Infrastructure trends in 2016
Posted on 8 April 2016
Cybercrime is now a threat that everyone, from governments and large communication enterprises to SMEs, needs to take seriously. In fact, we believe it’s safer to think of your organisation in a position of continuous compromise.
This may seem like heightened language but the truth is, cybercrime is an increasingly attractive hunting ground for criminals and activists. It’s now all too easy to make money, cause disruption or even bring down corporations and governments through online attacks.
You need to be prepared for the unpredictable and have the tools to withstand unforeseen, high-impact events. Cybercriminals are always coming up with new ways to attack so it’s best to adopt proactive and creative stances – taking them on at their own level.
But what should you tackle first? Here is just one of the areas which we believe need priority status when it comes to protecting against cybercrime.
Mobile application and IoT
Smartphones are already prime targets for cybercriminals. But we’re now seeing a huge rise in bring-your-own-devices (BYOD) like tablets, laptops and USB sticks in the workplace, all of which are potentially vulnerable. According to research by Tech Pro Research carried out in early 2015, 74 percent of organisations are either already using, or plan to allow employees to bring, their own devices to work*.
Storing potentially sensitive work information on such devices can raise serious concerns if, for example, the employee’s security is poor, or they forget the device on a train or mislay it at the pub. Alternatively, your employee might be using consumer applications that introduce potentially dangerous strains of malware.
We recommend you address these potential BYOD issues before enabling employees to bring their own devices to work. The first step is to educate them on the importance of workplace security. They need to know how they should use their own devices and social media inside and, if relevant, outside the workplace. Your BYOD policy must define your processes and procedures to protect intellectual property and sensitive information. Everyone should know what happens if a device is lost or stolen, particularly in terms of back-up actions and responsibilities.
We’re also seeing an increase in demand for work and home mobile apps. A study carried out by Rackspace® Hosting found that 66 percent of UK and US respondents claim their employees are demanding more business-level apps, which they can install on mobile devices to access corporate IT systems**. To meet this increased demand, developers are working under intense pressure and on very tight profit margins. This means that security and thorough testing are often traded in favour of speed of delivery and low cost. There’s also a pressure to improve ease-of-use and have fewer security and login checkpoints to ensure a more fluid user experience. The net result is poor quality products that are more easily hijacked by criminals or hacktivists.
Striking a balance here is essential. If an app has a really poor interface, the temptation is to seek alternatives which could introduce other threats. The bottom line is, when it comes to handling information that could adversely impact people’s lives if stolen, compliance is the priority.
Over the next few months, we’ll be exploring more infrastructure trends we’re seeing in 2016. If, in the meantime, you have any concerns about the issues raised by this blog, please get in touch for some expert advice on security and disaster recovery.