Digital transformation is a hot term as companies attempt to leverage new technologies to improve the way they do business. But how can organizations—and executives in particular—protect themselves from cybercrime in this digital era?
The Internet of Things (IoT), Artificial Intelligence (AI), and robotics process automation. Pick any of those technologies and you’ll find companies transforming at an astounding rate. Businesses empower tech which gives them more power right back—but change can come with risks that are slower to be understood and accepted.
One of the greatest transformations is how attitudes have changed toward security. The evolving responsibilities placed upon companies as digital integration accelerates mean cybersecurity has stepped out of the IT backroom and into the boardroom. Today, the highest levels of management can no longer turn a blind eye to the reality of cybercrime.
Survey data from the Conference Board shows that American CEOs have been “rattled” by the reality of cyber threats, ranking cybersecurity as their foremost external concern. Is that awareness manifesting as an action?
The gap between cyber-awareness and cyber-action
A Deloitte report reveals that 96 percent of CEOs, managers, and board members acknowledge the looming cyber threat. The IoT was their first worry closely followed by AI, yet as few as 23 percent are highly engaged in active security changes. The main reason wasn’t reticence—it was ignorance of the threat landscape and how risks interconnect.
CEOs are a solution and part of the problem
The major shift in CEOs’ perceptions of cybersecurity can be partially attributed to care for their bottom line, but it’s also quickly becoming an act of self-preservation.
Businesses large or small must accept that their highest-ranking personnel are increasingly a prime target for cyber-criminals. Their powerful status and high-level access are obvious reasons, but IBM research also notes a generational knowledge gap which can be exploited (top-level employees are often older and more removed from technology and its threats).
When the most powerful business people wake up to cyber threats it’s a change that positively reshapes their entire company’s security attitudes. We recommend the following steps to adapt to changing security needs.
Executive threat education
Companies won’t last long if the board thinks security is a “rank-and-file” responsibility. CEOs must become proactive in their own protection by accepting their high-risk status and educating themselves on best security practices in their professional and even personal lives; the threat of doxxing, for example, is a cruel but common way in which criminals manipulate executives for information.
Increasing off-site security while traveling
High-ranking employees have equivalently high-security access and are often required to travel for business—a potentially disastrous combination. A lot can go wrong, from physical threats to device theft/leaving a laptop or cell phone behind to digital dangers like using convenient but unsecured local Wi-Fi.
Threat protection experts recommend secondary “clean” devices be used for the duration of the trip. They’re termed “clean” because they’re not the businessperson’s main device, which is typically loaded with sensitive data on operations and clients. The less a device has on it, the less of a liability it is. All data should be stored on hardware-encrypted drives or transmitted via Virtual Private Network (VPN).
Even these data-light devices should be treated as risks when they return home. A thorough wipe is further recommended by travel-threat specialists before the device is re-used or connected again to the business network. In a sense, we’re always traveling whenever we use an internet-connected device on an unknown network.
Securing the IoT and guarding against the risks of AI
Businesses want to protect an $832 billion investment. That’s what the IoT and AI are projected to be by 2020, according to projections from PwC. A staggering amount of data will be flowing between businesses, estimated at 180 zettabytes (180 trillion gigabytes) annually.
It won’t be just the hardware and devices that are vulnerable, either—the very building the business operates in will gradually become “smarter” meaning hackers could conceivably attack or lockdown doors, lighting, HVAC, fire alarms, and more.
Basic hardware and software maintenance and updates have never been more crucial than now. The definition of the IoT is a plethora of devices interconnecting to create a functional whole. One outdated OS on any of those devices and the security of the entire chain could be compromised.
It will be time-consuming for businesses to keep a constant eye on updates and read the fine print on apps to see what private data is being gathered, but the alternative is worse. Basics like strong passwords, firewalls, and anti-virus/malware are also vital, as are VPNs for data transmission and reception.
A major threat posed by AI is the Sybil attack where multiple fake identities are created by hackers to fool AI systems into undermining reputation systems used between peers. Put simply, a Sybil attack could ruin a business’ reputation through false reviews and allegations designed to influence an outcome (the recent election chaos reported to have been caused by Russian operatives was a Sybil attack). Sophisticated AI attackers can also manipulate audio and video to harmful effect.
These AI issues can be tackled through encryption algorithms and security keys alongside commonsense security like educated employees, protected devices, and a threat assessment and response plan. AI is currently the most vulnerable of all the transforming technologies. Businesses which rely on it even partially will need to keep a constant human eye on it—and be aware of how this technology can be employed by cyber-criminals to conduct attacks.
Today’s tips are only landmarks on the security landscape. Threats from insiders, phishing, social media and more are all out there targeting businesses. Connect with Absolute Logic and CyberGuard 360 for more education, and plan the solutions you need.
At CyberGuard360, our clients are guided safely through the threat landscape. Our wide array of services includes system security suites, risk assessment, education, training, and disaster recovery. Call 844-315-9882 or reach us via our contact form.