By Kirill Slavin, General Manager, Kaspersky Lab UK&I
Less than a generation ago, only a few people knew about the Internet. In those days the privileged few used email; e-commerce was in its infancy; mobile phones had carrying handles; and online banking was yet to be introduced. Now, the Web dominates what we do and how we do it: we live in the moment, in constant communication with each other and the world around us.
The potential for new technology seems endless, with predictions hitting mind-blowing figures. But as global reliance on technology has grown, so too has the need for heightened awareness of the associated risks. With forecasts from Gartner suggesting that 4.9 billion connected things will be in use in 2015, reaching 25 billion by 2020, our personal and professional lives are only going to become more connected.
The use of our digital DNA has already started and developed significantly in 2014. All types of ‘things’ in our everyday lives are now fitted with microchips that tap into our digital details, using huge amounts of data and affecting how we live and work. Today, billions of electronic chips actively connect everyday gadgets like printers, webcams and traffic lights, to the Internet.
While this automated connectivity can provide businesses with significant gains in terms of efficiency and productivity, it’s created a host of new opportunities for cybercriminals, who are starting to exploit this technology for their gain. So, it’s time for organisations to wake up to the risks and implement the correct security procedures to protect their businesses.
Many perceive cybercrime to be merely fiction, but we’re already seeing examples of how cybercriminals are exploiting new technology. For example, in Moscow, speed cameras and traffic monitoring systems were infected with an unidentified Trojan which stopped authorities catching traffic offenders. A seemingly minor attack which had huge effects on function, and revenue collection.
Similarly, in Antwerp, Belgium, the systems controlling movement and location of shipping containers were breached via malware, allowing containers concealing drugs, money and weapons to enter the country. So it’s clear that increasingly sophisticated cyber techniques are being used not only to steal data, but to put a whole host of companies at risk.
In this environment, businesses need to consider that any aspect of their company in which data is held, is under threat. Even the untraditional devices in our professional and personal lives are becoming connected, so the opportunity for intrusion is immediately broadened.
Although cyber-espionage or targeted attacks on connected devices may sound like some strangely exotic activity from the movies, the harsh reality is that almost any business can become a target, either directly or as a stepping stone to reach a wider victim base.
It’s important that all businesses assess the risks that could apply to their business – and then establish their own security policy. Too many businesses fall into the trap of basing their security strategy on an out-of-date perception of the risks that existed 10 years ago. In order to ensure their security strategy remains relevant in an increasing varied threat landscape, businesses need to:
• Define day-to-day security procedures
• Establish an ‘attack response’ plan
• Include a mechanism for updating procedures – so they keep up with the evolving nature of the threats
• Set out a routine for regularly performing audits of IT security provisions
It’s also imperative that all employees are educated on the changing risks. Unfortunately, businesses can often ignore the human dimension of security. But often the starting-point for a targeted attack is to trick individuals in the company into doing something that puts the company’s security at risk. So, organisations need to ensure they make security awareness part of their security strategy.
By developing a cyber-security strategy in line with the above, IT businesses can reduce their exposure to attack this year. Cyber-attacks of the present and future can impact on the revenue, and reputation of the business. No organisation is safe with emerging risks only becoming more sophisticated, so all should take the necessary precautions.