The exponential rise in connected devices promises numerous opportunities for the private and public sectors – new business models, better ways of interacting with customers and citizens and the potential to both increase productivity and drive down costs.
But hand in hand with this proliferation is another less welcome expansion.
There has been a rapid acceleration in security threats exploiting this surge in connectivity to breach organisation’s cyber defences. If those defences even exist.
Because regardless of the advancement in network security tools and policies, many companies still struggle to protect their networks and environment from attacks.
Technology has developed so rapidly – and the sophistication of security threats with them – that organisations are scrambling to find the right security solutions they need to keep their assets safe.
As the threat continues to increase, we believe a more proactive approach to security is vital for the survival of small and large businesses alike, with three key areas that organisations need to lock down as a priority – endpoint devices, networks and the Cloud.
By the start of 2018 there were more than 27 billion connected devices globally, a figure expected to grow to 125 billion by 2030.1
2017 saw a 164% increase in cyber attacks worldwide
Yet according to some studies, 2018 rapidly eclipsed that with a 250% increase in spoofing or business email attacks and a 350% surge in ransomware attacks2.
(It was in 2017 that Gartner predicted ransomware would quickly become a real and significant threat to enterprises, and they were not wrong. It is now the favoured weapon for malicious actors.)
Companies using legacy technology are at a higher risk of attack
Particularly vulnerable are those companies still using legacy technology. This is typically found in the Public Sector, which is a challenge as these organisations frequently hold precisely the sensitive and personal data that is of the greatest value to cyber criminals.
They are also the organisations most likely to be working with limited IT budgets, yet security still needs to be at the top of their agenda.
In the UK, PwC estimated that the annual average cost to UK firms that fell victim to a cyber attack in 2018 was £857,000. (For American businesses the US Securities and Exchange commission put this figure even higher with the average cost of a data breach rising from $4.9million in 2017 to $7.5million in 2018.)
Even then, what’s often not counted is the additional cost of enforced employee idleness as damaged networks and comprised computers leave them unable to work.
And apart from all the inherent business dangers of a security breach, there is also the reputational headache, something felt keenly by a number of organisations in 2018.
Ticketmaster, Facebook, British Airways, Dixons Carphone, Yale University, Air Canada, T-Mobile and Google all suffered attacks
According to PwC’s 2018 Global State of Information Security report3 a quarter of businesses don’t know how many cyber attacks they’ve had and a third don’t know how they’ve happened.
While the majority (64%) of the UK organisations it surveyed do have an overall security strategy in place, the country continues to lag behind the global state of preparedness.
Most notably UK boards are less engaged in the fight. Only 34% of boards are actively participating in their company’s information security strategy compared with 44% globally.
All of which points to there being yet more organisations can do to adopt the proactive approach essential for their cyber security – security that will only face increasing pressure in coming months and years.
1) technology.ihs.com 2 ) industryweek.com