Six Top Information Security Risks to Be Aware of in 2019

Six Top Information Security Risks to Be Aware of in 2019

While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

The global shift towards advanced forms of technology and higher levels of connectivity has created a gap in cybersecurity. While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

1. Data Theft via Third-Party Vendors

Cloud computing has become a global trend. According to LogicMonitor Cloud Vision 2020, 83 percent of company workloads will be in the cloud. As more companies migrate their digital assets to the cloud, more data is entrusted to third-party cloud providers (CSP). While most CSPs provide adequate security controls, open-source components remain a critical threat.

According to a 2019 SNYK report of the state of open source security, there has been a 88% growth in application vulnerabilities during the past couple of years. The most alarming finding was the discovery that 70% of open source maintainers lack the skills to secure their cloud. Thus, despite the rising adoption of open source components by enterprises and SMBs alike, many cloud environments often marinate in vulnerabilities before someone catches on. By then, it’s too late—the data was already stolen and possibly sold in the Dark Web.

Possible mitigation method—companies that adopt cloud computing will benefit from creating a cloud migration strategy. As you create your strategy, you can research possible CSPs and ensure that they provide their clients with comprehensive security controls. Implementing automated monitoring solutions can help promote secure cloud adoption in-house.

2. Loss of Data Due to Shadow IT

Shadow IT refers to information technology systems used within the organization without the knowledge of the IT department. Shadow IT compromises the information of the organization. Shadow IT systems aren’t backed up by the organization and may cause loss of data.

Loss of data has implications on business continuity and the mental health of the employees. When people lose information, they go through the five stages of grief—denial, anger, bargaining, depression, acceptance. It can be heart-breaking to lose the valuable information you worked on. Such a mental state can impact productivity.

Possible mitigation method—the best protection against shadow IT is prevention. Organizations can create data loss prevention (DLP) policies to help educate employees in proper use of company resources. The policies clarify what systems can or can’t be used and for what purposes. Thus, prohibiting the use of shadow IT systems. Organizations may also implement DLP solutions such as DLP software that automate the identification, monitoring, and management of data breaches.

3. Poor Security Policies Compromise Trade Secrets

In a world in which connectivity has become an integral force of national, cultural, organizational, and individual continuity, security policies act as the guiding line that draws a protective circle around business secrets. According to Statista, there are approximately 2.5 billion smartphone users in the world. In the US, 77 percent of the population owns smartphones.

Information security policies help organizations to protect trade secrets. Allowing personnel and collaborators to access the digital resources of the organization via smartphones can promote productivity and business continuity. However, poor policies such as a single factor password may be used by hackers as an entry point to steal the data. Additionally, a stolen smartphone may compromise any sensitive information stored on the device. Often, when trade secrets get exposed, the reputation of the organization gets damaged.

Possible mitigation method—as in the case of shadow IT, prevention of improper use of company resources is often the best defense against losing trade secrets. Creating policies that maintain a standard use of information resources help employees play an active part in protecting the information and the IT infrastructure of the organization.

4. Data Heists Led by Insider Threats

In 2018, 25 percent of known data breaches were caused by social engineering, which is a technique that uses human psychology to trick individuals into divulging authorization information such as passwords. A social engineer may impersonate IT personnel and trick an employee into revealing their password. Other social engineers may use intimidation, blackmail, violence, or kidnapping to extract the information.

On the other side of the social engineering coin lies the intentional insider work. These are employees that deliberately breach the data of the organization, without being coerced into doing the deed. Often, these are disgruntled ex-employees. A survey of 1,000 employees found that one in five stole sensitive and confidential company information.

Possible mitigation method—implementing User Behavior Analytics (UBA) tools to flag unusual user behavior. UBA monitors and analyses many network events generated daily by the company users to identify malicious behavior such as lateral movement and compromised credentials. UBA helps determine whether the threat comes from the inside of the organization or from outside activity.

5. Phishing Schemes Lead to Business Email Compromise (BEC)

A phishing scheme uses media channels such as email, telephone or text messaging to send legitimate-looking messages with the intention to trick individuals into revealing sensitive information such as credit card details and passwords. Phishing schemes often result in identity theft and financial loss.

Phishing schemes can be used to launch a Business Email Compromise (BEC) attack. BEC scams target email accounts of executives or finance employees involved with wire transfer payments through various methods such as phishing attacks. The cybercriminal uses the information to initiate fraudulent transfers on behalf of the organization.

Possible mitigation methodeducating employees in methods of cybercrime and appropriate protective measures have been proven helpful in reducing information security risks. Additionally, organizations can also implement security controls such as dual authentication, encryption, and visual cues. Artificial Intelligence (AI) filtering provide advanced filtering techniques for catch BEC criminals such as geolocation tools for senders identification.

6. Fraud Enabled by Compromised Blockchain

Since its introduction in 2008, blockchain technology has seen a steep rise in popularity. Originally used for cryptocurrency, blockchain applications can now be found in many industries and systems. A notable blockchain application is a software program called smart contracts, which facilitate a safe digital exchange without the intervention of a third-party.

The idea behind smart contracts, and blockchain in general, is to enable safe digital exchange via transparency, thus getting rid of middlemen such as banks and brokers. However, current attempts of applications of smart contracts to the protection of intellectual property haven’t been successful. Bugs and errors in smart contracts leave systems open to attacks. A breach in the blockchain technology may lead to unauthorized alteration of a smart contract.

Possible mitigation method—use strong authentication to secure the terms of a contract and store encryption keys in a hardware root of trust. Additionally, blockchain security tools and solutions can help apply a variety of security controls the fit the security needs of the organization.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3