Safer Internet Day: an opportunity for businesses to reflect

If you have kids in school, chances are they will spend a large portion of their day learning how to protect themselves online. Firms should take note and use today as an opportunity to take pause on the biggest cybersecurity threats facing enterprises in 2019. We asked IT industry experts to canvas the top enterprise cyber threats and the practices that can thwart them

Today is Safer Internet Day, a day practiced in schools around the world to try and educate children about being safe online.

Although it’s incredibly important to teach children the importance of being safe online, it’s still something that adults, particularly in the world of work, can struggle with too. The stream of online fraud, data breaches and the prevalence of insider threats proves that Safer Internet Day is something that applies as much to business professionals as it does to children.

With this in mind, a variety of IT industry experts have come together to give advice and lessons on what IT professionals need to be aware of in 2019, and areas in which organisations can make changes for the better.

Data in use

The internet was one of the main drivers for the need for encryption. Widespread access and use of the internet, first for commercial transactions and then social networking, meant data was suddenly put at risk. As organisations look to improve data safety and security, Garry McCracken, VP of technology at WinMagic’s attention turns to data in use versus data at rest.

“After a competition run by the US National Security Agency, the commercial world settled on Advanced Encryption Standard (AES) for bulk encryption for the internet,” he explains.

“However, all that data in motion travelling around on the internet eventually comes to rest on a laptop, phone, server or in the cloud, so the need to protect data at rest has grown too. FDE (Full Disk Encryption) with AES is now pretty much standard for protecting data at rest, but even that is not the full story. The cloud – born out of the internet – is allowing your data to be processed on other people’s computers. That makes data ‘in use’ the next big problem to solve in the coming years.”

Nigel Tozer, solutions marketing director EMEA at Commvault complains that regulatory environments and enforcement are failing to keep pace with cyber criminals and even the grey area of ‘sharp practice’ from less than scrupulous businesses.

“This isn’t just a challenge for individuals either — organisations of all kinds are being targeted as a rich source of data or cash to mine and exploit,” he says.

“This Safer Internet Day, I recommend renewing your awareness of your online surroundings, being conscious of your clicks and careful with the data you divulge. From a business perspective, after you’ve reminded your staff to do their cyber-security training modules, maybe it’s time you kicked-off that data profiling exercise you’ve been meaning to do? Not only will your organisation be in a less risky place with regard to cyber-threats and regulations like GDPR, you might even find useful data, or make some savings by deleting or archiving redundant information.”

Taking control

Staying safe online is a concept we all think we know about – but when it really boils down to it, are we as safe as we think? Arguably, the most important asset online is your data. Steve Blow, tech evangelist at Zerto urges IT professionals to think about taking back control.

“Everything you do online leaves a digital footprint. It may seem like nothing on its own, but all of this combined creates a picture of you,” he says.

Safety and security

The internet began with two terminals, each in a university computer science department, and now comprises billions of connected devices globally. Stephen Gailey, solutions architect at Exabeam observes we’re currently witnessing the birth of the sensed device boom: the Internet of Things (IoT).

“There is, of course, a security cost associated with this. Modern software development techniques are a rich source of future security bugs. As people continue to connect their household devices to the internet, you can expect to see some significant privacy breaches over the coming years. We need to be thinking about this now, particularly as organisations lacking the skills or experience to build such products jump onto the IoT bandwagon.”

Todd Kelly, CSO at Cradlepoint argues that as the network security industry develops better detection and defence solutions, traditional fixed perimeter-based approaches to network security will evolve.

“Cybersecurity concerns are real but by using expert cloud-based management platforms and software-defined perimeter technologies, they can be effectively addressed,” he explains.

“There will always be devices that are compromised and vulnerabilities that are exposed but just as we’ve built these technologies, we’ve also built the safety constructs to protect them. If we commit to tried and true security practices while adopting new approaches that leverage wireless, software-defined and cloud technologies we don’t have to let our concerns unduly impact our progress.”

Given that phishing attacks remain among the top vulnerabilities, Steve Armstrong, regional director, EMEA at Bitglass, advises that organisations should prioritise identity and access management to mitigate the risk of compromised credentials.

“If a login appears suspicious, having a process in place for more stringent user authentication – stepping up Multi Factor Authentication (MFA) for example – can help prevent high-risk accesses. Improved visibility into cloud infrastructure can also be valuable to quickly alert IT administrators to risky events thereby preventing phishing attacks and credentials compromise,” he explains.

Educating professionals

Social engineering attacks continue to plague organisations. They are a go-to method for hackers. They rely on unwitting, unsuspecting and, at times, careless employees.

“The key to defending against this type of threat? Education,” according to Steve Wainwright, MD and VP EMEA at Skillsoft. “By training employees to question and look out for suspicious emails – for example, checking if the sender email address looks odd and scanning the email for poor grammar and spelling – organisations can reduce the likelihood of successful attacks. Giving employees the skills and knowledge they need to identify potential attacks is the best way of mitigating the insider threat risk.”

Naaman Hart, Managed Services Security Engineer at Digital Guardian argues: “It’s time that businesses thought about applying security to their business practices as IT security tools are not infallible against human behaviour.”

“As an example, train your staff to require third party validation for any financial transaction or introduce payment procedures requiring multiple sets of independent eyes. Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and that they fear for their jobs if they do not act quickly as instructed. You must put in place processes and beliefs that questions out of the ordinary requests when they come through.”

It’s also important to remember that tech scams are on the rise around the world. It benefits all technology solution providers (TSPs) to make sure they’re taking the time to help their customers recognise the red flags before it’s too late.

As Jeff Bishop, VP, Control, BU Operations at ConnectWise encourages: “Proactive and continuous customer outreach and education will go a long way in showing that you care about their cyber safety. And if you pair those efforts with remote support and access software that offers transparency and security, you’ll be well on your way to establishing your business as a trusted technology advisor.”