Businesses are struggling to shore up security defences against hackers who are becoming more skilled, persistent and agile.
Astonishingly only 45 percent of organizations worldwide are confident in their ability to defend their systems and data against sophisticated cyberattacks, according to Cisco’s 2016 Annual Security report.
Cybercriminals are fast creating resilient back-end infrastructures to launch their ever-increasing attacks. Malicious browser extensions are one major source of data leakage for businesses, with Cisco estimating that 85 percent of organizations are affected by them.
Online criminals are refining complex webs for getting money out of unsuspecting victims as well as stealing data and intellectual property (IP). Security firm Kaspersky Labs estimates that over the past two years cybercriminals have managed to steal around $1 billion from 100 different financial institutions across the US, Russia, China, Germany and Ukraine, targeting both businesses and individual citizens. The FBI’s Internet Crime Complaint Center (IC3) said that between April 2014 and June 2015, victims reported losing $18 million to CryptoWall, a ransom Trojan.
There is a growing concern amongst senior management about the potential damage data breaches and cyberattacks can do to a business in terms of brand reputation, lawsuits and costly downtime, but still many are finding it difficult to put adequate security strategies in place.
“High-profile data breaches are a wake-up call to enterprises everywhere. However, they pose the question: Why did IT fail to stop the data breach? The answer is that it’s an enterprise-wide issue, not just a technology problem,” explained Larry Ponemon, chair and founder of the Ponemon Institute.
The curse of aging systems
Aging legacy systems are a major cause for concern, because they can leave businesses vulnerable to attacks. Cisco analysed 115,000 devices on the internet and discovered that 92 percent were running software with known vulnerabilities. Furthermore, 31 percent of the devices were logged as “end of sale” and 8% “end of life”.
Many organizations and financial institutions are plagued by a mix and match of older systems, often attained through mergers and acquisitions. Chinks in patchwork networks make easy entry points for cybercriminals, whether they are seeking to profit from stolen data or are so-called ‘hacktivists’ looking to make a social or political point.
Businesses are desperately trying to address security issues but are finding the challenges overwhelming – with aging infrastructures and outmoded organizational frameworks standing in the way of developing robust cybersecurity strategies.
At a time when security measures should be paramount, Cisco’s report found that SMEs have actually lowered their guard. The report found that 48 percent of SMEs said they used web security, compared to 59 percent in 2014. Such weaknesses can leave SMEs particularly vulnerable to attacks as cybercriminals will find it easier to breach these networks.
Home Depot in the US was hacked into via flaws in its password security and an unnamed third party vendor’s system. Cybercriminals got in via this back door and installed malware on sales terminals.
IoT will reshape security
The pressure on enterprise security is only going to grow. As we enter the era of the Internet of Things (IoT) it is imperative that enterprises and their partners have a secure network infrastructure, ensuring the integrity of the data and communications that are moving around their networks.
The power of connected devices within the IoT ecosystem will redefine the scope of security strategies way beyond present responsibilities, according to Gartner. “The requirements for securing the IoT will be complex, forcing Chief Information Security Officers (CISO) to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” explained Earl Perkins, research vice president at Gartner.
“Fortunately, many of the security requirements for the IoT will look familiar to the CISO. The technologies and services that have been used for decades to secure different eras of computing are still applicable in most cases,” he added
With the rise of IoT, now is the time for enterprises to take a really hard look at their security strategies. They must ensure they are doing everything possible to avoid security breaches, which may require investment in new IT infrastructures or security solutions.
It is worth remembering the mantra that trust in IT is hard fought, but can be very quickly lost – which is why security needs to be at the top of every enterprise agenda.
To learn more about the Orange security portfolio and how it can help secure the network for the IoT era and beyond, please visit: http://www.orange-business.com/en/security