Top 5 security vulnerabilities are always the same

The research and analyst firm techconsult issued a summary of the five major security vulnerabilities in SMEs and public organizations in Germany at the start of 2017. Their annual study Security-Bilanz Deutschland reviews IT and information security based on a representative survey of more than 500 interviews in companies and non-profit organizations. The results are sadly not that surprising each year. Although the organizations surveyed are aware of the problems and have the resources to deal with them, unfortunately they either approach issues through the wrong channels, inconsistently or too late.

Mitigating Retail Vulnerabilities

The threat of cybercrime against retailers is ever present. According to the 2016 Global Threat Intelligence Report, retailers are the top targets and receive up to three times the number of attacks as second placed financial institutions. Around 70% of retailers in Europe admit to being targeted while 45% of the attacks are known to have been successful. In the past 12 months, the US retail sector has also seen repeated attacks on electronic point-of-sale (POS) systems as well as consistently high volumes of phishing emails aimed at tricking insiders into giving access to corporate networks. With online takings expected to account for 21% of overall sales in 2017, cybercriminals will continue to try and profit from any vulnerabilities they can find in retail systems. To counter this, retailers have a variety of mitigation techniques available to them including VPNs. The best security remains multi-layered since no single technology can nullify all threats at all times.

The IoT gateway next door

Internet of things products are small, networked and unfortunately have almost always little or no security. Sometimes this is down to a lack of willingness by the manufacturer but it is also partly due to the nature of the product – small and light also means that these devices have few resources for complex security features such as encryption and packet inspection. This leads to vulnerabilities, numerous attack vectors and ultimately to a bot device which can be abused by almost anyone. Following the latest large-scale attacks that primarily use IoT devices as a digital army there is a loud demand from those who want more legislation and governments to get involved. In a hearing before the Committee on Energy and Commerce of the US House of Representatives, the security guru Bruce Schneier stated that “catastrophic risks” would arise through the proliferation of insecure technology on the Internet.

Protecting virtual worlds of data in motion

In 2017, 69% of all applications will reside in the cloud according to Cisco. As we rely increasingly on benefits made possible by further advances in Industrial Internet of Things (IIoT) and mobile devices, it’s a statistic that will continue to rise. The challenge for enterprises today is how to protect data as it streams constantly between physical mobile/IIoT devices to virtual repositories in the cloud and back again. Until corporate IT departments fully manage and stay on top of security, large breaches will continue to make the headlines. Statistics revealed in the Ponemon Institute 2016 Global Cloud Data Security Study show there is still much to do. The study found that nearly half (49%) of cloud services in the enterprise are outside corporate IT’s domain, while around 47% of corporate data stored in cloud environments are not managed by the IT department.

Mobile Banking Apps: How Safe are They?

Mobile banking apps are set to revolutionize how we bank. According to KPMG, the number of mobile banking users globally is forecast to double to 1.8 billion over the next four years. In the UK regulators have announced new rules to let customers access details of their entire finances through a single mobile phone app by 2018. In the US mobile banking industry, technology has yet to overcome fundamental trust issues but the idea is starting to take off among financial services consumers. The banks and financial institutions are working hard to make their mobile apps as secure as possible. User behavior meanwhile has some catching up to do. For example, connections to free and unsecured Wi-Fi are open and vulnerable to fraud. To reduce security risks, it’s a good idea to use a virtual private network (VPN). This is a tried and tested way to secure the connection and encrypt all data transferred between the mobile device and the bank.

IT security in the health sector

More and more devices in doctor’s offices and hospitals are connected to networks. Diagnoses and therapies are now stored digitally at hospitals, laboratory reports are transmitted over the internet and hospitals and health insurance companies communicate digitally. As these systems process highly sensitive patient data, they must meet extremely high security requirements. This has not always worked in practice with incidents occurring on an annual basis (1). The cost of ransomware attacks – which have recently increased sharply in the health sector – are extremely high. In February 2016, blackmailers demanded USD 5.77 million from a hospital in California.