Cyber security is as hot of a topic as there is out there right now. And that isn’t likely to change anytime soon, or possibly ever, as it is estimated that 75 billion devices will be connected to the internet by 2025. This is a matter that touches each and every one of us in our business and personal lives. If properly addressed, being surrounded by connected devices can significantly enhance our existence and elevate what we’re all capable of accomplishing. But if not taken seriously, the ramifications could cause significant hardships and bring our ambitions to a screeching halt.
The Internet of things (IoT) gives us the ability to share more information and get additional value from the equipment that we use every single day. The downside is, it also gives criminals the capability to manipulate our devices for financial or personal gain. With “ransomware”, the assailant locks you out of your system until you agree to his or her demands. And with “hacktivism”, people will assume command of your devices just to prove that they can. No matter a hacker’s motive, the crushing results will leave you in the same dark place so it’s essential to take appropriate and thorough measures to protect yourself.
Cyber security expert Marcel Hill of Intertek offered solutions to combat these attacks during his Engineering Focus Session presentation at the Prime Advantage Spring 2017 Conference. Mr. Hill explained that each new connection brings both opportunity and risk for your core business. Hackers don’t even care about what your core business is, they only care about your data, your reputation, and your money. Hackers have the ability to know as much about your company as some of your subject matter experts, they can understand your networks and applications better than your technical teams, and they can decipher exactly how you make your money.
Millions of attacks happen every passing second as hackers are constantly scanning the internet through programs and robots designed to identify and target systems connected online. Once the first system has been hacked, they move further into the organization until they get to the people and data that they need, resulting in reputation damage and potential litigation. Most frightening, the average cost to an organization for a single breach is $4 million.
The key to preventing this fate without suppressing your ability to do what you do is visibility and understanding. Companies need to first see what the hackers see by shrewdly investing in risk reduction and enable cyber risk management programs with a favorable return on intelligent risk investment. This will allow the business to understand its cyber risk so that it can take action to quickly prevent an attack while also minimizing the damage of future attacks. This can be done in a variety of ways; some examples include:
- FIPS 140-2
- Common criteria (ISO-15408)
- ISO 27001 & 27002 (evaluations and trainings)
- NIST cyber-security framework
- FDA / CDRH guidelines
- Physical and digital security
- Encryption and authorization review
- Web, mobile, and cloud interface
- Update and security policies
Application Security Testing
- Standard (automated) – Level 1 threats
- Customized – Level 2 & 3 threats
- Active breaching/hacking
- Progressive methodology
- Infrastructure and system focused
- Supporting compliance requirements
- Data integrity
- Network, system, and application focused
- Supporting legal and regulatory requirements
Security Reviews and Threat Risk Assessments
- Network security architecture review and design assistance
- Threat risk assessment
- Review or develop corporate security plans, and policies
Do you know how many of your systems and applications are connected to the internet? Well, the hackers do. They can scan repeatedly until they find you and then locate that one weakness that will allow them to penetrate your business. By being proactive now you can stifle these goons and keep leveraging these empowering technologies to enhance your quality of life and profits.