Cyber-security remains a top priority for CIOs and CTOs, says a new survey from IEEE
Although the internet is an essential tool within almost every industry, organisations and individuals are still extremely vulnerable to data security breaches. Recent research1 has shown that many network breaches are caused by email phishing, which has increased by a staggering 350 per cent in just one year. Ransomware is also a huge concern. According to recent research2, Q3 2020 saw a 50 per cent increase in the daily average of ransomware attacks, compared with the first half of the year. The significant rise in attacks suggests that the workplace is set to fundamentally transform as people become more educated about the importance of safety online.
Why employees need training
Organisations need to ensure employees are trained on a variety of security aspects such as phishing, data sharing practices, keeping software updated and understanding the importance of unique, strong individual passwords. By thoroughly educating employees on the dangers at hand, companies are at a lower risk of being attacked. Within some companies, a movement has been carried out whereby fake phishing emails are sent to employees, containing links which, when activated, lead to a site telling employees about their mistake. Although this can be an eye-opener, it is not sufficient training – especially for companies hosting valuable trade secrets, personally identifiable information and finance or health data.
Prioritising data in the workplace
When it comes to data protection, all aspects need to be considered. This includes examining the security of physical locations and employee access, data storage and backups, network security and compliance and recovery procedures on all internet of things (IoT) devices. It can be easy to neglect software, but it too needs to be regularly audited and followed by a security architecture survey. This should form part of a larger risk analysis of a company’s infrastructure. Senior IT management staff should have a more holistic approach to cyber-security as an organisational-wide risk issue and ensure there is focus on the legal implications including identifying which risks to avoid, accept and mitigate.
A cause for concern
In 2020, the IEEE conducted a global survey3 of chief information officers (CIOs) and chief technology officers (CTOs) on what they considered to be the top priority or concern for their business following the pandemic. The survey was conducted across five geographic regions, including the United Kingdom, the United States, Brazil, China and India, with responses from 350 CIOs and CTOs. The survey outlined a number of key issues; however, cyber-security remained a top priority. Across all regions, 11 per cent of respondents claimed it was the biggest challenge to overcome, suggesting many companies will work to implement tighter measures in the near future.
Security software is an essential tool within every workplace and, as we delve further into 2021, employers and employees need to take a much more urgent approach to staying safe online. Now is the time for companies to ensure those using security software are made aware of the tasks they need to perform and can figure out how to successfully perform those tasks, while avoiding making errors and being comfortable with the interface.
This year, it is more crucial than ever for these aspects to be in place and for activity-monitoring tools to be implemented so threats can be detected before any serious damage is done within the workplace.
Kevin Curran is a professor of cyber-security, executive co-director of the Legal Innovation Centre and group leader for the Cyber Security and Web Technologies Research Group at Ulster University. His achievements include winning and managing UK and European framework projects and technology transfer schemes, and he has made significant contributions to advancing the knowledge and understanding of computer networking and systems over more than 800 published works.
Previously the founding editor in chief of the International Journal of Ambient Computing and Intelligence, Kevin was the recipient of an Engineering and Technology Board visiting lectureship for exceptional engineers. He has also served as an adviser on computer industry standards to the British Computer Society and is a member of the BCS and IEEE technology specialist groups and various other professional bodies. Regarded as one of the top cyber-security experts in the UK, he regularly comments on the latest technological developments and cyber-threats, including the internet of things (IoT) and smart devices, cryptocurrency, phishing attacks and ransomware.
by Kevin Curran, senior member, the Institute of Electrical and Electronics Engineers (IEEE), and professor of cyber-security at Ulster University