Last week, an NBC News report painted a dire portrait of cybersecurity at the Sochi Winter Olympics. If visitors so much as “fire up their phones at baggage claim” or connect to Russian Internet, they will be hacked, the report warned. It has been called out for its sensationalism—the “hacking” NBC described had nothing to do with the Russian Internet and everything to do with malicious websites—but the fact remains that threats are out there and users must beware. Ultimately, what the Sochi story demonstrates are the vulnerabilities created by the consumerization of IT. Those vulnerabilities are anywhere.
Why does the consumerization of IT create vulnerabilities?
BYOD. It’s a tech trend enjoying ever-wider acceptance in the enterprise – and, like the cloud, it has its benefits. Employees enjoy the freedom to choose and use their own devices, while employers enjoy the cost savings of not having to purchase and support employee devices. But BYOD and the consumerization of IT blur the lines between work and personal use on mobile devices. And when employees use their personal devices to connect to corporate cloud services, the productivity applications and services they install and use on their own time can put their employers’ sensitive data at risk.
Here are a couple of reasons why:
- Phishing and cybertraps. Emails and websites faked to look legitimate—counterfeit Olympic sites, for example—are all over the Internet, and all it takes is one visit for a cybertrap to install malicious software onto a device. An employee might not click a questionable link on a corporate device but may let their guard down on a personal device. The malicious software the employee picks up can steal personal information, including login credentials and unsecured data.
- Government surveillance. Of much concern at the Sochi Olympics (and, to be fair, in many other places in recent months), government surveillance of Internet traffic is real. Russia’s State Intelligence Service is legally authorized to “monitor, intercept, or block any communication sent via cellphone, land line, or the Internet“—as are plenty of other government agencies. Employees accessing corporate data without appropriate security measures can give government agencies a direct line to sensitive information.
These dangers are not specific to Sochi, as Gartner’s Paul Proctor pointed out. Employees can make themselves, and your cloud-housed company data, just as vulnerable at the local Starbucks as they can at the Olympic Games. That’s why your cloud information protection strategy must include the following features:
- Malware protection as the first line of defense against malicious websites and software.
- Strong encryption with tightly controlled, enterprise-exclusive access to encryption keys. This way, even if someone’s eavesdropping, the traffic they intercept won’t mean a thing.
- Detailed activity monitoring and DLP integration, so that if an employee’s credentials are stolen, you can quickly identify suspicious activity and shut it down.
For Enterprises, the Buck Stops…Where?
Sochi isn’t the biggest threat to enterprise cybersecurity. Negligence is. And in today’s environment, in which many enterprises rely on cloud services and the public Internet to conduct or support their business, negligence can be deadly. But with a robust cloud information protection platform that combines malware defense, encryption and tokenization, and activity monitoring and DLP, your employees can connect to the cloud and carry out their tasks anywhere, anytime, safely.
What lessons do you think we can learn from the Sochi Olympics cybersecurity story? Let us know in the comments.