… data breaches ran at a record pace in 2019, with almost 4,000 publicly disclosed breaches exposing over 4 billion compromised records.
If 2019 is any indication, it is clear cyberattacks pose a real danger to businesses – regardless of size or industry. According to a QuickView report, data breaches ran at a record pace in 2019, with almost 4,000 publicly disclosed breaches exposing over 4 billion compromised records. Shockingly, this is only in the first half of 2019. If we look into Asia-Pacific, a Trend Micro study revealed more than 55 million malware attacks have occurred in the region, with Malaysia (29.6%) at the top, followed by Singapore (19.8%) and Thailand (16.4%).
The good news is that more organisations are taking measures to better secure their systems. But with cybercriminals evolving from ‘opportunists’ to ‘strategists’, using more sophisticated methods with advanced software that is ahead of some organisations’ existing cybersecurity measures, businesses need to be aware some of the upcoming threats to ensure they’re taking the right steps to mitigate security challenges in the coming year.
Internal users will continue to be the biggest threat to organisations
… the biggest cause of breaches remains the errancy of people within the organisation.
All too often, businesses fixate on external threats, while the biggest cause of breaches remains the errancy of people within the organisation. This sentiment was echoed in SolarWind’s cybersecurity survey that revealed 65 per cent of all cybersecurity breaches were due to internal users, and this is only set to increase in the coming 12 months. Almost all (99 per cent) of respondents were concerned that human error will put the company at risk and worried about assets and IP falling into the hands of malicious employees.
To minimise these threats, implementing strong HR policies would be an excellent foundation. For instance, employees who need access to high-risk assets or data would require a more thorough background check during the hiring process, to avoid unnecessary risk. Another example would be to put in place regular employee training to ensure basic cybersecurity hygiene, reducing the risk of accidents.
… put in place regular employee training to ensure basic cybersecurity hygiene, reducing the risk of accidents.
Second, businesses can mitigate these problems through proper management of user access rights and permissions. Ensuring the “principle of least privilege” – a practice that dictates that only necessary privileges and permissions are granted to users to perform their duties – is the organisation’s guiding principle in mitigating potential problems. To avoid excessive permissions, businesses should consider implementing template-based user provisioning, which creates consistency and reduces risk.
Taking the necessary steps to ensure threats do not materialise in the first place is always the best practice. After all, prevention is better than cure.
Time and costs remain roadblocks for cybersecurity professionals
We’ve heard of the phrase “money is time”, and “time is of the essence” – these phrases could not be truer for IT professionals. According to SolarWinds’ latest IT Trends Report 2019: Skills for Tech Pros of Tomorrow. IT professionals in Singapore indicated that they were most hindered by two key factors: time and cost.
- TIME: Over 85 per cent of IT pros say their day-to-day tasks often impose on any time they’ve set aside for any form of upskilling. Often, menial tasks are performed manually, and this lack of opportunity to regularly set aside time for upskilling ultimately impacts how adequately cybersecurity tasks are dealt with.
- COST: IT professionals have prioritised the development of skills in areas like artificial intelligence (AI) and big data analytics in the next three to five years. However, due to the lack of improvement in organisational budget constraints, most IT professionals polled say they will be unable to confidently manage future innovations, as a result of the lack of exposure to the opportunities that allow them to develop desired skills. Further, organisational budget constraints not only create a roadblock from a personal development standpoint, but it also prevents IT professionals from investing in the right infrastructure and tools to deal with cybersecurity tasks well.
The coming year will only see more advanced attacks from hackers, and businesses need to ramp up their cybersecurity measures. All it takes is one moment of oversight for hackers to slip through the cracks. While technology has emerged as one of the levers to mitigate these challenges, if the results from our research are indicative of anything, it is that cybersecurity is not solely a technological problem. By taking a duo-pronged approach of providing proper training to employees and leveraging on holistic security systems, businesses can achieve full visibility to mitigate threats and achieve maximum efficiency with minimal downtime.
Featured image from Captain America: Civil War
Seen anything interesting? Tip us off.