9 minute read

IT Security

Next Article
The chain of trust

The chain of trust

What you need to know! By by Jack Rosier of QMS International

We’re living in the age of computers, with technology playing a more important role in our lives with each passing year. With the pandemic acting as a catalyst for increasing digitalisation, 2022 is likely to see more technology usage than ever before - so businesses need to make sure they’re prepared.

Embracing technology has been great for us as a global community in many ways. For example, it has enabled people and businesses to almost seamlessly shift to remote or hybrid working models, with a plethora of collaborative software to utilise.

However, this can be a doubleedged sword. The more technology organisations interact with, the more opportunities for cyber criminals to launch cyber-attacks.

At the beginning of 2021, QMS International carried out a cyber security survey among businesses and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

This stresses the importance of understanding what good IT security looks like and how you can protect your business, employees, clients and stakeholders from dangerous and costly cyber-attacks. If organisations and individuals are aware of best practises and show due diligence in cyber security protocol, there is minimal reason to worry.

In this article, the experts at QMS International take you through potential risks to IT security in 2022, upcoming changes that might affect businesses, and best practises to implement to ensure cyber operations are completely secure.

Ransomware

The Chief Executive of the UK’s National Cyber Security Centre, Lindy Cameron, has warned that ransomware is “the most immediate danger to UK businesses” and all organisations could be at risk of cyber-attacks through the use of ransomware.

According to an analysis of reports made to the UK’s Information Commissioner’s Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Ransomware is a type of malicious software which cyber criminals deploy on an unsuspecting person’s computer network in order to encrypt their files.

If a cyber-criminal is successful in doing this, it enables them to extort the victim into paying large fees to decrypt their files and make them accessible again.

Nowadays, most people tend to have their data backed up somewhere, whether it be on an external hard drive or on the Cloud. Most cyber criminals have clocked onto this and now threaten to release stolen files online. This same threat has also been used on those who have refused to pay the criminal.

Often, cyber criminals will target customer service and HR teams as they are easily reachable employees who hold information valuable to the cyber-criminal.

It’s absolutely crucial that organisations ensure they’re well equipped to prevent ransomware attacks in the coming year, and make sure all employees have a fundamental understanding of how to spot and avoid potential ransomware attacks.

Spear phishing

With the pandemic forcing people to adopt new technologies, cyber criminals have been using different methods to carry out their attacks. One method that seems to have gained popularity has been spear phishing.

Spear phishing is a type of digital communication scam that targets a specific individual or organisation. It’s designed to trick unsuspecting victims into clicking a link and willingly giving away their credentials. Unlike conventional phishing, which is a broader approach to the same goal, spear phishing is a lot more personal, and can be a lot more deceiving.

In order to prevent spear phishing attacks, organisations should create filters which flag incoming emails as either internal or external, which allows the recipient to see if somebody is trying to trick them.

Additionally, organisations should ensure employees are educated to understand what spear phishing is and how it can be prevented. This information can be simply delivered through eLearning on cyber security.

Remote or hybrid working

Over the past two years, the various lockdowns and a shift in attitudes has led to businesses adopting mass

remote working or moving into hybrid working models. Now, in 2022, it’s clear to see that the movement towards remote and hybrid working is here to stay, with 85% of managers believing that having teams with remote workers will become the new norm.

However, remote working presents a number of challenges to an organisation’s cyber security. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic in March 2020 to more than 60% six weeks later when the nation was in lockdown.

Risks like unsafe networks, digital file sharing, and outdated software make up part of a long list of risks that should be addressed by all organisations with remote workers.

These risks should not put off organisations from allowing employees to work remotely, but instead should encourage all businesses to ensure their cyber security policies are up to date and cover remote working responsibilities.

Training employees, carrying out risk assessments, making sure workers are using secure connections, and introducing robust information management frameworks will all help protect your business during hybrid or remote working.

Create a culture of IT security

From larger businesses to SMEs and start-ups, creating a culture of security is one of the most effective ways to protect your business against all types of cyber-attack in 2022 - and you can do this through ISO 27001 and ISO 27002.

ISO 27001 is the internationally recognised Standard which provides the framework for a comprehensive Information Security Management System (ISMS). It implements 114 legal, physical and technical risk controls that allow an organisation to carry out robust information management.

It’s set to be updated in the coming months to reflect the current challenges to an organisation’s IT security - making 2022 a great time to put in place a futureproof framework to protect your business.

