Six Top Information Security Risks to Be Aware of in 2019

Six Top Information Security Risks to Be Aware of in 2019

While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

The global shift towards advanced forms of technology and higher levels of connectivity has created a gap in cybersecurity. While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

1. Data Theft via Third-Party Vendors

Cloud computing has become a global trend. According to LogicMonitor Cloud Vision 2020, 83 percent of company workloads will be in the cloud. As more companies migrate their digital assets to the cloud, more data is entrusted to third-party cloud providers (CSP). While most CSPs provide adequate security controls, open-source components remain a critical threat.

According to a 2019 SNYK report of the state of open source security, there has been a 88% growth in application vulnerabilities during the past couple of years. The most alarming finding was the discovery that 70% of open source maintainers lack the skills to secure their cloud. Thus, despite the rising adoption of open source components by enterprises and SMBs alike, many cloud environments often marinate in vulnerabilities before someone catches on. By then, it’s too late—the data was already stolen and possibly sold in the Dark Web.

Possible mitigation method—companies that adopt cloud computing will benefit from creating a cloud migration strategy. As you create your strategy, you can research possible CSPs and ensure that they provide their clients with comprehensive security controls. Implementing automated monitoring solutions can help promote secure cloud adoption in-house.

2. Loss of Data Due to Shadow IT

Shadow IT refers to information technology systems used within the organization without the knowledge of the IT department. Shadow IT compromises the information of the organization. Shadow IT systems aren’t backed up by the organization and may cause loss of data.

Loss of data has implications on business continuity and the mental health of the employees. When people lose information, they go through the five stages of grief—denial, anger, bargaining, depression, acceptance. It can be heart-breaking to lose the valuable information you worked on. Such a mental state can impact productivity.

Possible mitigation method—the best protection against shadow IT is prevention. Organizations can create data loss prevention (DLP) policies to help educate employees in proper use of company resources. The policies clarify what systems can or can’t be used and for what purposes. Thus, prohibiting the use of shadow IT systems. Organizations may also implement DLP solutions such as DLP software that automate the identification, monitoring, and management of data breaches.

3. Poor Security Policies Compromise Trade Secrets

In a world in which connectivity has become an integral force of national, cultural, organizational, and individual continuity, security policies act as the guiding line that draws a protective circle around business secrets. According to Statista, there are approximately 2.5 billion smartphone users in the world. In the US, 77 percent of the population owns smartphones.

Information security policies help organizations to protect trade secrets. Allowing personnel and collaborators to access the digital resources of the organization via smartphones can promote productivity and business continuity. However, poor policies such as a single factor password may be used by hackers as an entry point to steal the data. Additionally, a stolen smartphone may compromise any sensitive information stored on the device. Often, when trade secrets get exposed, the reputation of the organization gets damaged.

Possible mitigation method—as in the case of shadow IT, prevention of improper use of company resources is often the best defense against losing trade secrets. Creating policies that maintain a standard use of information resources help employees play an active part in protecting the information and the IT infrastructure of the organization.

4. Data Heists Led by Insider Threats

In 2018, 25 percent of known data breaches were caused by social engineering, which is a technique that uses human psychology to trick individuals into divulging authorization information such as passwords. A social engineer may impersonate IT personnel and trick an employee into revealing their password. Other social engineers may use intimidation, blackmail, violence, or kidnapping to extract the information.

On the other side of the social engineering coin lies the intentional insider work. These are employees that deliberately breach the data of the organization, without being coerced into doing the deed. Often, these are disgruntled ex-employees. A survey of 1,000 employees found that one in five stole sensitive and confidential company information.

Possible mitigation method—implementing User Behavior Analytics (UBA) tools to flag unusual user behavior. UBA monitors and analyses many network events generated daily by the company users to identify malicious behavior such as lateral movement and compromised credentials. UBA helps determine whether the threat comes from the inside of the organization or from outside activity.

5. Phishing Schemes Lead to Business Email Compromise (BEC)

A phishing scheme uses media channels such as email, telephone or text messaging to send legitimate-looking messages with the intention to trick individuals into revealing sensitive information such as credit card details and passwords. Phishing schemes often result in identity theft and financial loss.

Phishing schemes can be used to launch a Business Email Compromise (BEC) attack. BEC scams target email accounts of executives or finance employees involved with wire transfer payments through various methods such as phishing attacks. The cybercriminal uses the information to initiate fraudulent transfers on behalf of the organization.

Possible mitigation methodeducating employees in methods of cybercrime and appropriate protective measures have been proven helpful in reducing information security risks. Additionally, organizations can also implement security controls such as dual authentication, encryption, and visual cues. Artificial Intelligence (AI) filtering provide advanced filtering techniques for catch BEC criminals such as geolocation tools for senders identification.

6. Fraud Enabled by Compromised Blockchain

Since its introduction in 2008, blockchain technology has seen a steep rise in popularity. Originally used for cryptocurrency, blockchain applications can now be found in many industries and systems. A notable blockchain application is a software program called smart contracts, which facilitate a safe digital exchange without the intervention of a third-party.

The idea behind smart contracts, and blockchain in general, is to enable safe digital exchange via transparency, thus getting rid of middlemen such as banks and brokers. However, current attempts of applications of smart contracts to the protection of intellectual property haven’t been successful. Bugs and errors in smart contracts leave systems open to attacks. A breach in the blockchain technology may lead to unauthorized alteration of a smart contract.

Possible mitigation method—use strong authentication to secure the terms of a contract and store encryption keys in a hardware root of trust. Additionally, blockchain security tools and solutions can help apply a variety of security controls the fit the security needs of the organization.


  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West
  • Live from ISC West: Day 1 Recap

    The first day of ISC West 2023 is in the books, and it’s safe to say that vendors have brought their A-game to Las Vegas. The booths of this year’s Live From partners—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—were swamped all day long. Here’s a brief recap of just a few highlights from each partner’s presence at the show. Read Now

    • Industry Events
    • ISC West
  • Turn on the AC, ISC West is Hot

    Nothing warm about the Las Vegas weather outside. It is cold, and it was raining after the opening day. No one seemed to care inside the convention center. The hall was packed with inquisitive security professionals. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

New Products

  • Dahua 2-Wire IP Video Intercom System

    Dahua 2-Wire IP Video Intercom System

    Dahua Technology is introducing a new line of expandable 2-wire IP video intercom solutions for the North America market. The New 2-wire IP video intercom is more advanced, cost effective, and designed to help businesses increase their security. 3

  • Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft focuses on transforming traditional professional surveillance systems into cloud connected solutions via the Videoloft Cloud Adapter. 3

  • LenelS2 BlueDiamond™ mobile app

    enelS2 has introduced its Indoor Location subscription-based service for businesses and other organizations using LenelS2’s BlueDiamond™ mobile app version 2.1.8 for smartphones. 3