From ongoing policy changes to common attack types, IoT security and potential online vulnerabilities in your business, we take a look at some of the cyber security trends and threats that your business should be aware of – and how you can stay on top of them.
One of the most pervasive, ongoing threats to your IT security is phishing. “Unsuspecting users continue to fall prey, taking the bait from well-crafted business email compromise (BEC) attacks, phishing emails and malicious URLs,” says Michelle Drolet, CEO of data protection company Towerwall.
The impacts of COVID-19 have seen more people working remotely and cyber criminals have jumped on the opportunity to take advantage of unsuspecting users. Phishing has become localised, personalised and geo-targeted, so it’s important to be extra vigilant.
Our tip: One of the best ways to prepare your business for phishing attacks is to invest time into training for yourself and your team. For a phishing attack to be successful it requires a response or input from the recipient, and that could be a member of your team. This is where the human element is vital. As Matthew Wilson of Penten says, 'a fundamental, but overlooked, element in cyber security [is] training staff in what to look for and what not to look for.” Training your team on prominent threats and showing them what to look out for will help lower the chances of a mistake.
Worried about potential online attacks?
Telstra Business Cyber Security Services can help to protect your business.Find out moreWorried about potential online attacks?
Securing all the ‘Things’
The ‘Internet of Things’ (IoT) is almost becoming synonymous for ‘every single gadget’ we use in business these days. That’s right: if it connects to the internet, it’s a member of the IoT – and that’s pretty much everything. With social media, cloud use and the ever-growing power of mobile on 5G, the concept that a network is something physical and difficult to penetrate is outdated. The change from physical to virtual has made it easier for hackers to spot weaknesses. And all these ‘Things’ are endpoints open to exploitation.
Why are IoT devices more prone to being breached? Many IoT devices run on default passwords that the user has never changed. Combine this with the fact they are made to be available 24/7 and always connected and the risk only increases.
Our tip: To help secure your devices in the age of IoT, you could consider an endpoint detection and response solution. Telstra Internet Protection can help with proactive monitoring for incidents and keeping all endpoint devices, whether mobile, tablet or other, up to date with patches.
Business, the NDB and the GDPR
Europe’s General Data Protection Regulation (GDPR) may be European-based, but it has implications for Australian businesses via its influence on Australia’s Notifiable Data Breaches (NDB) scheme. Your business has privacy law obligations to notify the Office of the Information Commissioner of any data breaches that impact your business and take certain steps. Businesses from Australia, the US and elsewhere should be looking at the European-based GDPR compliance rules because the regulations still apply to many businesses outside of Europe. The principles that underpin the law can be learned from and applied universally.
Our tip: Start by looking at your supply chain. While your business may not directly collect customer data in the European Union, the GDPR may affect you indirectly if you have agreements with international suppliers or stockists. If your business sells goods or services directly to people in the European Union, or you collect personal information, then the GPDR might apply to you. And more than that, it’s good business. If you deal with businesses in Europe, those affected by GDPR, they’ll want to know that you’re compliant to their rules to safeguard themselves. This can be complicated, so it could be helpful to seek legal advice.
Protecting managed and unmanaged devices
Today’s workplace is a vast mix of devices and not all are provided by the business – especially in small or medium operators where investment in tech infrastructure might be limited. The State of Endpoint Security Risk Report by Ponemon Institute. Stickman, an Australian cyber security design business, recommends starting with “strict multi-factor authentication policies, that require staff to verify their identity on multiple devices when accessing organisational resources.”
The challenge that lurks in the shadows
‘Shadow IT sources’ are pieces of software and applications that make it onto business devices that aren’t supposed to be there. With just a finger tap, a team member could be using non-approved applications in seconds. Users are often comfortable downloading and using apps and services from the cloud to assist them in their work. While the intention is positive, the outcome can be negative.
Our tip: Fostering a safe culture through policies and awareness is the first step to take. But if you want to bolster your security policies and education with a tech solution, cloud access security brokers (CASBs) can be deployed to provide visibility and control over these external apps, so you can see who is using what and block it if needed.
User awareness is the trend to embrace
All the tech in the world won’t help you if your team aren’t aware of the risks. Risk management specialists Marsh put culture at the top of their trends list for this year: “A strong cyber security culture should not only focus on the training of employees to build awareness of common forms of threats (phishing emails, social engineering scams) but should also empower individuals to understand their responsibility and the critical role they play in the success of their company’s cyber risk management framework.”
Our tip: Empowering your team to know their role in the broader security picture can help to build a good online security culture within your business. If an employee knows the ‘why’ behind keeping their eyes wide open for threats, they’re more likely to engage with secure processes.
Being aware of these cyber security trends is just the first step to protecting your business. The Telstra Business Intelligence report on Managing Risks Online dives deeper into how you can help identify and prevent threats online.
*Originally published on July 25th 2019. Updated February 19th 2021.