This week, choose one of the following new trends, and relate what the business implications (benefit, risk, threat) of the new trend. If this is a risk or threat to the organization, why does the organization accept the risk, or what else does the organization do to minimize the threat?
- Cloud Computing resources
- Internet of Things
- Mobile Devices
- Changing Privacy Legislation
Not necessarily a new trend, but mobile devices have become almost essential to a workplace environment. While most things in an office can be done on a laptop or desktop, it’s out of the office where a mobile device shines. In the event of an emergency or when an answer to an email or Teams message is needed promptly, having a mobile device handy will allow the user to relay that information in an expedited fashion. With smartphones specifically becoming as powerful as computers, it can allow employees to travel away from their office, only bring their phone, and manage to do some essential work tasks such as logging on to a Zoom meeting or even using Office 365 applications. This is a double-edged sword. With many people adopting smartphones, the line between personal and work device is blurred. Many times, employees could have their organization’s email and personal email on the same device, or even coming through on the same application. This can pose a problem if someone were to email something meant for work using a personal email, or vice versa, as confidential information could be leaked. It also allows phishing emails to be more prevalent, and phones often hide the true sender of the email address header, making it hard to know if, for example, the real Amazon customer support found a problem with your account. Even two-factor authentication on the phone can be flawed, as using SMS only can allow SIM-swapping to occur and an attacker could steal your credentials, both work and personal. It also means, for authentication apps, if the phone battery dies, then their account won’t be able to be logged in. Phones are not going away, but practices should be put in place to mitigate any risk that comes from using them.
Great insights Krish, managing mobile mobiles on the network can be a tough thing to do. In addition to your points, companies can now rely on MAM (Mobile application Management) applications to improve security. MAMs do not close all the loopholes but they provide better security for Mobile devices connecting to the network.
However, internal security assessments need to be performed on MAMs before they are approved.
Going off this list I think a risk of Internet of Things is that there is that having all of your devices having internet access can cause potential security risks adding so many more devices to your network. I do not see the need for your refrigerator to need Internet access. I remember there were issues with Samsung Smart TVs being hacked, this as the first time an IOT vulnerability affected me (I had all Samsung Smart TVs at home) This had me thinking the issues with having so many different IOT devices and the potential vulnerabilities that can arise from this. What happens if your not using the latest model of the product and the company stops pushing out Firmware updates? This can cause a lot of potential holes and security concerns. On the other hand though, as IOT becomes more mainstream, this makes the daily life easier for some people and with the products more popular it seems that there are a lot more firmware updates being pushed to IOT devices.
https://us.norton.com/internetsecurity-iot-smart-tvs-and-risk.html#:~:text=A%20recent%20Consumer%20Reports%20investigation,from%20its%20Wi%2DFi%20connection.
Strong believer in segregating your network. Many people forget to “due diligence” the heck out of your own life as it involves anything IoT. Trust no one. It took me a while to set up and some research into the best devices, softwares, etc.. but I feel secure in my own home against the onslaught of vulnerabilities my husband introduces into my household anytime he adds a device to my Google Home network. Dude… I refuse to be taken down by a lightbulb. I refuse.
Vanessa
Use of cloud computing in business is being adopted more and more as we head into the future. Here are some advantages and disadvantages of that venture.
• Save $$$ – Saving money is one of the huge benefits. The organization saves $$$ investing in physical hardware and you don’t need trained personnel to maintain the hardware. It’s all in the cloud!
• Competitive Edge – The cloud offers a competitive edge over your rivals. is one of the best advantages of Cloud services that helps you to access the latest applications any time without spending your time and money on installations.
• Instant Growth – Cloud computing offers scalability and elasticity This allows you to “spin-up” resources you need in minutes.
• Mobility – Employees working anywhere remotely can easily access all the cloud services. All you need Internet connectivity.
• Collaboration – The cloud computing platform helps employees who are located in different regions to collaborate in a highly convenient and secure manner.
Disadvantages:
There are many issues that organizations might have to mitigate with the use of cloud computing. A few of these are:
• Cryptojacking – This is a fairly new form of cyberattack. It centers around the mining of cryptocurrency (Bitcoin). Threat actors have methods of accessing cloud service providers and then using their massive computing power to mine for cryptocurrency. Cryptojacking is very hard to detect and stop.
• Strict Access Control – Like on-prem environments, cloud computing must follow the same zero-trust model that provides strict access control, least privilege, need to know, and use defense in depth. Organizations need to vet the potential vendor’s security posture in order to properly hold them accountable with contracts, SLA’s and SLR’s.
• Denial of Service (DoS) – One of the most harmful threats to cloud computing is a Denial of Service (DoS) attack. These can shut down your cloud services rendering them unavailable both to users and customers but also to staff and business as a whole.
