Threats to data security is increasingly being recognised as a priority by UK business leaders. This growing awareness is in response to increased incidences of cyber security attacks and data security breaches in 2016, as well as high profile, devastating cyber attacks such as the recent WannaCry ransomware attack that targeted the NHS among others.
To protect yourself and your business it is crucial that you stay abreast of growing, as well as established, data security threats. To help you stay up to date, we’ve taken a look at five of the most serious, growing threats to data security.
Insider Threats To Data Security
With all the fear of hackers and malware, you may be surprised to learn that it is actually the ‘insider threat’ that is the leading corporate cyber-security concern. EY, a professional services firm, found, in a survey of more than 1,800 organisations in 60 countries, that corporations consider “careless or unaware employees” to be their number one security vulnerability.
The rise of the insider threat can be attributed, in large part, to the way people work in 2017. Employees are increasingly allowed, and even encouraged, to work on their mobile devices at work and at home, using cloud based software. This can lead to far more porous data security than was previously the case, and companies risk the integrity of their data the minute an employee accesses it on a personal device. Indeed, a 2016 study by IBM found that 60% of all cyber attacks were carried out by insiders.
Ransomware has long been a hot topic in the cyber-security world, but it made headlines across the mainstream media in June 2017 when WannaCry caused havoc across Europe. WannaCry was the biggest cyberattack in history, and caused huge damage to the likes of Renault and the NHS. The impact on the NHS in particular showed the catastrophic potential of ransomware to not only compromise data, but to bring public services to a halt.
Like other viruses, ransomware infects a system or device by exploiting a security vulnerability in the software by tricking someone, in one way or another, to install the harmful software.
There are two main types of ransomware: encrypting ransomware and locker ransomware. Encrypting ransomware uses advanced encryption algorithms to block files on your system. When your files have been encrypted, payment is demanded in return for a key that can decrypt the locked files. Locker ransomware, on the other hand, actually locks the target out of their operating system, making it impossible for them to access their data in any way. In this way, the files are not encrypted, but a ‘ransom’ will generally be demanded to unlock the system.
Social engineering attacks target individuals on a personal level, and aim to manipulate them into handing over sensitive information, such as passwords and login details. Social engineering attacks are becoming more frequent, and more sophisticated, with hackers using increasingly innovative methods to dupe company employees into parting with sensitive information.
Some of the most common types of social engineering attacks include:
Phishing – Phishing is the most well known method of social engineering, and involves fraudulent emails under the guise of official communications. The email is designed to trick the recipient into believing that the email is from a trusted source, in order to gain access to sensitive information.
Baiting – Baiting involves the use of physical media, such as USB drives, which are infected with malware, and are installed when the media is loaded onto a device. The ‘bait’ occurs when the hacker leaves the infected media unguarded, in the hope that someone will pick it up and use it.
Social media is a fact of modern life, and can be crucial in marketing your business, as well as providing customer service. However, as businesses become more and more active on social media, with various individuals assigned with different levels of access, it it can become increasingly difficult to manage effectively, increasing the risk of data security breaches.
Potential data breaches can happen in two ways on social media. The first is a direct leak, this is where employees inadvertently share internal email addresses or confidential information about new products or services. Data breaches can also occur indirectly, by individuals sharing personal information, such as holiday plans or personal phone numbers, which may place them at risk of social engineering. When an individual is at risk of social engineering, so, by extension, is the data of the company he or she represents. Caution and responsibility are key on social media. One careless post can potentially result in a serious data breach.
The Internet of Things (IoT) has been one of the great technological breakthroughs of recent years, opening up the possibility of everything from wi-fi kettles to smart cities. Despite the exciting possibilities of the IoT, the fact that they collect sensitive information makes them a target for hackers, and a potential data security liability.
The fact that the IoT is in relative infancy technologically makes it, in some respects, more vulnerable to attack than some other long-standing technologies. Unlike the likes of Windows, Apple iOS and Google Android, there is no open ecosystem currently in existence capable of making these devices interoperable. Interoperability exists among certain ranges of products, but cross-integration across multiple platforms is currently not possible.
Keeping up to date with the latest data security threats is crucial in an ever changing and rapidly evolving technological world. Education is the best step to prevention, and it’s important to ensure that your employees and colleagues are equally aware of the potential data security threats to your business, such as social engineering, and insider threats, raised in this article.
Protect company data ensuring it remains secure when disposing of retired IT Assets – talk to us today https://www.eolitservices.co.uk/contact/