IT Trends & Technology

In today’s threat landscape, experts say it’s no longer a matter of if a cyberattack will affect an organization, but when. Something as simple as a link click in a phishing email can compromise an entire network.

According to Juniper Research, 146 billion records are expected to be exposed in data breaches between 2018 and 2023. IBM and the Ponemon Institute estimate the global average cost of a data breach is $3.6 million. In addition to high risk and the costly damages faced by all organizations, financial institutions face stringent regulatory and compliance standards.

Many leaders across the finance industry find themselves needing increased information security but having to fulfill that need within budget constraints. Additionally, cloud computing and digital transformation add layers to the need for a more sophisticated and integrated information security strategy.

From June 2014 to May 2017—a period of just three years—almost 250 million financial records were breached, including JPMorgan Chase, HSBC, Experian, and Equifax. Although sophisticated hackers were involved, each breach actually was initiated by known security vulnerabilities in computer programs or networking hardware that could have been overcome with strong internal controls and routine security reviews.

Security vulnerabilities in your technology infrastructure are no longer something just for your IT department to worry about; the impact of a cyberattack can quickly send ripples throughout your entire organization, from its balance sheet to its stockholders. And with more than 53,000 security incidents reported in 2018 alone, the question has seemingly flipped from not if, but when your network could be in the crosshairs.

What started as an average Monday at Yahoo headquarters in 2000 turned out to be one of the first widely reported distributed denial-of-service (DDoS) attacks. After an attacker took over and redirected a university’s computers to flood Yahoo’s internet portal traffic, the media company fell victim to a three-hour blackout that left many scratching their heads, wondering what had just happened.

If you feel like the IT security and threat environment has evolved at a remarkable pace in the last 5 years, you’re right. Between the introduction of the European Union’s General Data Protection Regulation (GDPR), regular updates to compliance standards such as PCI-DSS and HIPAA, threats of ransomware and data leaks, and the continued growth of cloud services, it can be hard for any organization to keep up and feel secure.

Although cloud adoption is on the rise, there are still many myths about how secure the technology really is. In fact, according to a study of 250 global CIOs, 30 percent marked cloud security risk as the thing that they are most worried about.

There are certainly some considerations to explore in any cloud infrastructure—whether it is a single, private cloud or a hybrid, multi-cloud environment—but it is important to debunk the myths, properly weigh the risks, and flesh out the benefits to make sure you have all the right information to make the best decision for your organization.

FNTS has a long history of building strong relationships and partnerships with our clients. Our people pride themselves on delivering excellent customer service, and as we move into 2019, this continued focus on our customer will stay a primary focus. As part of the customer experience and our service delivery focus, we intend to:

From smart grids to smart meters, technology is transforming the way the utility industry does business. IT is being used to enhance operational processes and customer experience in a digital age where information security is trying to keep up with big data. To get an idea of the scope of data being collected, one only needs to look as far as the smart meters utilized by households. A single household smart meter can generate 400 megabytes per year. If you multiply that by 135 million smart meters in the United States, it equates to 54 petabytes, or a little more than half of the data uploaded to YouTube in a year. This data must be stored somewhere that is secure, so that if and when disaster strikes, it is protected.

Cybercrime is a continuous threat for organizations of all sizes and across all industries. If the news surrounding the data breaches at Marriott and Equifax are any indication, even global firms with large security budgets can still be vulnerable in the face of a seemingly endless barrage of sophisticated attacks. In fact, IndustryWeek recently reported a 350 percent increase in ransomware attacks against its members versus the year prior, as well as a 250 percent rise in email attacks.

Moving your enterprise data to the cloud can bring with it a number of benefits to your operational costs and the management of your information technology footprint. In fact, 83 percent of enterprise workloads will be facilitated via the cloud in 2020, according to a LogicMonitor study. However, with this growth in cloud services can come substantial risk.

Fortunately, by following some key best practices, such as those laid out in this article, you can help your organization take the necessary steps to strengthen your data security and mitigate the potential vulnerabilities of operating in the cloud.

In late November 2018, Marriott International Inc. reported that it had fallen victim to a colossal theft of customer data. Up to 500 million customers’ personal information was exposed, including passport and credit card information. The breach, which began in 2014 and continued until this September, is only the latest in a long string of high-profile cyberattacks making headlines this year.

Despite the eye-popping figures and high stakes, according to a McKinsey survey of corporate directors, the majority of respondents reported that their boards had, at most, one technology-related discussion a year. Similarly, according to EY’s 19th Global Information Security Survey, only one in five executives fully considers information security in planning their larger corporate strategy.

Like many other new technologies, the concept of security orchestration, automation, and response (SOAR) solutions was born out of a problem that dogged IT professionals. However, in this case, it was multiple problems that couldn’t be solved with existing solutions.

Gartner, who is credited with coining the term, defines SOAR as “technologies that enable organizations to collect security threats data and alerts from different sources,” where technology and professionals can combine to analyze incidents, triage issues, and drive responses in a standard way.

Today’s Chief Information Security Officer, or CISO, is having a stronger and more strategic role in organizations due to more cyber threats, compliance standards, connected devices and stored data than ever before. However, according to a study done earlier this year by PricewaterhouseCoopers, almost half of average companies today don’t have a C-level security executive in place. Now is the time for organizations to evaluate their risk posture and invest in an information security team that can adopt a strong cybersecurity culture that aligns with their strategic business goals.

Persistent security breaches, new investments in hardware, and a growing demand for cloud services are the primary drivers behind ongoing increases in IT security spending, according to a recent industry forecast.

In 2019, expenditures for security products are expected to reach $124 billion, up almost 9 percent from the $114 billion allocated for 2018. Recent high-profile attacks like Equifax, WannaCry, and Yahoo, to name a few, have prompted businesses to take a good, hard look at their security vulnerabilities and their abilities to detect and respond to increasingly crafty cyberthreats.