(Click here to view article in digital edition)
Cybersecurity in 2020 will be marked by subtler, intelligence-led tactics, complemented by human insight and analysis. Threat deception, either on its own or as part of a multi-layered anti-targeted attack process, will be an integral part of this.
As more products and processes are brought online with the adoption of Industry 4.0 solutions, it is increasingly important that companies are aware of the types of attacks to be expected. Connectivity, PBSI’s sister title, spoke to Kaspersky Lab about the evolution of security threats and the simple steps companies can take to protect themselves.
One of the biggest threats, facing small businesses in particular, is mobile malware. Such threats are becoming increasingly sophisticated. As with malware aimed at desktops and laptops, mobile malware is often designed to steal sensitive data. The growing threat of DDoS (distributed denial-of-service) attacks, where an online service is targeted with an overwhelming level of traffic (which can take a company offline), has also been highlighted in recent research. This research also found that only half of the companies questioned regard counter-measures against DDoS attacks as an important component of IT security.
Don’t forget the little guy
SMEs need to know that they’re not immune to attacks. It’s easy for small and medium sized businesses to read the headlines and assume that targeted attack campaigns are directed solely at ‘big names’. However, aside from the fact that all companies have intellectual property, they can be used as stepping-stones to get to another target. Companies in the supply-chain of a large organisation can be the means for penetrating the former. This might be done deliberately, or it may be accidental.
They also need to be aware of the fact that not all attacks are targeted at one company or a particular market sector. The lion’s share is made up of more random, speculative attacks designed to gain access to confidential data and, in particular, financial accounts. Small and medium sized businesses typically don’t have the in-house expertise that a large enterprise can call on, which makes them susceptible to the attacks faced by individuals, so they need to ensure they take steps to mitigate the chances of being breached.
Considering cyberattacks on international businesses such as Google and Sony, it’s only natural that smaller businesses are worrying about the state of their online security. Small business owners are under a great deal of pressure as they need to know their core business, as well as having a basic knowledge of many other things including accounting and IT security. However, there is no need to worry, as a few basic rules suffice in gaining IT protection.
A recent report by ENISA (European Network and Information Security Agency) on breaches of data security regulations in European companies puts it in a nutshell: when it comes to IT security, small companies are in a particularly difficult situation. While they all have a great deal of data which requires protection, most of them have neither the staff nor the knowledge to protect it effectively.
SMEs should consider the following four rules to protect themselves:
Back to basics – Ensure all computer systems are equipped with basic protection, i.e. an up-to-date virus scanner and a personal firewall. Rather than implementing multiple solutions which have the potential to be confusing and time-intensive to manage, all-encompassing protection packages can provide modules which work seamlessly together.
Keep it confidential – Many small companies handle extremely sensitive customer data and should be encrypted. Encryption translates data to a secret code and is the most effective way to achieve data security. To read an encrypted file, a key or password is needed to unlock the translated information.
Use correct password – Customer databases, access to email and computers themselves should be protected using passwords. However, these tools are only secure if the passwords used are at least eight characters long and composed of both upper-case and lower-case letters, as well as special characters and numbers. They should also be used only for a single purpose. Memorising a secure password like “3zP_0S$v” and then using it for everything is not good practice. This is when a ‘password manager’ tool can be helpful to a small business as it memorises secure passwords.
Establish rules – Small business owners know which areas of their company need protecting, but what about their employees? In most cases, staff won’t be IT experts either. Two strategies are recommended here; firstly, clear rules should be established for using IT systems, these should specify prohibited activities such as sharing passwords or using USB flash drives. Secondly, rules should be backed up with appropriate security settings.
As mentioned earlier, Industry 4.0 adoption will bring more products and processes online, as well as critical and sensitive data. The thought of giving hackers potential easy access to such data is hindering some companies from starting on this ‘smart’ path.
Kaspersky industrial cyber security
Kaspersky Industrial Cybersecurity is a portfolio of technologies and services designed to secure every industrial layer without impacting on operational continuity and consistency of the technological process. By addressing every possible stage of IT incidents, Kaspersky Lab solutions deliver a holistic, adaptive and strategic approach to enterprise security.
Kaspersky’s industrial cyber security portfolio focuses on building behaviour, not just delivering knowledge. This results in strong behavioural patterns and produces long-lasting cybersecurity improvement. It offers serious and practical content, delivered as a series of interactive exercises fine-tuned to meet the business needs and time/format preferences of different organisational levels: senior managers, line managers, average employees.
Its real-time measurement, painless programme management and purpose-built training software delivers automated training assignments, skills assessments, and reinforcement through repeated simulated phishing attacks and auto-enrolment in training modules. Courses can be managed and delivered by Kaspersky Lab partners or by the customer’s own T&D teams (Train-the-Trainer programmes and support are provided by Kaspersky Lab).
Print this page | E-mail this page
Discover the future of engineering today
Download a copy of our digital magazine