Cybersecurity has remained a priority for enterprises within varying sectors, due to the ever-growing reliance on technology. Countless data breaches and cyberattacks are living proof that cybercriminals are becoming more sophisticated with their tactics. This, combined with many organisations using digital platforms more than ever before, means it has never been more important to address security measures.
In fact, research has shown that 79 per cent of organisations were hurt by their lack of cyber preparedness in 2020, with 13 per cent of businesses not having any email security in place at all. Approaching the latter half of 2021, it will be interesting to see which areas of society have been impacted and why.
The rise in agile working
When remote working measures were implemented last year, the UK saw around five million people working from home in the United Kingdom. With this, cyber risks significantly increased, due to many individuals utilising non-standard email or new, instant, and unfamiliar messaging systems. In addition, many used new equipment, which failed to properly filter out emails carrying threats.
Some employees were also tempted to use public Wi-Fi, as lockdown restrictions began to ease, but flexible working was still in place. In cases such as these, not using a virtual private network (VPN) can leave members of staff exposed to what is known as ‘man in the middle attacks,’ which pose as fake Wi-Fi hotspots and can gain access to the device.
Protecting patient data
Within the healthcare sector, there have been numerous conversations around the safety of patient data. Although accessing medical records online has the potential to give patients more control over their health and care data, it has raised some concerns from a security perspective.
The move to an online app to manage this does seem like a natural progression, but there is a difference between having computerised records within the healthcare IT infrastructure and having those records reside on a public facing server. Having records in-house limits the range and type of access – it’s far more difficult for remote hackers. There are techniques that healthcare organisations can use to reduce the risk of data breaches, such as an ‘opt in’ option, so patients can decide whether their medical information is moved to a public facing server.
It is almost impossible to completely secure data until the healthcare sector achieves correct implementations of ‘homomorphic encryption,’ which is a form of encryption that makes it possible to analyse encrypted data without it being decrypted first. Ultimately, the industry must maintain effective security protocols and policies for years to come, by increasing the amount of IT security staff and consistently training hospital employees in cyber skills.
Disturbance in banking
Currently, the biggest concern within essentially every industry is ransomware. However, recent research has shown that the banking industry has been disproportionately affected, experiencing a 1,318 per cent year-on-year increase in ransomware attacks in the first half of 2021.
Once a device is infected, it typically encrypts all documents and any attached network drives or backups and the only solution to most of these is to pay the scammers. At this moment in time, it is the deadliest scam and will continue to play a huge role throughout society due to the rise in cryptocurrency, which allows scammers to remain anonymous.
There are usually three major attack vectors that financial organisations should consider. Firstly, it is important to address the personal security of individual members accessing their accounts. The second is the security of tools, which are needed to access these accounts, and the third is the institution internal team, who access back-end servers and the internal network. It is paramount for the banking sector to impose strict security requirements online, which includes requiring strong passwords and implementing two-factor authentication.
To stay as protected as possible from cyber threats, organisations within every industry must ensure they have a holistic understanding and approach to cybersecurity. IT teams must view it as an organisational-wide risk issue along with the legal and regulatory implications of cyber risks.
Written by Kevin Curran
Kevin Curran is a professor of cybersecurity, executive co-director of the Legal Innovation Centre and group leader for the Cyber Security and Web Technologies Research Group at Ulster University. His achievements include winning and managing UK & European framework projects and technology transfer schemes. He has also made significant contributions to advancing the knowledge and understanding of computer networking and systems, evidenced by more than 800 published works. Regarded as one of the top cybersecurity experts within the UK, he regularly comments on the latest technological developments and cyberthreats, including the Internet of Things (IoT) and smart devices, cryptocurrency, phishing-attacks, and ransomware.
Article by [author-name] (c) Irish Tech News - Read full story here.