Serious breaches of data regularly make news headlines, but it is not only celebrities under threat.
All companies must now take steps to protect themselves online and ensure their supply chain doesn't expose them to cyber-criminals.
A recent PwC report found that 81 per cent of large organisations and 60 per cent of small businesses had been the victim of a security breach in the past year. Another troubling finding was that the overall cost of a data breach had increased dramatically since 2013. Security breaches can have an adverse effect on cash flow, profitability and reputation. Not to mention the steep financial penalties which regulators hand out for negligence.
The dynamic nature of the cyber-threat means businesses seem constantly to be scrambling to keep up. To be effective, an information protection strategy must protect both externally and internally and must ensure there are no weak links in the supply chain.
Firewalls and other ruled ‘perimeters’ provide security against outside intruders, but these measures alone are insufficient. It is estimated that 80 per cent of data breaches occur because of human error. One employee can unintentionally compromise an elaborate protection network for something as seemingly minor as failing to change a default password.
The Information Commissioner’s Office, the data regulator, has released a report detailing the most common weaknesses which compromise systems. These eight areas are:
• A failure to keep software security up to date
• A lack of protection from SQL injection
• The use of unnecessary services
• Poor decommissioning of old software and services
• The insecure storage of passwords
• A failure to encrypt online communications
• Poorly designed networks processing data in inappropriate areas; and
• The continued use of default credentials, including passwords.
It is perhaps surprising how basic some of the weaknesses are and how easy it would be to provide adequate protection. Through effective staff training, many of these weaknesses could be averted.
It is essential businesses check IT security compliance among their suppliers, ensuring these organisations have robust policies and measures in place to prevent common security failures.
☛ Len Simmons is technical director at Altius Vendor Assessment