how cybersecure are you

How cyber secure are you in 2020?

Cybersecurity is one of the biggest issues facing companies today. The last few years have witnessed some high-profile cases of cybercrime - from massive data breaches to flaws in microchips and cryptojacking[1]. Attacks are both more and more frequent and increasingly sophisticated.

Experts predict that this year the number of connected devices in circulation worldwide will hit 200 billion[2]. Our ever heavier reliance on technology, the vast quantities of data now communicated, and the extra risks generated by people working from home in the era of COVID[3] are conspiring to make 2020 a potentially bumper year for cybercriminals. 

What’s on the agenda for cybercriminals in 2020?

Currently, one of the biggest cybersecurity challenges facing organizations is cloud vulnerability. Companies are leveraging cloud applications more than ever before and storing sensitive data related to their employees and business operations on the cloud. Forbes predicts that 83% of enterprise workload will be on the cloud by the end of the year[4]. Data breach, misconfiguration, insecure interfaces and APIs, account hijacking, malicious insider threats, and DDoS attacks are among the top cloud security threats for companies[5].

Other types of scam set to cause problems for organizations as the year goes on are cyberattacks in the form of complex and adaptive malicious software. AI fuzzing and machine learning poisoning are set to create huge problems.

Yet the biggest weak link for many companies remains its people. Lack of employee knowledge and awareness of cyber scams represent a major risk today. So-called social engineering attacks like phishing, which trick victims into sharing sensitive information such as logins and credit card information, are rife. Verizon’s 2019 Data Breach Investigations Report [6] states that this effective, high-reward, and minimal-investment strategy remains the number one cause of data breaches globally.

Along with its younger brother, SMiShing or SMS phishing, which uses messaging platforms such as WhatsApp to trick users into downloading malware on their phones, it looks set to pose problems for organizations throughout 2020 and beyond.

Fighting back with a management system

Organizations can protect themselves from cybersecurity issues by implementing an information security management system (ISMS) compliant with an internationally recognized standard such as ISO 27001.

It helps organizations strengthen data security and mitigate the risk of data breaches. It addresses asset management, operational security, access control, incident management, human resource security and physical security. By following the best practices laid out in ISO 27001, companies can tackle security risks, protect sensitive data, and manage their security programs. To go one step further, they can certify their ISMS, thereby demonstrating to the outside world that they take information security seriously.

Moreover, with the ISO 27701 data privacy extension now available, there is no time like the present to implement a rigorous and compliant system. The extension’s goal is to enhance the existing ISMS in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).

Cybercriminals can be agents of immeasurable disruption for the organizations caught in their crosshairs. But cybersecurity is all about staying ahead of threats rather than managing them later. By implementing a thorough, up-to-date and compliant information security management system, organizations can thwart criminals’ attacks and keep themselves and their stakeholders safe.

FURTHER READING