The 5 Cybersecurity Challenges Companies Need to Know
All companies operating on the web, or at the very least using Internet technologies in their day-to-day operations are in the middle of the transition. The changing treatment with regards to cyber defense, from a ‘principle of cost’ to a ‘principle of investment.’ No company today wants to suffer the damaged reputation, loss of data and degraded customer trust, all of which will surely happen at the wake of a cybersecurity breach or a corporate cyber espionage or virus attack.
With that in mind, we have five talking point on what things to be aware of when it comes to handling Business Continuity from the standpoint of cybersecurity:
Be aware of regional and global government regulations.
GDPR or the General Data Protection Regulation that covers EU-member states and their respective citizens fully took effect last May 25, 2018. As Internet-based companies and firms operating with EU customers are covered, the entire world is benefited as companies chose to use a single Terms of Service for their customers regardless of their location. Any company that failed to comply with GDPR is obliged to pay a maximum of £17.5m (around €20 million or 4% of their global revenue, whichever is higher). Such amount will literally kill any small or medium-size businesses, rendering them out of business. It is very clear that with government regulation alone, organizations need to invest in cyber defense in order to prevent data breach, which is already costly even if we only factor the heavy fines alone.
The growth of IoT utilization
Preceding the PC and the smartphone devices, IoT has started flooding the market, and it is only a matter of time before it reaches critical mass in the enterprise space. The entry of IoT devices and its normalization in a business environment will prove to be challenging to secure, as the technology is still in its infancy. There is hope for standardization soon, as both Microsoft with their Azura Sphere OS and Google’s Android Things will produce much more standard platforms to build IoT devices. Standardization in the IoT space will be good for everyone, as there will be actual OS vendors that customers can rely on to seek support if needed. The availability and accessibility of official support services will help mitigate security issues if a security emergency happens anytime.
The commercialization of exploit kits
Earlier, exploit kits were only available to people that explicitly looked for them in the DarkWeb, a portion of the Internet access only through TOR. However, as cybercriminals seek new ways to widen their profitability, they started selling exploit kits for cheap on the public web. There are even Facebook pages where such wares are sold by the cybercriminal community for an affordable price. It is important that companies keep their software and firmware secure, through regular update maintenance. It is something that cannot be bypassed, updates to operating systems, drivers, BIOS and other critical firmware needs to be done in order to fix the vulnerabilities discovered.
Research and development-powered cybercriminals
The cybersecurity strategy five years ago is no longer applicable today. Hackers continue to improve themselves, improvise new ways to earn a bigger profit by developing new exploits and malware. Case in point, Ransomware and cryptocurrency mining malware, those two types of virus didn’t exist five years ago.
Cost of the security breach beyond day 1
The company that experiences a data breach, virus infection or DDoS attacks have bigger problems to face beyond the day 1 of such attacks. The repair of the company’s brand and reputation, the loss of business opportunities and degraded confidence of both suppliers and customers. Hence, it is a primary consideration to treat cybersecurity spending as a long-term investment and not just plain cost. The change of mindset must come from the top and down, the awareness of system security must start from the company’s board of directors to the lowly office staff.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.