IT security: What you should consider when accelerating digitization

SNP Experts
| 6 min read

Enhancing digitization in order to be able to act more flexibly: Many companies have accelerated and intensified their transformation projects during the pandemic. Alas, more innovation is also required in the area of IT security. With the increasing networking of data, applications and devices, the danger of cyber attacks is rising. We explain what you need to consider with regard to your IT security and data protection.

IT security has been a highly relevant topic for companies not only since the advent of Covid-19. With the innumerable amounts of digital data that are collected, processed and stored daily, the danger of attacks from the Internet has been increasing for years. Since the beginning of the pandemic, however, the situation has become more acute: 90 percent of companies report that cyber attacks have increased. This is the result of a study conducted by cyber security specialist Tanium, which concludes that companies should urgently define new standards for security and data protection - and implement them in a targeted manner.

 

Making cyber security a top priority

Anyone who wants to protect their own company from cyber attacks and drive technological progress should plan IT security from the top floor and strengthen technical, organizational and personnel security measures. The optimization of IT security and data protection is closely related to corporate strategy and economic success. According to media reports, the anticipated damage from cybercrime is expected to amount to up to six trillion US dollars worldwide in 2021. In most cases, cyber attacks not only affect the companies concerned, but also their customers. Cyber security must therefore be seen as part of risk management and an investment in future viability, and it must be firmly integrated into the corporate culture.

 

Finding vulnerabilities, preventing attacks

Information theft, espionage, sabotage or blackmail: In order to better assess the danger of possible threats, companies should identify who could attack their digitalized IT infrastructure and what the dangers or consequences would be in case of an emergency. The aim should be to prevent data from being hacked, stolen or passed on and to detect possible attacks as quickly as possible.

Up to now, attacks have often been noticed at a very late stage – after an average of 190 days – which often results in immense financial consequences and a loss of image.

 

Interface analysis: Checking digital connections

A central role in data security is played by interfaces that ensure the exchange of information within the company's own system landscape and with external communication partners. Alas, companies should know which systems communicate with each other via interfaces and what kind of data traffic takes place via them. Often there are far more links than companies suspect – and they are ever increasing in view of the growing use of mobile devices.

Non-documented or obsolete interfaces sometimes bear considerable security risks: Outdated and incompatible connections can lead to disruptions in business processes. With modern IT solutions, interfaces can be quickly analyzed and documented. Connections that are no longer needed, for example to testing systems, are identified and disconnected. This allows systems and data to be effectively protected and compliance requirements to be met.

 

Putting data protection management to the test

The urgency of sensitive handling of data has been further intensified by the EU Basic Data Protection Regulation (GDPR). Companies are facing heavy fines of up to 20 million euros or up to four percent of total annual global sales if the rules for handling personal data are not complied with. This should not be overlooked, even in times of crisis, when adapted guidelines for the collection of employee data may apply to keep viruses at bay.

Experts recommend a thorough review of the company's own data protection management: Does the system in question use or process personal data? Is this data already being presented in compliance with GDPR, i.e. anonymously? Today, IT service providers offer innovative solutions for resolving related questions.

 

Limiting security risks in remote working areas

Companies also have to react to the risks to IT security arising from the current increase in remote work. According to the Cloud & Threat Report conducted by the IT security company Netskope, which analyzes trends in 2020, Covid-19 has not only doubled the private use of company computers, but also the access to risky apps and websites via the latter. Increasingly, work computers are being shared with family members to enable online learning, for example. Traffic to websites with adult content on these devices has actually increased by 600 percent. In addition, seven percent of users uploaded sensitive corporate data to personal areas of cloud applications, putting that data at increased risk of theft or inappropriate use.

Possible points of attack resulting from remote working must be identified promptly. When developing protective measures, priority should be given to business-critical applications and sensitive data. For example, devices in use must be equipped with security functions. Further, secure web or cloud access must be enabled. Multi-factor authentication, access controls and zero-trust access for private applications in data centers and public cloud services are well-suited for this purpose.

 

Preventive action: Introducing IT hygiene rules, closing knowledge gaps

In order to avoid common security risks, employees need clear guidelines on which IT hygiene rules should be applied. These include guidelines on how to handle sensitive passwords, how to protect the private WLAN access point and the fact that business and private activities must not converge on one computer. Employees must also be made aware that during the pandemic, cyber criminals are increasingly spreading phishing emails, malicious domains and fake applications, so attachments and links should be opened with caution.

In general, decision-makers should be aware that the use of new technologies can initially increase the susceptibility to errors. In many places, employees are still gaining experience with innovative applications - unwanted data leaks can be the result. With the help of workshops and further training, employees can be prepared for the use of the new technology.

 

After implementing initial security measures, the issue should certainly remain on the priority list. Technologies are constantly evolving, which is why IT security must be regarded as an ongoing process. Cyber criminals are constantly using new tactics to attack systems and steal data. Companies are therefore well advised to build up investment resources for IT security- and thus benefit from the opportunities of digital change and not become victimized by the new technologies.

 

Related articles:

Please click here for further information on the international "Cloud and Threat" report.

The results of the Tanium survey, in the context of which 1000 companies from Germany, the USA, Great Britain and France were surveyed, can be viewed here.