New technologies, new threats

New technologies, new threats

Monday, 17 december 2018 | Redacción CEU

Companies have to look inwards in order to face the adaptation process that new technologies require. This is a deep and meaningful change in mindset that should be as critical as constructive. Only in this way will they succeed in achieving an important and complex goal: fitting in a work model which is experiencing a constant evolution. This effort to deal with the current business metamorphosis in the right way is not useless. On the contrary, it promises great advantages such as reducing costs, increasing productivity and profitability, attracting the best talent and driving innovation. But, in the same way that it brings great benefits, it also implies certain risks. Now, more than ever, companies have to pay special attention to digital security. This transformation process involves confronting new threats which were until now unknown. Which are these threats? What guidelines should companies follow to deal in the best possible way with the cybersecurity challenge?

 

According to Incibe, Spanish National Cybersecurity Institute, in 2017, there were 120,000 security incidents in Spain. 116,000 of them were related to citizens and companies. It is important to note that these figures only refer to the incidents that were registered. This fact does not mean that they represent the total amount of incidents nor that all of them were cybercrimes.

Another study which is more recent, the Norton Cyber Security Insights Report 2018, states that 33% of Spaniards have been victims of cybercrimes. According to this study, Spain occupies a striking third place in the world ranking of cyber-attacks (behind countries like the United States and the United Kingdom). In fact, some media point out that, according to these data, suffering a cyber-attack is more likely to happen than having an allergy. So, it is not surprising that companies are increasingly worried about the cybersecurity challenge, since the threat is proportional to the level of development of these new technologies which, obviously, do not stop growing.

Small companies are also exposed to big risks

It is not true that just large companies are vulnerable to attacks. In fact, small firms tend to be more exposed. From a small craft business to a prestigious bank, they may be susceptible to being placed in the line of fire of cybercriminals. These attacks are not usually governed by aspects such as business volume, fame and economic prospects, but rather by how vulnerable and exposed to attacks some companies may turn out to be. On the other hand, the most devastating consequences do not necessarily have to be economic (although, of course, they can amount to millionaire losses), they can also be reputational and legal.

95% of incidents in cybersecurity are due to human mistakes. This is the percentage that was revealed in the report IBM X-Force Threat Intelligence Index 2018 (a study which was carried out by several IBM security researchers). Cybercriminals take advantage of the naivety, lack of attention and lack of information of users to obtain valuable information and develop all kinds of tactics and trickeries. This practice is known as social engineering. Therefore, if companies do not want to expose themselves to these threats, they should pay special attention to training employees in cybersecurity properly and warn them about the risks that they may face.

 

New technologies, new threats

Some advice for companies on cybersecurity

Companies not only digitalize and automate processes, they store thousands and thousands of data that travel through their wireless networks and the Internet. Not taking the right measures in cybersecurity is a mistake that may have serious consequences. Below, we offer some tips with the aim at helping both large and small companies, in order for them to be able to face the challenge of cybersecurity successfully.

  • Correcting bad habits in passwords. This is one of the most sensitive aspects and one to which  companies are exposed the most (also individuals). A combination of four numbers or characters is poor and vulnerable to attacks. OSI (the Spanish Office of Internet Security) advises creating passwords with alphanumeric combinations, punctuation, capital letters and lowercases in order to make the "work" of cybercriminals more difficult.
  • Creating and implementing sound cybersecurity plans. Not only is it necessary to invest in security, it is also important to stress the significance of compliance with regulations (such as the GDPR) and to develop internal policies and organizational plans that are capable of protecting companies. Cybersecurity requires an analysis of vulnerabilities and a comprehensive approach.
  • Training and making users aware. One of the best formulas to combat any type of security incident is teaching employees good digital practices. The more frequent these trainings, alerts and communications on cybersecurity are, the fewer incidents will occur.
  • Keeping up with new trends in cybersecurity. In the same way that companies resort to technology to combat cybercrime, cybercriminals will also use it to devise new ways to find vulnerabilities and hack into companies. The effort should be continuous and not on a one-off basis. Business cannot resort to old tools to combat new threats (baiting, vishing, vaporworms,...).
  • Knowing how to react to a crisis. It will not be always possible to avoid an attack. Companies should design action plans which enable companies to minimize the impact of a possible attack or incident. For example, developing a good communication plan to alert both employees and customers when an attack occurs quickly and effectively.
  • Making backup copies. Not counting on them means exposing companies to very high risks. When an incident happens, it is a great relief to be able to recover all the information which was stored. It is also important to bet on other prevention mechanisms such as certification and encryption for sensitive information, multi-factor authentication, the updating of operating systems and antivirus and the protection of WiFi networks.
  • Hiring a security manager. Undoubtedly, this will be a great support to combat threats on the Net. In fact, there are companies that resort to the hiring of "hackers" to fight fire with fire. Of course, the integration in the team of a security manager helps, but it does not turn companies into invulnerable organizations. Threats should be combated with integral strategies.

At The CEU IAM Business School, we are aware that a business environment which is experiencing such a quick pace of change needs professionals who are up to the challenge. This is the premise that has led us to design our Executive Development Program. Become one of the professionals that leads the digital transformation process of your company.

 

This website uses cookies.

This website uses cookies to analyse our traffic, customize content preferences and provide social media features. It also shares information about your use of it with third parts (analytics, social media and advertising). You can edit our cookies' usage in this configuration page.

Accept all cookies