Business IQ

Mid-year check: Six leading cyber security trends in 2019

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

Smarter Writer
Smarter Team

The Smarter Team is made up of business and technology journalists who write to offer insights to small and medium businesses about technology, business know-how and emerging trends.

From ongoing policy changes across the world to the latest trends in attack types, from IoT security to the weaknesses that loom in ‘the shadows’, we take a look at the cyber security trends so far this year. Plus, we give you tips on how you can be prepared.

A quick glance at this Information is Beautiful infographic of the World’s Biggest Data Breaches & Hacks succinctly shows the intensification of cyber attacks in recent years. both in size and scope.

According to the 2019 Telstra Security Report, “83 per cent of organisations spend up to 20 per cent of their overall IT budget on security.” Respondents to the same report flagged their top two challenges as “the ability to timely detect and respond to incidents and the impact of new technologies.”

With this in mind, cyber security should continue to be a priority for your business, because no business is immune, whether big, small or somewhere in between.

Here phishy, phishy, phishy

One of the most pervasive, ongoing threats to your IT security in 2019 is phishing.

Michelle Drolet, CEO of data protection company Towerwall writes in Forbes that “unsuspecting users continue to fall prey, taking the bait from well-crafted business email compromise (BEC) attacks, phishing emails and malicious URLs.”

The Telstra Security Report 2019 also shows businesses are still falling prey, stating: “Among the subset of organisations that suffered business interruption due to a security breach, 35 per cent of Australian organisations reported phishing incidents on a weekly or monthly basis.”

Poorly thought out phishing emails – those emails that jump out as suspicious – are becoming less common. Today, phishing has become localised, personalised and geo-targeted, so it’s important to be extra vigilant. Tech podcast Reply All did an episode a little while ago on how phishing has changed, and can catch out even the most savvy of computer users.

Question: How should I front-up to phishing attacks?

Answer: For a phishing attack to be successful, and BEC (Business Email Compromise) in particular, it requires some response or input from the recipient, and that could be a member of your team. This is where the human element is vital. As Matthew Wilson of Penten says, “a fundamental, but overlooked, element in cyber security [is] training staff in what to look for and what not to look for.” Training your team on prominent threats, showing them what to look out for, will lessen the chances of them handing over the keys to your castle.

Securing all the ‘Things’

The ‘Internet of Things’ is almost becoming synonymous for ‘every single gadget’ we use in business these days. That’s right, if it connects to the internet it’s a member of the Internet of Things – and that’s pretty much everything.

With social media, cloud use, and the ever-growing power of mobile on 5G, the concept that a network is something physical, and difficult to penetrate, is outdated.

The change from physical to virtual has made it easier for hackers to spot weaknesses. And all these ‘Things’ are endpoints open to exploitation.

Why are the IoT devices more prone to being breached? Many IoT devices run on default passwords that the user has never changed. Combine this with the fact they are made to be available 24/7 and always connected and the risk only increases.

Question: How do you secure your devices in 2019, in the age of the Internet of Things?

Answer: Michelle Drolet recommends endpoint detection and response, proactive monitoring for incidents, zero-day protection like Telstra Internet Protection, and to keep all endpoint devices, whether mobile, tablet or some other ‘Thing’, up-to-date with patches.

Business, the NDB and the GDPR: What do they mean in 2019?

Europe’s GDPR, the General Data Protection Regulation, may be European-based but it has implications for Australian businesses via its influence on Australia’s Notifiable Data Breaches (NDB) scheme.

By now, you should be across your privacy law obligations as part of the NDB Broadly, it’s the need to notify the Office of the Information Commissioner of any data breaches that impact your business and take certain steps. But why are businesses from Australia, the US and elsewhere looking at the European-based GDPR compliance rules? The answer: the regulations still apply to many businesses outside of Europe, and the principles that underpin the law can be learned from and applied universally.

California might be a long way from Europe but the GDPR inspired legislative change there last year, a trend set to continue in 2019. California passed AB 375, the California Consumer Privacy Act of 2018, which will take effect at the start of 2020. Forbes recommends “businesses … think of GDPR as a journey to raise the bar in IT security and not the final destination.”

Question: What does my business need to do to keep up with the GDPR in 2019?

