News coverage often focuses on tales of catastrophic breaches where hackers effortlessly infiltrate credit reporting agencies, healthcare insurers, and other highly sensitive networks to access the personal information of millions. The consequences can be dire for both consumers and businesses—brands suffer and stocks drop as legal departments get slammed with class action lawsuits.
Hidden behind the big headlines, though, are undercovered cases of smaller companies devastated by crippling breaches. Their stories of stolen funds and settlement payouts might not make the news, but the disproportionately higher financial repercussions are devastating for these firms.
It turns out the biggest security holes are a byproduct of technological advances that helped mitigate certain risks—like the challenges of identifying top talent, failure to meet consumer needs, and even security problems themselves. In particular, three technological developments over the past 30 years stand out as having inadvertently introduced novel business risks.
Starting in the 1990s, companies began to take advantage of Application Service Providers (ASPs), businesses that deliver computer-based work—say payroll and booking—over the internet. The benefit was simple: ASPs allowed managers to focus on core business operations and entrust peripheral tasks to the experts. The rise of ASPs and cloud infrastructure eventually led to the advent of software as a service (SaaS) providers, and the world of web-based business solutions blossomed.
While ASPs have been invaluable in streamlining core operational tasks, they have also created a divide between accessibility and security. In engaging with an ASP, managers risk losing control over sensitive insights, exposing corporate data to the service providers other customers, and compromising or tampering internal data. Platforms that require turning over data to third party sources often increase the opportunity for internal and external attacks. And when only a select team has access to the external software, it puts companies at risk for employee theft. This unclear visibility across corporate boundaries can make it especially difficult for managers to secure sensitive data and also perform effectively.
A new millennium ushered in a new internet based on cloud networks and sensors embedded in appliances, buildings, and other aspects of everyday life. In the years following the turn of the century, the Internet of Things (IoT) grew so rapidly that by 2008 the number of connected objects—refrigerators, thermostats, agriculture monitors, and more—exceeded the earth’s population.
The ever-growing trove of IoT data presents various industries with unprecedented opportunities to improve responses, planning, and delivery of service. But growth in data collection also presents new risks.
For the IoT to live up to its promise, a horde of unmanned connected devices must collect and transmit sensory data without human oversight. The transmission lands at a gateway, an intermediate support system, where it then pumps information to the internet or channels data from the internet back down to a device. Every transmission made from a connected device is a new point of vulnerability for a cyber attack, and yet billions of devices still do not encrypt their information.
Today’s flexible workplace erases the bounds of the office by letting employees take home company-owned laptops, smartphones, and tablets. Employees can now work from almost anywhere, allowing them to quickly fix unforeseen problems when away from the office. But this “bring your own device” (BYOD) trend is another case of technological prowess that poses a significant security risk.
It’s estimated that three out of four companies have implemented a BYOD policy. Small firms are among the earliest and most ardent adopters—telework allows them to more easily control overhead costs. Unfortunately, the flexibility of a wide network of employees who can pick up and work anywhere comes at a price.
Whether from a phone, laptop, or tablet, each contact with a company’s mainframe is an invitation for suspect behavior. Cyber criminals can now target company devices on less than secure home networks to steal customer data and important intellectual property from a company. In particular, the use of mobile phones at work and home creates a breeding ground for cyber crime.
Security risks can also result from simple human error. Even the most well-intentioned employees takes a more lax approach when working away from the office. This behavior puts sensitive business data in danger and makes it much harder to enforce security precautions outside of business walls.
According to Hiscox’s 2017 Cyber Readiness Report, the evolving nature of security threats is the biggest challenge corporations face. A large number of firms were reportedly concerned that a lack oversight and visibility across the entire organization led to these issues. This dearth of transparency continues to expand as a result of the recent trend in BYOD.
The report finds that nearly 60% of cyber security budgets are set to increase 5% in the next 12 months to offset the increased potential of an attack. But sometimes even being prepared isn’t a enough. Leaving a phone in a cab or having a tablet stolen from hotel room causes nearly a third of all cyberattacks.
While technology continues to positively impact society, these same innovations have introduced new risks that threaten firms of all sizes. Application service providers in the 1990s first threatened manager’s ability to monitor and protect data while today’s increasingly connected environment offers attackers a backdoor path to highly sensitive data. Organizations will continue to be tested for their ability to safeguard crucial data from attack and stave off monetary losses. For most, cybercrime is not a question of if, but when.
This article was produced on behalf of Hiscox by Quartz Creative and not by the Quartz editorial staff.