With a number of high-profile security breaches hitting headlines over the past year, what should businesses be looking out for?
We spoke to Raghuram Gorur, program director at Happiest Minds, to find out what are considered the most serious threats to firms.
“The culprits are no longer mere individuals, these are large-scale coordinated attacks, highly sophisticated, driven by groups of cyber criminals distributed across the world. Even nation states are not beyond suspicion,” Gorur told PCR.
“Regulations related to safeguarding and using personally identifiable information is becoming stringent day-by-day. This has made privacy a huge business risk. Any failure on the part of enterprises to safeguard private information can result in regulatory sanctions, hefty monetary fines, damage to reputation and loss of customers.”
Here are Gorur’s top three serious threats to business:
- Insiders with malicious intent: Dissatisfied employees with the knowledge and access to networks and admin accounts can be really big threats. Internal attacks are the most difficult to anticipate, prevent or avoid. The impact of such threats can become compounded if the perpetrators are members of the IT team.
- Careless/gullible employees: An employee, careless or gullible enough to reveal access information to cyber criminals is a very big threat. Leaving the enterprise devices unlocked or sharing the access credentials with the wrong people is an ultimate recipe for disaster.
- Bring Your Own Device (BYOD): As employees are using more and more personal devices to access corporate networks, the risk of network breaches is increasing exponentially.
When asked about what we can expect to see over the next year in terms of cyber threats, Gorur revealed that mobile, cloud and IoT will be key targets.
“Mobile computing adoption is taking IT closer to the user and farther from the organisation, thereby reducing control. The threat vectors in mobile are not clearly understood even now. They are evolving with each new application peddled into the mobile market place and onto the phones used by millions of individuals. Mobile malwares are the most common threats in this case. Phones and tablets infected by these have the potential to cause trouble in enterprise networks through BYOD,” said Gorur.
He also commented that Cloud security is increasingly being compromised since ‘files containing sensitive information are stored by users on the cloud, thereby violating corporate security policies’.
“Employees are also downloading and installing third party apps which are not necessarily permitted as per corporate norms. These third party apps are usually communication apps and productivity apps that communicate with core corporate platforms thereby increasing risk. IP specific blockages are not possible for cloud-based data as cloud servers are moved from one geographical location to others in a matter of minutes,” Gorur added.
Lastly, his thoughts on the future of IoT are as follows: “A humongous amount of personal, business and machine data will be in transit all the time, through millions of devices. Any such device or its operating system or the network connecting it with others can be a seat of potential vulnerability, and can be exploited by cyber criminals.
“Cisco predicts that by 2020 over 50 billion devices will be connected, exponentially increasing the number of potential attack points for a cybercriminal. Smart grids, smart homes and connected cars - the most common extensions of the IoT scope, have a large number of vulnerable nodes where security will become an issue. The lack of standards in the IoT ecosystem will also make securing these networks very difficult.”
Throughout November, PCR is running a dedicated Sector Spotlight on Security – Click the logo below for more articles.