Another Standard receiving an update in 2022 is ISO 27002 - the code of practice for an ISMS, which provides details on the requirements and controls in ISO 27001. Again, this update will make sure ISO 27002 reflects and addresses the current challenges businesses face in relation to IT security.

Adopting the latest versions of these Standards is a great way to give your business all-round protection in 2022 and beyond - so you can reassure your stakeholders and clients, fulfil your legal obligations, and keep your information secure at all times.

For further information please visit www.qmsuk.com

The ASSA ABLOY Group is the global leader in access solutions. Our offering covers products and services related to openings, such as locks, doors, gates and entrance automation solutions. This also includes expertise in controlling identities with keys, cards, tags, mobile and biometric identity verification systems.

www.assaabloy.com

Innovating for a smarter, safer world by combining intelligent technology and human imagination, at Axis Communications we offer solutions based on sight, sound and analytics to improve security and optimize business performance.

www.axis.com

azena accelerates the next generation of smart security and safety solutions through joint innovation with customers and partners. Our goal is to be the leading open platform and marketplace for smart security and safety solutions. The platform we offer is based on a camera operating system that powers cameras from various manufacturers on the market.

www.azena.com

Club Car boasts nearly 60 years of industry-leading innovation and design, initially focused on golf cars and then expanding to commercial utility vehicles and personal-use transportation.

www.clubcar.com

Hanwha Techwin Europe, formerly Samsung Techwin Europe, offers robust and reliable video surveillance products designed to meet the current and future needs of security professionals. Our cameras, video recorders and other devices are built to exacting standards which reflect the heritage of precision engineering associated with the Samsung brand.

www.hanwha-security.eu

Buildings today don’t only provide a safe, functional place for people to live and work. They can also cater for – and even respond to – their needs, while helping them work more efficiently and sustainably. At Bosch Building Technologies, we are at the forefront of these new developments.

www.boschbuildingtechnologies.com

With a full HD camera and an optically stabilized, 40x zoom lens from FUJINON, two high-performance components are integrated into one system. This innovation is the result of years of experience in digital cameras and a dedication to the highest optical quality.

www.fujifilm.eu/fujinon

HID powers the trusted identities of the world’s people, places and things. We make it possible for people to transact safely, work productively, and travel freely. We are passionate about helping people use a verified, trusted identity to make it more convenient and safer for them to get to where they need to go and achieve what they want to do in everyday life.

www.hidglobal.com

Maxxess Systems delivers innovative SaaS and security management software solutions that combine otherwise disparate physical security, communications, business intelligence and data integration capabilities onto one unified management platform.

https://maxxess-systems.com

Panasonic i-PRO Sensing Solutions Corporation of America a global leader in professional security solutions for surveillance and public safety, is launching their new name, i-PRO Americas Inc., and taking a unique approach to best navigate the evolving business environment and technology demands of the professional security industry.

https://i-pro.com/eu/en

As a trusted advisor and reliable partner, as a system integrator, service provider and a product vendor, Siemens offers energy-efficient, safe and secure buildings and infrastructure. With our people, our global footprint and our technical expertise, it's our passion helping you to create the perfect place – your perfect place.

www.siemens.com

Transforming teaching and learning with creative solutions to engage and inspire every student. Learning’s becoming more interactive. More immersive. More collaborative. At Sony we’re working with universities, colleges and schools to create richer, more rewarding educational experiences for today’s students and teaching staff.

https://pro.sony.com

At Mayflex we lead the way in the distribution of Converged IP Solutions. Bringing together ‘best-in-class’ Infrastructure, Networking and Electronic solutions. We’re a growing international force, enriched by the skills, expertise and unique personalities of our people. Globally owned but with a family and local feel.

www.mayflex.com

With over 30 years of experience, we design and manufacture marketleading security solutions for a range of buildings. Around 25,000 buildings each year are secured globally with Paxton products. Our global Head Office is based in Brighton, we have colleagues in 12 countries and we export to over 60 countries worldwide.

www.paxton-access.com

From its inception in 2001, SALTO was created with one objective: to devise a world-class access control system that was simple to use and extremely efficient, giving users the ability to control all their access needs and secure all their doors without complex and expensive wiring.

www.saltosystems.com

Videx Security is a leading manufacturer and supplier of access control systems across the UK. We are experts in the door entry market. Videx and our team of estimators, technical support and designers are focused on making and providing high quality products and support to customers.

www.videxuk.com

This article is from: