As well documented by the press in recent weeks, there have been several high profile recent IT security breaches at large corporates, most notoriously the recent data hacks at US dating platform Ashley Madison and TalkTalk, the latter reportedly costing over £35m to fix.
Ever-increasing use of cloud-based and mobile technology is opening up unprecedented vulnerabilities within organisations. Whilst mobile and remote working is now considered the norm, many employees are unaware of the threats they face. Danger areas include hotels, conferences, airports and shared computers. The targets for attack include smartphones, tablets, laptops and storage devices such as USB drives. In March 2015, Wired Magazine reported that researchers had discovered a vulnerability in hotel Wi-Fi routers allowing attackers to distribute malware, monitor and record data sent over the network. In response, IT application vendors are naturally seeking to enhance features of their security applications.
Microsoft is one example of a large trade acquirer that is actively snapping up emerging IT security businesses, having already made four acquisitions this year – Secure Islands, Adallom, Equivio and Aorato. In addition, Microsoft CEO Satya Nadella has recently stated that the business pumps over $1bn into security R&D annually including the launch of the Microsoft Enterprise Security Group utilising a worldwide network of security experts. Closer to home, Cisco announced its intent to acquire IT security consultancy Portcullis early next year to provide strategic guidance to their European client base. It is clear that larger players are investing in data protection, cloud-based service monitoring, forensic testing and vulnerability identification assessment tools to reduce the risks of cyber hacking.
In spite of this, SMEs in particular continue to be targeted by cyber criminals who exploit business owners who commit limited resources towards IT security and protection methods. PWC’s 2015 Information Security Breach Survey suggested that 74% of SMEs have suffered a security breach, up from 60% in 2014. In response, businesses need to invest in preventative methods such as implementing firewall and anti-virus software, using virtual private networks, controlling access with two-factor authentication and using stronger passwords.
Whilst it is inevitable that cybercrime will continue to grow at both ends of the scale, as more and more incidents hit the press, more organisations will invest in counter-methods and additional protection. After all, the best offence is a good defence.