Six Top Information Security Risks to Be Aware of in 2019

Six Top Information Security Risks to Be Aware of in 2019

While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

The global shift towards advanced forms of technology and higher levels of connectivity has created a gap in cybersecurity. While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

1. Data Theft via Third-Party Vendors

Cloud computing has become a global trend. According to LogicMonitor Cloud Vision 2020, 83 percent of company workloads will be in the cloud. As more companies migrate their digital assets to the cloud, more data is entrusted to third-party cloud providers (CSP). While most CSPs provide adequate security controls, open-source components remain a critical threat.

According to a 2019 SNYK report of the state of open source security, there has been a 88% growth in application vulnerabilities during the past couple of years. The most alarming finding was the discovery that 70% of open source maintainers lack the skills to secure their cloud. Thus, despite the rising adoption of open source components by enterprises and SMBs alike, many cloud environments often marinate in vulnerabilities before someone catches on. By then, it’s too late—the data was already stolen and possibly sold in the Dark Web.

Possible mitigation method—companies that adopt cloud computing will benefit from creating a cloud migration strategy. As you create your strategy, you can research possible CSPs and ensure that they provide their clients with comprehensive security controls. Implementing automated monitoring solutions can help promote secure cloud adoption in-house.

2. Loss of Data Due to Shadow IT

Shadow IT refers to information technology systems used within the organization without the knowledge of the IT department. Shadow IT compromises the information of the organization. Shadow IT systems aren’t backed up by the organization and may cause loss of data.

Loss of data has implications on business continuity and the mental health of the employees. When people lose information, they go through the five stages of grief—denial, anger, bargaining, depression, acceptance. It can be heart-breaking to lose the valuable information you worked on. Such a mental state can impact productivity.

Possible mitigation method—the best protection against shadow IT is prevention. Organizations can create data loss prevention (DLP) policies to help educate employees in proper use of company resources. The policies clarify what systems can or can’t be used and for what purposes. Thus, prohibiting the use of shadow IT systems. Organizations may also implement DLP solutions such as DLP software that automate the identification, monitoring, and management of data breaches.

3. Poor Security Policies Compromise Trade Secrets

In a world in which connectivity has become an integral force of national, cultural, organizational, and individual continuity, security policies act as the guiding line that draws a protective circle around business secrets. According to Statista, there are approximately 2.5 billion smartphone users in the world. In the US, 77 percent of the population owns smartphones.

Information security policies help organizations to protect trade secrets. Allowing personnel and collaborators to access the digital resources of the organization via smartphones can promote productivity and business continuity. However, poor policies such as a single factor password may be used by hackers as an entry point to steal the data. Additionally, a stolen smartphone may compromise any sensitive information stored on the device. Often, when trade secrets get exposed, the reputation of the organization gets damaged.

Possible mitigation method—as in the case of shadow IT, prevention of improper use of company resources is often the best defense against losing trade secrets. Creating policies that maintain a standard use of information resources help employees play an active part in protecting the information and the IT infrastructure of the organization.

4. Data Heists Led by Insider Threats

In 2018, 25 percent of known data breaches were caused by social engineering, which is a technique that uses human psychology to trick individuals into divulging authorization information such as passwords. A social engineer may impersonate IT personnel and trick an employee into revealing their password. Other social engineers may use intimidation, blackmail, violence, or kidnapping to extract the information.

On the other side of the social engineering coin lies the intentional insider work. These are employees that deliberately breach the data of the organization, without being coerced into doing the deed. Often, these are disgruntled ex-employees. A survey of 1,000 employees found that one in five stole sensitive and confidential company information.

Possible mitigation method—implementing User Behavior Analytics (UBA) tools to flag unusual user behavior. UBA monitors and analyses many network events generated daily by the company users to identify malicious behavior such as lateral movement and compromised credentials. UBA helps determine whether the threat comes from the inside of the organization or from outside activity.

5. Phishing Schemes Lead to Business Email Compromise (BEC)

A phishing scheme uses media channels such as email, telephone or text messaging to send legitimate-looking messages with the intention to trick individuals into revealing sensitive information such as credit card details and passwords. Phishing schemes often result in identity theft and financial loss.

Phishing schemes can be used to launch a Business Email Compromise (BEC) attack. BEC scams target email accounts of executives or finance employees involved with wire transfer payments through various methods such as phishing attacks. The cybercriminal uses the information to initiate fraudulent transfers on behalf of the organization.

Possible mitigation methodeducating employees in methods of cybercrime and appropriate protective measures have been proven helpful in reducing information security risks. Additionally, organizations can also implement security controls such as dual authentication, encryption, and visual cues. Artificial Intelligence (AI) filtering provide advanced filtering techniques for catch BEC criminals such as geolocation tools for senders identification.

6. Fraud Enabled by Compromised Blockchain

Since its introduction in 2008, blockchain technology has seen a steep rise in popularity. Originally used for cryptocurrency, blockchain applications can now be found in many industries and systems. A notable blockchain application is a software program called smart contracts, which facilitate a safe digital exchange without the intervention of a third-party.

The idea behind smart contracts, and blockchain in general, is to enable safe digital exchange via transparency, thus getting rid of middlemen such as banks and brokers. However, current attempts of applications of smart contracts to the protection of intellectual property haven’t been successful. Bugs and errors in smart contracts leave systems open to attacks. A breach in the blockchain technology may lead to unauthorized alteration of a smart contract.

Possible mitigation method—use strong authentication to secure the terms of a contract and store encryption keys in a hardware root of trust. Additionally, blockchain security tools and solutions can help apply a variety of security controls the fit the security needs of the organization.


  • Cloud Adoption Gives Way to Hybrid Deployments

    Cloud adoption is growing at an astonishing rate, with Gartner forecasting that worldwide public cloud end-user spending will approach $600 billion by the end of this year—an increase of more than 21% over 2022. McKinsey believes that number could eclipse $1 trillion by the end of the decade, further underscoring the industry’s exponential growth. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • Securing the Future

    In an increasingly turbulent world, chief security officers (CSOs) are facing a multitude of challenges that threaten the stability of businesses worldwide. Read Now

    • Guard Services
  • Security Entrances Move to Center Stage

    Most organizations want to show a friendly face to the public. In today’s world, however, the need to keep people safe and secure has become a prime directive when designing and building facilities of all kinds. Fortunately, there is no need to construct a fortress-like entry that provides that high level of security. Today’s secured entry solutions make it possible to create a welcoming, attractive look and feel at the entry without compromising security. It is for this reason that security entrances have moved to the mainstream. Read Now

Featured Cybersecurity


New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3