When a bank’s app or an online retailer’s site is down, the company might release a communique to customers pleading for patience as “systems are upgraded”. While this might be the case in certain instances, what the company would rarely say is that someone has breached the system and network engineers are frantically trying to patch the vulnerability, often at a huge cost. In recent, years, the Internet has equipped businesses with remarkable tools for marketing and selling their products and services, especially on mobile devices. Statista predicts that by 2020 mobile apps will generate $189 billion globally, up from $69.7 billion in 2015 and $88.3 billion in 2016.
As of March 2017, there were 2.8 million available apps at the Google Play Store and 2.2 million on Apple’s App Store, and that number is growing. These apps run from gaming to shopping and more functional apps targeted at specific professions, such as medical apps. A recently published report by BIS Research predicts that the global medical apps market alone will reach $11.22 billion by 2025, up from $1.4 billion in 2016 – apps used by patients and health professionals alike. This is a compound growth rate of 21.4% between 2017 and 2025, driven by the growth in smart phone penetration as well as the exponential advancements in mobile network speeds, resilience and data affordability.
However, this comes with significant risk to private information as the growth of cyber-crime grows at an equal rate, or faster. It is estimated that cybercrime will cost the global economy over $6 trillion by 2020, driving spending on cyber security to $1 trillion. However, even this will struggle to keep pace with the rise in various types of established attacks such as phishing and emerging ones like crypto-jacking. With the increase of sensitive data now being stored on the cloud, hackers are looking to expose any vulnerability they can. Large enterprises are now taking security seriously, but smaller companies may struggle to implement the security measures necessary due to the expertise and costs required.
Most attacks are data-breaches where thousands and millions of personal details are accessed or leaked. Then, there are transactional breaches, which are harder to pull off but where money can be stolen and transferred. Hackers also steal IP, not to sell it or make money, but because they genuinely believe the world owns it and should have a right to see it (such as the Sony Pictures hack). Rather than waiting for a breach to happen, it is vital to ensure that your system is built with security in mind from the very beginning. As security management can be quite expensive, it’s important to start by gaining a good understanding of what new methods hackers are using, and then plan around these… and get ready to adapt your strategy as quickly as the bad guys do. There are several measures a business can use to protect itself – from using VPNs to two-factor authentication. More progressive companies employ hackers to try break into their systems and expose vulnerabilities so that they can stay ahead of the game. Off-the-shelf cloud-based services such as Amazon Web Services (AWS) have full-time security engineers, which form part of a monthly rental cost. On the other hand, if you are buying and implementing your own infrastructure, the initial costs can run into the millions. The basic premise is threats are not idle – they are continuous – so staying ahead of hackers is a full-time job, not a once-off solution.
Often, it’s the larger corporations with older systems that find it hard to transition to newer platforms and are the most vulnerable to attacks. These companies should also invest in multiple back-up infrastructure in case the primary system is down due to disaster or upgrades, along with comprehensive disaster recovery procedures so that it’s possible to spin up new servers very quickly to ensure systems aren’t affected.
A company might spend millions on the most advanced security infrastructure, with multiple encryption layers, only for a trusted internal user (such as a staff member) to accidentally upload a virus from a USB drive, or click the wrong link in a personal email. So, it is vital that everyone within the business is constantly educated about potential threats, with clearly defined policies for email and external drive policies. As hackers become more persistent and innovative, online security management will be more important than ever, for both large corporations and small businesses. Even the best systems can be compromised or crash at, so a judicious blend of data backup, firewall protection, disaster recovery and education will help keep the most important information secure, or at least alert the business in time when a breach does happen.