finely balanced system harvesting pollen and protecting their assets to produce the highest quality and volume of honey possible. Now imagine a vulnerability in one of the entrances to the hive, and a passing wasp taking its opportunity to force entry, steal, feed and wreak havoc.
Your business is its own hive of information and opportunist hackers will seek out vulnerabilities to hack your systems or data. As a bare minimum, this impact will be significant disruption to your workforce and possibly irreparable brand reputation damage.
Increasingly businesses won’t be targeted by a swarm, but by a single hacker or small group of criminals, who are more targeted and will spot vulnerabilities in the network structure that could easily go un-noticed. Therefore, reliable and secure technology with clear visibility of the network is essential for today’s organisations.
Here we look at five security trends that will shape the way you secure your network hive.
1. Protecting the honeypot
Regulatory developments and the need for compliance
With the EU General Data Protection Regulation (GDPR) set to come into effect in less than a year’s time, any business that handles personal data must be well on track towards compliance.
The terms of GDPR ensure that businesses face concrete sanctions for non-compliance – namely administrative fines of up to €20m or 4 per cent of a company’s annual turnover (whichever is greater). In practice, they have a legal obligation to alert the relevant supervisory authority and, in some cases the customers affected, of a data breach within 72 hours of it occurring.
Data protection must therefore form an integral part of the architecture of every organisation, considering the way people work and communicate and how it can be done as safely and efficiently as possible.
2. Stability in flight
Data privacy in a cloud-led world
Cloud-based technologies can provide powerful and agile content to deliver the best customer experiences and flexibility for an increasingly IT led workforce. All organisations need to balance the level of importance of the data held, where it comes from, how it is hosted, and who it goes to, with the level of security measures they put in place.
Naturally, one of the main issues businesses may have about storing data in a public cloud is the loss of control. If the cloud provider itself is compromised, your data in turn is vulnerable.
Ultimately, whether you secure it in-house or through cloud-based technologies, the users are responsible. If upgrades and patches to applications are not made, they can be exploited. However, many modern businesses are increasingly adopting a hybrid cloud approach, with a combination of in-house and public cloud-based architecture, which requires a specific approach.
3. A colony of hives
Expansion of data from the Internet of Things
High profile attacks on Internet of Things (IoT) devices, such as the Mirai botnet, have left businesses pondering how to harness the undoubted power of IoT without sacrificing security. Whilst threats to PCs, servers and networked devices are widely understood, there are many unknown or poorly understood threats that IoT brings. It is therefore up to the business to ensure these devices – which are essentially remote controls for the world to operate – are secure and remain accessible by authorised personnel and devices only.
Potentially all these devices, if not secured, are open doors for any malicious organisations or individuals to gain access to internal networks or the device itself. Consequently, businesses need to ensure that they seek advice and expertise from professionals that are aware of the risks and vulnerabilities as well as the mitigation and prevention methods.
4. The Queen Bee
Protecting Brand Reputation
Today’s 24-hour news cycle and the increased coverage of cyber security in the media means that the impact of a hack or data breach is far wider reaching than the loss of money or information.
It’s not just customers that are affected if security is breached; suppliers and partners are too. After a serious attack takes place and becomes public, the perception by media and social media of the organisation and its partners can nosedive within minutes.
Today, an attack is virtually impossible to contain before anyone hears about it. Taking years to gain and seconds to lose, reputation is intangible but should be taken as seriously as the ‘physical’ risks to a business.
5. The intricacies of Honeycomb
Managing fraud in a multichannel environment
Fraud is well understood and most organisations have dedicated solutions for this. However, in a multichannel environment, with sales being taken in one channel and fulfilment handled by another, it’s easy to become a target for exploitation if they do not have a complete understanding of all the processes involved. Because of more demand and usage of internet led services for small businesses, cybercriminals are taking the chance to run low cost and low risk activity that targets less protected systems, meaning that these smaller businesses more than ever need to take clear steps to protect the business and their customers.
Protecting your hive and its colony
We are connected to each other day and night, and our technology hive only works if everyone is working together to protect the business. Only by analysing and defining the landscape first, can a decision be reached on the security measures to put in place.
A sustainable framework for data governance and security, crisis management procedures and IT architecture needs to be established to achieve a strong security ecosystem and should be at the heart of every piece of technology used. Without it, the damage is not only to the hive, but to its reputation; if a cyberattack disrupts the running of the business, your business will go elsewhere.
Russell Crampin, UK Managing Director at Axians UK
GDPR Summit Series is a global series of GDPR events which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.
Further information and conference details are available at http://www.gdprsummit.london/