• Insufficient Training – This issue is caused by a problem inside the organization. The problem is not taking the threat of cyber attack seriously. Security Awareness Training is an invaluable part of the organization. Humans are the weakest link regarding incidents. Security should be intertwined with all aspects of the Enterprise.
Hi Vincent,
You hit the nail right on the head! Cloud computing is one of the newest emerging trends. As you mentioned, it has multiple benefits such as affordability, scalability, mobility, and many more. The only problem it might face is reliability. it might be jeopardized the critical functionality of the business if they cannot access the services.
Many businesses rely heavily on mobile devices to improve everyday operations. This has only increased as COVID-19 has moved so many employees to working from home. laptops and cellular phones allow office employees to meet and work in different areas around the office more freely. They allow workers to travel for work and to take home unfinished tasks. Unfortunately, they come with their own security risks. Mobile devices are stolen more frequently than larger, stationary devices. Employees frequently use the same mobile device for work and personal functions, inadvertently increasing the risk of a breach. Companies have begun to mitigate these risks with things like Mobile Device Management (MDM), which allows organizations to do things like block a device from accessing certain apps and websites or wipe a device after a certain number of unsuccessful login attempts. Additionally, organizations frequently provide mobile devices and implement a computer use policy. It is impossible to completely remove all risks associated with mobile devices in the workplace without removing them completely but the benefits of using these devices frequently outweighs the residual risk associated with them.
Hi Amy!
In a past job, I use to administrate an MDM called “MaaS360”. It was cool to see all of the features it had. I could restrict apps, wipe a device remotely, and even see a user’s location at any time. Employees would often delete the profile and I understand why. Who wants to be spied on, right?! Whether it was company-owned or a personal device, it had to be registered to gain access to resources. I opted not to connect my phone because I was able to see the level of visibility into a device and I was not comfortable with that. Still, a great tool to mitigate BYOD.
I absolutely understand why people wouldn’t be interested in having MDM on their personal mobile device. My friend had one set up on their phone that would wipe the entire device (including all of their personal photos/messages/etc.) if they entered the pin incorrectly more than 3 times. They insisted that their office provide an office phone after dealing with the stress of the potential wiping for a few months. I also know someone who worked at MaaS360/IBM and they used the software to keep tabs on their kid’s cellphone.
In my opinion, IoTs are going to be the next trend setters, businesses today are being able to deliver better and customized services to their clients because of their ease of use and flexibility. The biggest challenge for companies here becomes the process of securing IoTs since many of them transmit, process and store data.
Today, organizations tend to accept risk with IoT devices because these gadgets have become necessities, they are a need and not just a want anymore. In some cases they are used to connect to core systems and businesses depend on them to operate efficiently for instance, tablets, cell phones, Cameras, Tvs etc
In an effort to secure network systems using IoTs, companies need to strengthen Authentication and access control mechanisms, for instance, use MFA and strong passwords/pins and encryption must be setup for all IoTs used to access critical parts of the system. More so, IoT devices need to be segregated from the core network and admins need to have the ability to wipe devices as soon as they are reported as lost/compromised.
I absolutely agree, Jerry. Unfortunately, I think there are many small and start-up organizations that see IoT devices as fun or useful tools for the workplace but they don’t stop to consider the potential risks that these devices introduce to the network.
One of the primary causes of emerging technology is to make a living more efficient and easier. IoT Internet of things refers to the numerous sensing ability devices connected through the internet. New technology is always associated with risks, but that can be figured out as we move forward. IoT is one of the new emerging the which has numerous applications ranging from professional to recreational. IoT devices can be used to automate and expedite the process, but on the contrary, they possess the risk of being exploited. The other major issue with the IoT is they are mass-produced for business and personal use. This possesses a greater risk if one is hacked; they all can be hacked into. Many businesses are looking into strengthening IoT security through encryption, Access logs, network, and device authentication. IoT offers data collection on a mass scale from multiple areas with nominal prices. Further, it has the potential to tap into the possibilities that haven’t been tapped into.
References
N.A. (2017). IoT Security Risks and Benefits. Retrieved from https://medium.com/@Imaginovation/iot-security-risks-and-benefits-18428819e735
The cloud is all the rage these days. Yet you must wonder whether the financial cost of being on the cloud is feasible let alone predictable. Entrusting all your preciously acquired data to a cloud provided gives them all the power to gouge you through the eyes, ears, and nose. Companies are spending baffling amounts of money in cloud services. Economists are claiming the cost of cloud services is “unsustainable”. Yet leaving the cloud is difficult. Companies accept the financial risks of overpaying for the cloud. Cloud providers offer “more storage and spare capacity.” Other services offered are data analytics, prediction models and machine learning capabilities. It’s easy to accept a financial risk provided the return is acceptable. The alternative would be to bring the storage on site – costing a technology stack, engineers and security professionals to support it. Cloud computing is both a benefit and a threat. If mismanaged it can pose a big financial risk. But the benefits may outweigh the cost.