Managing the Cybersecurity Threat Landscape with a Standard Approach

Research by PwC revealed that 87% of consumers would take their business elsewhere if they didn’t feel able to trust that their data was being handled responsibly.

Protecting data is business critical to organizations throughout the world – especially in light of the shift towards homeworking in recent months. Indeed, industry 4.0’s rapid digital transformation has encouraged the rise of data-driven cultures in millions of businesses, with technology, media and telecoms (TMT) businesses often at the forefront of technological advancements – which has helped many remain resilient despite recent challenges.

With increased opportunity however comes increased risk. For some companies the speed of development has outpaced the organization’s ability to effectively protect data from the ever-evolving threat landscape.

For TMT businesses, common threats include:

Vulnerable devices: As flexible working has become the norm, more employees are accessing corporate data from personal devices and therefore increasing risk. According to Symantec, around 24,000 malicious mobile apps are blocked every day, and network security company RSA found that attacks from rogue mobile apps have increased by 300%.

Cloud security: TMT organizations invest large sums of money to utilize cloud based-solutions, so employees can store and share data safely, which has helped enormously in recent months with a drive towards home working. The increased mobility this offers enables teams to work from anywhere at any time, increasing efficiency whilst reducing expenses. Analyst firm Forrester predicts that the worldwide cloud computing market is expected to grow to $191bn, up from $91bn in 2015.

However, an unsecure cloud platform can leave an organization vulnerable, especially if the service stores or allows access to all the user’s website and cloud service credentials.

Internet of Things (IoT): From sensors located in production systems and delivery vehicles to algorithms to monitor the performance of products, IoT devices have revolutionized the way companies operate and understand their customers and products. In fact, research from network security business Juniper estimates that the number of IoT sensors and devices is set to exceed 50 billion by 2022.

However, organizations are already mindful of IOT-related threats and their potential impact. To combat this threat, companies will need to ensure that their devices are securely configured. Many IoT risks are a result of devices developed by manufacturers with a preference for ease of use rather than security, making them potentially vulnerable to an attack.

Social engineering and phishing: Without adequate training, workers can unwittingly put company data at risk if they fall victim to social engineering, phishing and social media malware. According to PwC, current employees play a part in more security incidents than all other parties, accounting to 30% of all incidents.

Supply chains: The Ponemon Institute found that 56% of organizations have experienced a security breach that originated via a supplier. TMT companies with global, complex supply chains seem particularly at risk. It’s essential therefore that organizations implement processes and controls designed to minimize these risks, including working with suppliers to ensure that data is kept safe.

A Standard Solution

Working towards and being certified against an internationally recognized standard can help businesses demonstrate the effectiveness of their Information Security Management System (ISMS) and develop the right controls and products to meet the needs of key stakeholders. It also provides an assurance that security issues are being addressed in accordance with best practice.

ISO 27001 provides a best practice framework to identify, analyze and then implement controls to manage and mitigate risks

It defines the requirements businesses need to address to implement an ISMS and against which an organization will be audited during the certification assessment. The specification includes the common elements of all management systems: policy, leadership, planning, operation, management review and improvement. It also contains a section specifically aimed at identifying risks to information and the selection of suitable controls enabling the organization to compare their selection to best practice (Annex A). So application of ISO 27001 will give any organization guidance on how to best mitigate the threats listed earlier.

Ultimately, third-party certification against ISO 27001 shows that an organization takes information security seriously and provides a competitive edge to win new business and retain existing customers. For companies operating in the fast-moving TMT space, adequately protecting data isn’t optional – it’s expected and vital to future success.

For more information on ISO 27001 certification, visit here.

Brought to you by

What’s hot on Infosecurity Magazine?