Answer: As Mumbrella suggests, look first at your supply chain. “The first thing to consider is that, while your business may not directly collect the personal information of individuals in the European Union, the GDPR may still affect you indirectly because of the agreements you have with customers or suppliers.”

If your business sells goods or services directly to people in the EU, or you collect personal information, then the GPDR might apply to you.

And more than that, it’s good business. If you deal with businesses in Europe, those affected by GDPR, they’ll want to know that you’re compliant to their rules to safeguard themselves.

Start by asking: “Do I deal with the personal information of EU customers or those in my supply chain?” This can be complicated – so seeking legal advice on this is advised.

Handling the mix of managed and unmanaged devices

The modern workplace is nothing like the workplace of yesteryear – no longer is it a case of ‘here’s your desk, here’s your computer’. Today’s workplace is a vast mix of devices and not all are provided by the business – especially in small-to-medium operators where there isn’t the same level of investment in tech infrastructure (as, say, a corporation) to draw from or pass around.

Question: What’s the best way to handle managed and unmanaged devices?

Answer: The State of Endpoint Security Risk Report by Ponemon Institute reports that the risk from endpoint devices has risen significantly in recent years and the trend looks to continue. The way to respond is with a combination of robust policies on the usage of devices at work and how they’re managed along with updated security, like Telstra’s Endpoint Security and Protection.

Stickman, an Australian cyber security design business, recommends starting with “strict multi-factor authentication (MFA) policies, that require staff to verify their identity on multiple devices when accessing organisational resources.”

The challenge that lurks in the shadows

Running parallel to the topic of managed versus unmanaged devices is the growing issue of what are known as shadow IT resources. These are the pieces of software and applications that make it onto business devices that aren’t supposed to be there – a common event when humans and tech interacts in the name of getting things done. With just a finger tap, a team member could be using non-approved applications in seconds.

Business and technology site Gartner predicts that in the lead up to 2020, up to one third cyber attacks will come through these ‘shadowy’ sources. As IBM recently found, one out of three company employees regularly use cloud-based software-as-a-service (SaaS) apps (like Google Docs, for example) that haven’t been explicitly approved by the business.  

Users have become increasingly comfortable downloading and using apps and services from the cloud to assist them in their work.

While the intention is positive, the outcome can be negative.

Question: How do I solve the problem of shadow IT?

Answer: The answer is multi-faceted. Fostering a safe culture through policies and awareness is the first step to take. But if you want to bolster your security policies and education with a tech solution, cloud access security brokers (CASBs) can be deployed to provide visibility and control over these external apps, so you can see who is using what and block it if needed.

Ultimately, user awareness is the trend to embrace

All the tech in the world won’t help you if your team aren’t aware of the risks, so a secure culture is more important than ever in 2019.

Risk management specialists, Marsh, put culture at the top of their trends list for this year: “A strong cyber security culture should not only focus on the training of employees to build awareness of common forms of threats (phishing emails, social engineering scams) but should also empower individuals to understand their responsibility and the critical role they play in the success of their company’s cyber risk management framework.”

Question: How do I go about fostering the right kind of secure culture in my business?

Answer: Empower your team to know their role in the broader security picture. If an employee knows the ‘why’ behind keeping their eyes wide open for threats, they’re more likely to engage with secure processes.

Learn how Telstra Business Cyber Security Services can help with your cyber security needs.
Find out moreLearn how Telstra Business Cyber Security Services can help with your cyber security needs.

Customer shopping online
Customer Experience
Customer Experience
5 ways to help prepare your business for online Christmas shopping

Despite COVID-19 restrictions easing, many people might still prefer to shop online instead of in-store this Christmas. Is your business ready to meet the demands of the holida...

Regional Australian landscape
Customer Experience
Customer Experience
Bridging the location gap: How regional businesses are thriving online

As society becomes more digitally connected, technology is helping to unleash the potential of many regional businesses.

Female worker stretching hands above head at workplace
Why you should choose mindfulness over multitasking

Every minute counts for small business owners, so working on three or four things at once might seem like the best way to get things done. But is multitasking actually holding ...

Business owner uses digital tablet on a farm
Business IQ
Business IQ
Federal Budget 2020: 5 key take-aways for small business

Telstra has teamed up with Small Business Australia to deliver a series of articles and resources to help Aussie small businesses survive and thrive in these challenging times....