When it comes to cybersecurity it’s obvious how important it is with the increasing number of internet-connected devices like voting machines, medical devices, and even devices that we may think are old and not vulnerable, such as pagers. This US election period, for example, has shown the growing concerns around a potential hack during an election, and even though the government is a prime target for attackers, healthcare and financial institutions or any business entity for that matter, are at risk of being a target.
The problem with the Internet of Things is about devices being controlled by software and connected to the internet. When it comes to electronic voting machines for example, the risk lies in the fact that they are devices connected to the internet, which automatically means there’s a chance of intrusion and takeover of that network and anything that’s on it. For businesses, the risk is data loss and consequently reputational damage, like what’s going on with Tesco Bank following their recent breach. Tesco’s customers are complaining about the bank’s ineffective incident response timing.
Security concerns and confirmed breaches such as these, are a wake-up call for government and private organizations all around about the inevitable cybersecurity component they need to adopt as part of their day to day operations. Even if a business hasn’t gone digital yet, the adoption of IoT devices, the use of internet, and mobile devices is enough to cause a breach.
Another perfect example for the IoT security problem is the Dyn DDoS attack. All it took were about 100,000 IoT devices for the attack to take place. The chances of breach for all organizations, public and private, are only growing. Executives can’t rely on device manufacturers for IoT security, nor can they rely solely on a firewall and antivirus system to keep their network secure and alert them in time of an attack. The components to finding and managing a breach are far and wide. The best way to minimize risks is by implementing a holistic risk management approach, which means a lot more than compliance and security technology.
The problem that keeps popping up is businesses adopting security measures that are not always evolving, like setting up an incident response plan, but never looking at it again or failing to get external security audits to identify false positives or missed vulnerabilities by the internal IT team. Getting the necessary expertise within the enterprise is a challenge too. Not only is there a shortage of security experts, but there’s also a false sense of security by organization executives in their ability to detect and mitigate breach with the security measures in place.
The fact that cybersecurity is something being discussed in more instances, like the recent US election period, alongside the breach stories that have been happening with the growth of IoT devices means that the attention of higher up can’t be somewhere else for long. It’s better to be proactive rather than reactive when it comes to breach and this is quite clear. Now, it’s simply a matter of choice.
Do you want to be a breach story or a cybersecurity ‘done right’ story? Give us a call if you’re in doubt of where your business stands with risk management.
We’re here to help you get ahead of your security risks and stay ahead. Schedule your free consultation to know the next cybersecurity steps you need to take!
Photo courtesy of alexskopje