The importance of cyber security will grow in importance for both businesses and individuals in 2019. With governments and companies reviewing their relationship with Huawei and well documented hacks like Equifax in 2017, protecting personal data is of greater importance to consumers and of how businesses collect, manage and score it.
More than just money
With the snowballing story of Facebook’s data ‘breach’ last year, it seemed like there might just have been a sea change in public attitudes to information privacy. It became apparent that people were deeply uncomfortable with the information that Facebook was collecting, from complete mobile call histories to phone numbers provided for security purposes – all of which was used to target ads.
Given this environment, security is almost inevitably front-of-mind for enterprise businesses – with breaches presenting a practically unlimited level of liability.
“As consumers, we are [excited] about the convenience that technology brings to life, without realising how much privacy we have to give up in exchange for the convenience,” comments Helen Yu, Founder & CEO of Tigon Advisory Corporation. We now live in a new era, she notes – where privacy is a human right.
An increasing priority
Historically, businesses have struggled to recruit security experts – some suggest because of an unwillingness to pay the salaries required. There are signs that is changing with CISOs stepping up and boards are finally taking cyber security threats far more seriously.
In the same way that digital has pervaded corporate culture via DevOps, there is widespread recognition that silos must be broken down and security must be built into every process and every part of the business. GDPR regulations are making organisations more responsible for the data they hold and are helping break down internal barriers that previously increased the risk of data infringements.
The ultimate challenge for security, though, is simply ensuring that it is used: if users don’t care or if they find security mechanisms excessively onerous, then they will likely bypass them.
“Oftentimes apps are designed and created by brilliant engineers who may not be practical users,” says Helen. “The disconnect creates challenges for adoption and usability. Companies need to know that there is a lack of basic knowledge on security best practice.” The key takeaway is to ensure that security measures are simple and easy to use – and to think about the challenge from the perspective of non-technical users.
The increase of IoT devices has opened up a new front to potential security breaches from poorly secured IoT devices to the multiple access points offered by the Digital Workspace. New technologies do offer some additional protection – coming with capabilities such as digital fingerprinting and AI tools that can recognise unusual patterns of use. “Businesses need to adopt security tools that leverage AI and machine learning to monitor for vulnerabilities and attack vectors and produce prioritised fixes based on business impact,” comments Helen.
Creating unsecure data environments is through instilling good practice: ensuring access is allocated appropriately, that data is encrypted and that passwords are secure; and running periodic drills and resilience checks. Doing this effectively stems from good governance – organisations can only change and evolve if their leadership is fully committed to the process. With security baked in from the beginning, the digital future can be a secure one.