No single industry is immune to IT security threats. Major corporations and small firms alike face real and growing threats from attackers. In fact, 43 percent of attacks are aimed at small businesses.
Cybercriminals are continually developing new tactics to compromise personal and business data. For example, the WannaCry ransomware attack in 2017 locked businesses from accessing their data on more than 200,000 computers in 150 countries. Fast forward to today, with a 2018 study that warns that the growing use of artificial intelligence (AI) for business applications could introduce new forms of cyberattacks that circumvent traditional means of security.
While each cyber attack is unique and many were (and will remain) unpredictable, there are some trends when it comes to threats to keep a close eye on. Every year, the Information Security Forum (ISF), an independent association of security organizations, releases a “Threat Horizon” report to identify emerging security threats facing businesses. In Threat Horizon 2019, ISF forecasts the top nine security threats over the next two years as a result of technology change. It also presents a set of recommendations to help businesses mitigate the risk of each threat.
In this post, we highlight ISF’s nine threats facing businesses and present a few ways that your business can reduce risk and damages. While some threats will be more applicable to your business than others, the key takeaway here is information and preparation. The more your business understands and stays in front of IT security threats, the better off you will be.
The Threats: Disruption
The Threat Horizon 2019 report positions the nine threats under three larger themes. The first theme is disruption, caused by reliance on fragile connectivity.
1) Planned internet outages can halt global business, disrupting trade and commerce.
What it is: Nefarious actors are not just lone cyber attackers. Nation states and terrorist groups also recognize the amount of economic damage that can be done to adversaries through the premeditated manipulation of internet infrastructure.
How to protect your business: ISF recommends focusing on your business continuity plan. Update it to reflect the current climate and threat environment, such as by adding in alternative modes of communication (like satellite phones) should your infrastructure become compromised.
2) Ransomware + Internet of Things (IoT) = Evolving Danger
What it is: Ransomware attacks against business operations are unfortunately not a new phenomenon. What might be new, however, is how ransomware is evolving to target connected smart devices, from medical equipment to home automation devices and even to vehicles on our roads.
How to protect your business: Take an advocacy approach, ISF suggests, and engage with industry associations to influence policy change and legislation for minimum security standards around IoT and connected devices.
3) Your systems are only as strong as your people. Soft targets present a big risk.
What it is: Some of your employees will undoubtedly have privileged access to systems or critical data. These employees can be coerced, knowingly or not, into giving up some of this information. Often, this can be done through “old-fashioned criminal techniques.”
How to protect your business: ISF recommends taking an inventory of all critical information assets and identifying the individuals and teams who can access them.
The Threats: Distortion
The second theme from ISF is distortion, such as a lack of trust in the integrity of information.
4) Automation and artificial intelligence lend instant credibility to false information.
What it is: Advances in AI personas enables misinformation to spread quickly and deliberately. Automation can also target specific audiences, like commercial businesses.
How to protect your business: ISF suggests revisiting your business’s incident management plan to add scenarios around the spread of misinformation.
5) Breaches of internal information will increase in number and complexity.
What it is: Internal data can be extremely sensitive. For example, retail businesses often have transactional logs with customer payment information or healthcare organizations might store confidential patient health information. If this information is compromised, it can have a significant effect on your business.
How to protect your business: One recommendation from ISF is to monitor access and changes to sensitive information through the use of appropriate tools.
6) Blockchain is not foolproof. It can be subverted, shattering trust in your business.
What it is: While blockchain technology can improve systems, it’s also susceptible to subversion and can be leveraged to commit fraud or financial crime. This can upend customer trust in your business or industry. If this happens, you may need to abandon the affected blockchain, which can cost you time and money and promote inefficiencies.
How to protect your business: ISF suggests appointing a person or committee to consult on and make decisions around the use (or abandonment) of blockchain technology at your business.
7) Surveillance laws can expose critical business information.
What it is: Your business might not be able to define the security protocols around stores of data that are collected in bulk by third-party providers, like a communications provider.
How to protect your business: ISF recommends conducting a risk assessment to better understand the impact if data and information is lost or exposed by a third party.
8) Industry and privacy regulations present a conundrum for your business.
What it is: Some privacy regulations present restrictions on individual profiling, which can impede the monitoring of insider threats.
How to protect your business: According to ISF, your business can solicit legal advice to strike a balance between adhering to regulations and conducting individual profiling to monitor insider threats.
9) Artificial intelligence (AI) is promising, but rushed deployment can result in unexpected outcomes.
What it is: AI can be leveraged to improve your business and your processes. But deploying it in an unsafe way can result in vulnerabilities that go beyond the expertise of your leaders and developers.
How to protect your business: ISF recommends recruiting and developing a team with the skills to understand and safely deploy AI systems.
Taken together, these nine IT security threats from ISF can seem daunting. You’re not alone; 70 percent of organizations say that they believe their security risk increased significantly in 2017.
Many of the strategies to mitigate the risk of these threats will involve significant investment in time, money, and resources. At the same time, some of the above threats will be more relevant than others; we recommend reading the full Threat Horizon 2019 report and discussing it with your leadership and IT team.
According to ISF, those businesses that remain well-informed on emerging technologies and security threats are best suited to make the right decisions; a key part of success lies in how prepared organizations are to navigate these threats. One consistent recommendation from ISF is to foster a strong collaborative culture with the right players at the table.
One proven and cost-effective way to establish this security culture is to partner with a third-party managed IT services provider, like N8 Solutions. We know that security threats like these nine are becoming more sophisticated every day. Sometimes, you don’t even recognize an attack is happening until it’s too late. One report suggests that it takes most companies more than six months to detect a data breach!
This is exactly why we offer robust and flexible solutions to proactively protect your business before and after an attack. From business continuity planning to working with your leadership team, we protect your business on all fronts. This means not just desktop, internet, and infrastructure cybersecurity, but also supporting your people to ensure user adoption and impactful results.
Book a Free IT Network Security Risk Assessment & Audit
Don’t let your business be recognized as the next victim of a cyberattack. It can harm your reputation and even shutter your operations. One statistic suggests that 60 percent of small companies go out of business within six months of an attack!
We can help you make sure your IT infrastructure is ready to take on the latest security threats. Book a free IT Network Security Risk Assessment & Audit, and we’ll complete a full inspection of your IT systems - risk free.