The past 12 months has seen businesses across the world and around Australia fall victim to cyberattacks that caused financial and reputational damage and were, in many cases, preventable. In 2018, businesses must recognise that cyberattacks will happen, so it’s essential to plan for them to minimise business risk and cost.
Most businesses have some form of cybersecurity technologies or processes in place but are still missing other factors that contribute to an acceptable level of cyber hygiene. Some of the key basics that should be adopted include regularly backing up data, patching systems and applications, and reducing the attack surface of digital assets as much as possible.
As companies continue to transform, adopting new technologies is crucial for growth and competitiveness. To reduce the risk, leaders need to understand current and potential threats, along with what can be done to mitigate the risks.
One of the most important and widely adopted technologies of recent years is cloud computing. The agility and flexibility it offers can help businesses achieve a strong competitive edge but there have been questions around how to adequately secure data is in the cloud.
Most cloud providers work on a shared responsibility model, which means the provider is responsible for the security of the cloud and infrastructure, which includes the network, storage and computers. As the customer, you’re responsible for the security of your data in the cloud. By failing to secure that data, companies are exposing themselves to significant risk.
The most common culprit is still human error. Some businesses have had sensitive data exposed via misconfigured cloud services. This can result in the exposure of sensitive files, passwords, personal details, and other information, making it freely accessible to anyone via the internet.
If data can be overwritten, the risk is even greater. If a cybercriminal can modify data, they can upload malware and overwrite files. Worryingly, tools are available on the internet to let people search an organisation’s data in the public cloud. If the data is open to read and/or write, then changes can be easily made.
There are three key ways to protect your data in the public cloud:
Understand what sensitive data is stored
In the cloud, as well as the potential impact if the data were to be exposed.
Understand which employees and third parties
Have access to sensitive data.
Determine how the data is protected
And whether the protection mitigates risk effectively.
Regardless of where data is stored, the basic principles of information security remain the same: confidentiality, integrity, and availability.
Most attacks target confidentiality and availability. Businesses have become so used to protecting against data theft or denial-of-service attacks that they forget about integrity. However, integrity is a key area where more challenges are appearing.
Data is the new oil that propels businesses forward. The risks of data theft are therefore clear. But the risks of data manipulation are only just becoming apparent.
Data integrity is the assurance that information can be accessed or modified only by authorised users. Hackers can gain unauthorised access to modify data for financial gain, reputational damage, or simply to make the data worthless.
The results can include disrupted financial markets, not to mention sabotage of everything from traffic lights to the water supply. If the data these systems rely on is compromised, the systems themselves will break down.
Preventing these attacks from being successful should be at the forefront of every business leader’s priority list in 2018.
There are four key steps you need to take now:
Educate employees and customers on the steps
They should take to remain safe and protect their personal data themselves. This helps build their understanding of how to protect the company’s data.
Understand what data you have
How it is collected and produced, and where the most sensitive parts of that data sit. It’s crucial to understand what you’re trying to protect before you can think about how to protect it.
Leverage multifactor authenticatiom
Which provides an extra layer of security if usernames or passwords become compromised. This aids in controlling who has access to your data.
Use encryption to protect sensitive data wherever it lives.
Encryption is only as good as the key management strategy employed, and you must keep keys safe by storing them in secure hardware modules, for example.