As cyber criminals get more sophisticated, Infomedia has taken additional steps to protect its and its customers’ data.
Cybercrime is big business. The annual global cost is estimated to stand at $9.22 trillion1 and can take many forms, from phishing to ransomware attacks.
For businesses, the cost is significant, both financially and reputationally. Data breaches, for instance, cost an average of $4.88 million – a number that has been climbing steadily over the past decade.
But the nature of cybercrime is changing fast. Criminals are shifting their focus to industries that have been conventionally perceived as lower risk. One such industry is automotive, which has recently found itself in the crosshairs of high-profile ransomware attacks like the one experienced by CDK Global2.
According to cybersecurity expert Andrew Mitchell, chief technology officer at Infomedia, the automotive sector was previously not a high-profile target because cyber criminals typically focussed on stealing valuable data that could be sold on the dark web.
However, they have switched tact. Rather than monetizing stolen data, they are now attacking businesses and holding them to ransom.
“It has moved from only targeting businesses that hold payment card information, for example, to lower tech industry verticals that might not have as robust cyber security measures, and perhaps use older systems with more exploitable technology,” said Andrew. “What matters is the value of the data to the business.”
Ransomware, in particular, has emerged as the most prolific form of cyber threat, with attackers using a variety of techniques to gain access to company systems, from phishing scams to exploiting relationships with employees.
But ransomware is just one aspect of cybercrime. With the rise of AI, Andrew warns that the inherent unpredictability of this technology could also pose significant risks now and in the future.
“There can be a lot of exploits contained in AI that can have massive impacts,” he says. “You can create super convincing replicas, deep fakes and clones of different businesses and be quite convincing with those. But I very much believe that the most exploitable areas are still things that are common to all businesses and old technology.”
That’s measures such as following a ‘zero trust’ approach to network security, which means that once a bad actor has access, they don’t have free reign to move horizontally through your network.
With cybercriminals becoming more daring, companies need to respond accordingly. Infomedia has taken several steps to enhance its cybersecurity strength and stay ahead of the threats.
We’ve streamlined our whole compliance approach so that we can very quickly respond to risk assessments.
– Andrew Mitchell, Chief Technology Officer, Infomedia
Infomedia’s ISO27001 security compliance
One of Infomedia’s key initiatives was to improve its compliance to the latest version of the ISO 27001 standard, which includes new controls around managed detection services and threat intelligence. This shows that Infomedia has met the necessary thresholds for a standards-based approach to cyber and information security.
“But it’s not just about policy and process compliance,” adds Andrew. “It includes foundational capabilities that must be present in the business to help defend and protect us and give the business more resilience.”
The 2022 update to the ISO 27001 compliance included a full audit. “That really gave us a lot of confidence that the controls we were implementing worked and were well adopted,” said Andrew. “The other thing we did was keep the scope broad to encompass the whole business.”
Infomedia also created a comprehensive Trust Center platform, which has helped to streamline its risk and compliance management processes. This means it can more effectively communicate its cybersecurity stance to customers and third-party risk assessors.
“We’ve streamlined our whole compliance approach so that we can very quickly respond to risk assessments,” said Andrew.
The ISO certification is an important step, as it provides assurances that Infomedia meets certain standards for information security management. But the holy grail is to achieve SOC 2 Type 2 compliance, something Andrew aims to achieve with the next 18-24 months.
Threat monitoring
Staying ahead of the cybercriminals requires a multi-faceted approach, including the use of threat intelligence, proactive threat hunting, and a robust incident response process. Andrew says continuously monitoring the threat landscape and being vigilant about new technologies and techniques is key.
The challenges posed by remote work and the complexity of integrated ecosystems further complicate the cybersecurity landscape. Andrew says more businesses need to focus on data loss prevention and comprehensive employee training to mitigate the risks of accidental data breaches or mishandling.
“Even in some of the most high-risk industries, not everything can be fully covered,” adds Andrew. “It’s more about applying a risk-based approach to security. In my experience, it’s the simplest, low tech things that tend to be exploited, so it’s about mitigating that and making it as difficult as possible. You want to be a harder target to exploit.”
Discover how Infomedia could help drive your automotive business forward.
[1] Cyber Crime and Security – Statista
[2] CDK Global ransomware attack
