Cyber security: on which five fronts should your company be (even) more careful
Not cloud, not data and not digital. According to this year’s Gartner survey of chief technology and IT directors in Europe, the top investment priority in 2022 is cyber security. It’s a market that’s expected to earn $159.8 billion by the end of 2022 and reach $298.7 billion by 2027, according to Statista forecasts. Firewall, identity theft, malware and ransomware are some of the terms that have become commonplace in every company’s risk playbook in recent years, with the number of attacks constantly increasing and the need to create a culture of cyber hygiene.
For Aruba’s country manager in Brazil, Antenor Nogara, the hole is even deeper and there are gaps in the threat packages that we haven’t covered yet. Vulnerabilities arise from the digital transformation that has taken place in the world in recent years, and that is why we still do not see all the risk possibilities that new technologies bring to companies. Aruba, a subsidiary of Hewlett Packard Enterprises (HPE), takes care of security in institutional networks, and has the Pentagon (US Department of Defense) as a client.
Nogara told DINHEIRO that today the key thing is to educate employees and spread this in their culture. These practices help prevent social engineering attacks, also known as phishing, where the fraudster uses the user himself to gain access to sensitive information and data. But that is only a small part of the company’s role. The executive authority states that it is still necessary to strengthen the networks connecting computers and data centers, which, along with the digitization of business models and remote work, are not only protected by computer antiviruses. “Working from home employees are like having an extension of the corporate network in their home,” the CEO said. Networks are the closest point of contact between users, devices and databases, and this is where companies’ main vulnerabilities lie.
From these situations, a control barrier is needed, consisting of a layer of software that filters connections and information traffic. In practice, it’s a ‘don’t-trust-anyone-until-they-prove-it’ program. Artificial intelligence is used for this monitoring in a scalable way, both for the business sector and for public institutions, another major target of cybercrime.
For Nogara, other threats can also arise from the Internet of Things and Bodies (IoT and IoB), which are “very vulnerable to attack.” The same applies to mobile devices, smartphones, smart watches and others. As a final message, it can be said that with the advancement of technologies and their daily use by corporations, with more and more remote work or third-party work in streams, digital security will increasingly depend on a combination of strengthening security with education from associates.
5 BIGGEST THREATS
Concentration of workloads in data centers
As much as the cloud is a more secure and restricted place, it is not a guarantee that there will be no data security threats. The solution is the logical division of the data center into different network segments, with the aim of limiting as much as possible the network space used by an external user when accessing or managing the data center remotely, minimizing the impact of an attack.
User and device privileges
When accessing a device from a user or profile, the user will have privileges and personalized access, defined by the default settings of the device or the organization that makes it available. If they are not set up correctly, the user can gain access to sensitive information that they should not have access to, leading to leaks and other risks. It is essential to limit the privileges of users and devices so that they can only perform their functions, reducing data exposure to a minimum.
Internet of Things Security
IoT security is critical due to the amount of potential threats to networks. IoT devices are highly vulnerable to attack and are connecting to networks in increasing numbers. They need visibility and control, and organizations need to understand the resources needed to secure their IoT ecosystems.
Personal devices are the gateway to corporate systems. IDC predicts that 1.38 billion smartphones will be sold in 2022, a growth of 1.6% compared to 1.36 billion in 2021. Addressing this challenge requires practices and tools such as mobile device management (MDM) platforms, authenticators, and data loss policies.
Security transformation in wide area networks
With the increasing migration of workloads to the cloud, it is necessary to rethink the architecture of wide area networks and how to ensure security in communication from the edge (users) to the cloud.