Collecting and analysing data has many benefits that can significantly improve the way a business can interact with its customers and generally run its business, however, with the increased collection and storage of data come security risks.
The threat posed to businesses is a real one that a proactive stance on cyber security defence can help to reduce, but there are several ways that data is at risk.
CBR highlights five of the biggest security threats.
1. Social engineering
Social engineering can came in different forms; it can be individuals that call and claim to be from another organisation, or perhaps from the IT department.
Typically they are trying to find out information about you or your business that will help them to gain access to it in some way.
Social engineering attacks have in the past been extremely successful as people are often the weakest point of any businesses defence.
Content from our partners
One example of social engineering saw attackers lift 40 million credit and debit cards from retailer Target’s point-of-sale systems.
Attackers were suspected of gaining access to the company’s network by using credentials gained from heating, ventilation, and air-conditioning subcontractor Fazio Mechanical Services via a phishing email that included the Citadel Trojan.
2. Insider threat
Insider threat can be a tricky problem to guard against as businesses often go unaware of what data and systems it’s employees are actually accessing.
Although tools have sprung up to guard against this, a disgruntled employee in the IT team with knowledge of the systems could cause serious damage.
Some of the best known cases or insider threats have produced years or ramifications for the businesses and organisations affected.
Examples such as Edward Snowden, who copied and leaked classified information from the Central Intelligence Agency, show that even the most secure systems are not safe.
The solution is to closely monitor, control, and manage privileged accounts and credentials, immediately terminate those that are not in use and implement protocols that log and record activity.
3. Carelessness
Humans are often useless, making mistakes left right and centre. While that is forgivable when making an omelette, it is less so when it leads to a huge data breach.
There have been numerous examples of carelessness leading to data being revealed, such as Prime Minister David Cameron leaving the official budget red box unattended on a train.
Although this example was more embarrassing than resulting in a huge data breach it shows that anyone can forget something important.
JP Morgan for example fell afoul of a cyber attack in mid-2014 that saw 80 million consumers and small business have their personal information exposed. This was caused by someone forgetting to enable two-factor authentication on an old server.
The solution is to train employees on cyber security best practices and make it an on-going effort and encrypt devices.
4. Mobile devices
Encrypting devices brings me on to the next big data security threat, mobile devices and the rise of BYOD.
Bring your own device has significantly increased the size of the threat landscape because of the amount of people that now share data, access company information and forget to change their mobile passwords.
BYOD strategy
As unsecured devices access the corporate network, they can potentially expose it to malware or other Trojan software that has been downloaded on apps.
The solution is to create a careful BYOD policy that ensures employees are better educated on what can be used to access the network and what can’t be. Again, having an effective monitoring system in place will help to identify who and what is access the network.
5. Poor policies and planning
Not having effective policies on access and not planning for the worst case scenario is basically asking for trouble.
An inadequate set of access policies could mean that business users are running unfettered with their access to data that they have no reason to be looking at. A lack of policies can also lead to a rise in shadow IT applications that, like BYOD, significantly increase the size of the threat landscape.
Setting controls over what can and cannot be installed on the business networks means that IT is able to see what is being used, where data is being shared and why. Not only can this help to mitigate any risk posed to business data, but it can also help to identify any insider threats.
