Cyber-crime promises to be one of the biggest threats to Scottish businesses in 2016.
In fact, a recent report carried out by the National Security Council classified cyber-crime as a “tier one” threat to national security, alongside terrorism and international conflict.
Hyper-connectivity has brought us closer together, delivering a multitude of commercial benefits including flexible working and productivity on the move. Introducing these incredible new technologies into the working environment also creates opportunities for a more sinister breed of modern entrepreneur, the cybercriminal.
Our task as managed service providers is to protect businesses from outside threats. We use advanced tools and software to mitigate such risks, but determined hackers will stop at nothing to get what they want. I have outlined some of the online security challenges Scottish organisations may face in 2016.
We are hearing a lot about “social engineering” this year already. Put simply, this is a form of manipulation used by criminals to gain access to sensitive data, user credentials and company finances.
Social engineering usually involves a phone call or email that appears to be from a colleague, often the managing director seeking login credentials, bank account details or to facilitate the urgent transfer of substantial sums of money to a supplier or customer. Calls and emails will always address the individual on first name terms, and emails will usually be branded, making them difficult to spot.
Another successful tactic making headlines this year is ransomware. This type of threat typically arrives in the form of an infected email attachment (usually a Word document) that, once clicked, will shut down a user’s computer and encrypt program files, rendering the machine useless. A ransom message will then appear on the screen demanding payment in return for a decryption key.
The internet of things
The internet of things (IoT) consists of objects, devices and sensors that capture, store and share data, and are designed to improve quality of life for the user. It is an exciting development that allows us to control parts of our home, work and leisure remotely, saving money and promoting healthier lifestyles.
Manufacturers of the devices and apps that make the IoT work are working to tight schedules in a very competitive and fast-moving market, meaning security isn’t always top of their agenda. These products should be carefully managed to reduce the risk of introducing harmful malware onto the network.
We have seen more smartwatches and fitness bands in the work environment in the early part of this year. This trend is set to continue well into the next few years as performance, adoption rates and affordability increase. Introducing more devices into the work environment creates a larger attack surface for online criminals to exploit.
Invest in your people
By far, the biggest cyber-security trend we are expecting in 2016 is the role played by staff and colleagues. Human error is responsible for up to 95 per cent of all cases of cyber-crime. Invest in staff training to reduce the threat from inside your organisation. Developing HR policies such as onboarding and offboarding, and risk frameworks such as ISO 27001 within your business will raise awareness and improve methods of communication internally and externally to manage the risk and beat the hackers.
• Sean Elliot is managing director of Roslin-based IT services company Network ROI