Understanding cybersecurity issues that keep organisations on their toes

There has been exponential technological advancement in recent years, bringing with it immense cybersecurity challenges. In today’s world, a large amount of data is being transmitted and accessed out of offices as most employers deploy a remote or a hybrid workforce. This data mobilisation has raised serious concerns regarding cybersecurity and encryption.

According to a recent report by cybersecurity firm NortonLifeLock, the average cost of cybercrime in the UAE is estimated to be around $2.6m per incident. This represents a 17 per cent increase from the previous year’s average cost of cybercrime in the UAE.

Remote work and increasing reliance on cloud-based solutions has resulted in a massive shift in how data is utilised, accessed and transmitted.

However, with employees now working virtually from anywhere, newfound security challenges have emerged.

In addition, vulnerabilities related to unencrypted USBs and cloud storage, and limitations of software encryption have also highlighted shortfalls of traditional security measures.

Encrypted vs unencrypted: Are encrypted USBs safe?

Hackers are quick to exploit weaknesses in organisations, and are continuously seeking opportunities to intercept and compromise enterprise data security. It is not uncommon for employees to carry sensitive organisational information through USBs.

Many companies also carry the practice of connecting USBs to critical information systems for transferring and storing data. This makes unencrypted USBs prone to several risks and vulnerabilities.

Data from the 2022 Honeywell Industrial Cybersecurity USB Threat report indicates that 52 per cent of threats were specifically designed by malicious actors to utilise removable media, clearly indicating that the threats linked to removable drives have escalated.

The high portability and small size of USBs makes them easy to lose data. Infected USB disks also make it highly easy for attackers to gain access to systems through an infected device and introduce malware into company networks, giving rise to increased ransomware attacks.

It is surprising that despite the vast amount of information available, cyberthreats are constantly increasing and evolving. Ease of availability, low cost and easy accessibility of flash drives make them a popular choice for business despite the numerous vulnerabilities they bring with them.

Software encryption allows an additional layer of protection for drives by encrypting data stored on devices. However, this type of encryption has its limitations and may be less reliable compared to hardware encryption methods and can be easily removed by the user.

Software encryption also requires software updates and causes delays in read and write speeds which makes it difficult for businesses to decide and strike a balance between security and performance.

Hardware encrypted USB drives have a built-in encryption within the drive, and are designed to avoid tampering. They have custom architectures which incorporate an onboard encryption con-troller and access control, and use a digitally-signed firmware that protects the authenticity and integrity of the drive. They also limit password attempts and comply to industry best practices to ward of malicious actors.

Cloud storage: A double-edged sword

Cloud storage is a popular choice for storing and accessing data remotely. However, despite the convenience and ease of access, data stored in the cloud always carries a risk.

Cloud data can be accessed from anywhere; local coffee shops, internet cafes and restaurants, or even co-working spaces. Hackers can target cloud servers, potentially compromising sensitive information stored in the cloud.

Furthermore, entrusting data to a third party may complicate the process of identifying and mitigating data breaches, making it harder to determine what information has been leaked.

Encrypted USBs provide a secure alternate solution to access files and information without com-promising an organisation’s cloud. Hardware encrypted devices have to meet tough security standards and thus offer the improved data protection that helps manage, contain and reduce cyber risks.

It is imperative that organisations prioritise data security and invest in comprehensive data security solutions by employing a holistic approach that encompasses hardware encryption, education of employees on best practices, and working closely with trusted cloud service providers to mitigate risks.

By adopting a multi-layered approach through increased user awareness, businesses can protect their valuable information and maintain the trust of their customers and stakeholders in this ever-evolving digital landscape.

Antoine Harb is the team leader – Middle East at Kingston Technology

Read: Why higher education should care about cybersecurity