Cybersecurity is currently one of the thorniest issues business and industry are facing. How do you ensure your systems, operations and data are as protected as possible from increasingly sophisticated attacks?
The need to be more cyberaware today
Hugh Thompson has been called “one of the five most influential ICT thinkers”. So when he says, “We are entering into an age of dependence on technology, and [that’s] putting us at risk”, it’s worth paying attention.
The crux of Thompson’s argument lies in the fact that what was good cybersecurity advice five years ago is almost certainly not good advice now. This is principally because so many devices today – from washing machines to warehouse automation – have IP addresses.
On the one hand, that’s fantastic. Having devices connected online is the essence of the Internet of Things, enabling real-time decision making, reduced costs and improved operational efficiency. On the other hand though, anything online is potentially a target for hackers and criminals.
Jacqui McNamara – no lightweight herself when it comes to cybersecurity – highlighted that the ubiquity of technology and the normalisation of the on-demand mindset means that patience is more a virtue today than it ever was.
She notes that whether it’s with food, information, entertainment or other services, individuals are now driven to expect things to happen straight away, making time our most precious resource. That has, in turn, driven a massive uptake in the use of apps that promise efficiency, and communication over social media, which allow messages to reach many people at once.
The increasing sophistication of cyberattacks
McNamara notes that, because the world shares an extremely large attack surface (the number of ways cybercriminals can attack today), it’s impossible for organisations and individuals both to be 100% secure.
She also points out that while most people are consciously aware that social sites and other apps will sell their user data to third-parties, people still aren’t deleting their Facebook accounts, and that’s the reality of how deeply social media is embedded in modern life.
Thompson believes that the vast majority of people are not as vigilant about safety and security in the virtual world as they are in the physical world. And that, he says, spells danger for businesses – particularly as attackers are finding new ways to exploit any weaknesses in a cybersecurity system.
For example, most people are aware that clicking on links in an email from an unfamiliar source is a risk. However, phishers also know that people know that. So they make a point of not including links. Instead, they invite people to google the name of a particular organisation and employ SEO strategies to ensure the sites they control are ranked highly. By playing on people’s reliance on rules like not clicking on a strange link, they come across as trustworthy.
The end result is your system is not just compromised, but Thompson says your IoT devices are actually being “weaponised” against you.
It’s a chilling thought, but there are measures you can take to improve cybersecurity, as an individual and as a corporation.
What you can do to improve cybersecurity
Thompson believes that data analytics can help solve the risk issue. If a system analyses risk and can then assist with the choices you need to make in a very human way, it helps minimise that risk.
To make this process even easier, Thompson suggests that all devices should come with the equivalent of the nutrition labels found on food packages. By giving people clear sensory, connectivity and security information about machines (the equivalent of calories, fat and carbohydrates), it automatically becomes easier to understand what cybersecurity measures will be provided to safeguard your systems.
On mobile, Telstra’s 2017 Cyber Security Report saw a 300% growth in mobile malware month over month in the Asia Pacific region. This is unsurprising, according to McNamara, as the use of unsecured wireless networks are still very popular amongst all internet users in Australia and around the world.
The good news, McNamara says, is that hackers are still using old tactics, including SMS and mobile banking trojans. She says that organisations and individuals can address 90% of mobile security attacks simply by taking a few precautions:
- Being aware that you get what you pay for. McNamara warns that if you’re buying a SIM card from a carrier that doesn’t clearly pronounce its data protection policies (and whether or not it complies with regulations like the GDPR), you’re likelier to be at a higher risk of getting infected by malware.
- Using anti-fraud solutions in your firm. Telstra, for example, uses Imperium which helps it quickly detect and respond to network and application attacks.
- Practicing the five ‘knows’ of cybersecurity. That is,
- know the value of the data you have
- know who has access to this data
- know where this data is
- know who is protecting it
- know how well it’s being protected
- Constantly educate yourselves and each other. Organisations and individuals have a responsibility to educate staff and each other about how to mitigate the risk of cybersecurity attacks, sound the alarm when necessary, and help everyone become suspicious by default.
If you’re worried about who has access to your technology, our guide to cybersecurity and the internet of things can help you prepare for the challenges companies will face over the next decade. Download it today.