While banks and financial institutions have a lot to lose financially, people tend to forget how much Personal Identifiable Information (PII) smaller organisations hold and just how valuable that is! Think of all the PII a school holds on its staff, students, parents, past students, creditors and the wider community!
What do we have of Value?
Over recent months, we are seeing examples in the United States where schools and small businesses are being hit with ransomware and crypto-lockers, and if you look at who suffers the consequences of a breach like this, it’s not just the organisation, but potentially everyone connected to that organisation. Recent incidents highlight that security leaks can happen and can damage the reputation and security of an organisation. Security breaches aren’t necessarily about breaking a system or bringing down a network these days, it’s more about gaining information or opening a door to your information as it is the most valuable asset you have!
"Security breaches aren’t necessarily about breaking a system or bringing down a network these days, it’s more about gaining information"
Times, they are a changin’
People think that hackers are the only people who will pose a risk to their organisation, but the Threat Landscape is so different now that hackers are such a small part. With the prevalence of state support groups, cyber terrorist, insider attacks, and now ransomware, external hacking is only a small part of the risk.
Across all industries, we are now seeing attacks from within an organisation being more prevalent than ones from outside. Recent statistics show that the internal security risk is more prevalent, not because of malicious intent, but because companies now allow staff to bring their own device to work (BYOD). While BYOD can reduce device cost, and empower employees to choose a device that suits the way they work, these devices are more difficult to secure and open up an organisation to internal threats. It’s hard to say to an employee that ‘just because we trust you, doesn’t mean we trust your device,’ but it’s never been more true! Any infection their BOYD has, creates the potential to compromise your organisation’s IT security.
Every organisation needs a Security Audit, Vulnerability Assessment and/or a Penetration Test to evaluate their risk. These measures will identify holes you didn’t know about, or highlight things you have missed, it’s information that is vital to improving your security controls. If you are never tested, how are you to actually know?”
- Trackback Link
- Post has no trackbacks.