Once the domain of governments and criminal agencies, cyber-attacks are now focusing on the private sector, partly due to the rapid rise of personal internet-enabled devices in the workplace, which can leave gaping holes in a company’s security safeguards.
Smartphones and tablets are appearing at an alarming rate in the workplace and while some companies have attempted to adopt a BYOD (Bring Your Own Device) policy to control how they are used, according to Accenture, a staggering 92% of companies do not have a robust security policy to help them manage and prevent malicious cyber attacks.
Studies carried out in August this year by the Ponemon institute revealed that 83% of multinational companies believe they have been the target of a cyber-attack over the past 12 months.
This is an increase in attacks over the past year of almost 21% with PricewaterhouseCoopers airing their belief that 92% of firms have experienced a malicious security breach at some time.
In July, a number of high street banks in the UK were struck by the Zeus Trojan virus, which cannot be detected by traditional firewalls and security software. This resulted in almost £700,000 being stolen from online customer accounts. This attack was mounted by groups of cyber criminals from Europe, but given the low start-up costs of setting up a cyber attack – you can buy a Zeus Trojan ‘starter’ kit online for less than £1,000.00 – and the difficulty in tracking down the instigators, it is not difficult to see why crime in the 21st century is turning to online methodologies.
Data protection is now a crucial business issue and not just a technology concern. While many companies believe that they have effective policies in place to prevent malicious incursions, over half of those surveyed have suffered data loss in recent years.
The proliferation of social networks are great targets for the cyber-criminal; information about employees, the companies they work for an even their roles and responsibilities can be easily acquired with little effort to form the basis of an advanced penetration strategy.
Lack of policy direction and general employee carelessness are root causes of many data loss incidents; using infected USB sticks, visiting malicious sites, even opening emails can lead to a cyber-attacker being let inside an organisation.
Companies face implementation issues now that may seem too difficult and costly, but unless action is taken now the issues will become more complex, threatening and even impossible to cope with without an infrastructure rebuild.
While the Cloud may seem a safe haven for your valuable data, by its very nature it attracts attention from cyber-criminals, so it is absolutely essential that you do your homework on these companies that offer to securely store your data online.
Even the best secured company servers can be hacked: Adobe suffered a major breach of its user database in October, with millions of credit card numbers being obtained, although most were in encrypted format.
What we will attempt to do in these pages is to make you aware of the dangers of being on the internet and the steps you should take to secure your data – and the steps you should take if some cyber-criminal manages to access it.