Information technology companies are especially aware of the need for strong cyber security, given that their products and services are an integral part of why security measures are needed in the first place.
But that does not mean the businesses that produce hardware, software, networking equipment and other IT components are immune to attack—far from it. And, like companies in any industry, technology businesses can fall victim to attacks from inside as well as outside the organization.
Consider the recent case of Sage, a UK-based provider of software and services for accounting, payroll, customer relationship management and other business functions. The company experienced an incident in August 2016 involving an internal data breach.
Sage posted a message on its Web site stating, “we believe there has been some unauthorized access using an internal login to the data of a small number of our U.K. customers, so we are working closely with the authorities to investigate the situation.”
The company said it was communicating directly with customers who might be affected and giving guidance on measures they can take to protect their security. It said the issue does not affect customers in other countries.
According to an article in the Financial Times, the software provider said the data breach might have compromised the personal details and bank account information of employees of as many as 300 companies. A person familiar with the incident said a Sage employee’s internal login details were used to gain unauthorized access to protected data, the newspaper reported.
This is hardly the only example of breaches within the industry, but it’s one of the most recent. Technology companies can be targets for several reasons, including their wealth of intellectual property about the latest, high-value products. In addition to cyber criminals, the list of potential attackers might include foreign government entities and competitors.
Consulting firm PwC noted in its Global State of Information Security Survey 2016, released in October 2015, that over the past 12 months, technology companies had detected twice as many information security incidents than in the year before.
Many of these companies are addressing the rising cyber security threats, as well as new risks associated with the Internet of Things (IoT), by implementing technologies such as cloud-based cyber security, advanced authentication and big data analytics, the PwC report said.
In addition, most organizations in the industry have significantly boosted their security budgets to better support a resilient cyber security program.
A report on security spending by the SANS Institute in February 2016, which focused on IT companies among other key verticals, notes that overall, the protection of sensitive information and regulatory compliance are the two most significant business drivers behind security spending.
“We are not surprised at these findings, given the sensitive nature of the information being processed” in the vertical industries represented in the SANs Institute survey base, said the organization, which provides security education programs.
The median budget allocated to security by technology and IT services companies in 2016 was projected to range from $100,000 to $500,000, according to SANs Institute. That’s the same range as budgets for 2015.
Perhaps one of the biggest security challenges—and opportunities—technology companies face in coming years is the growth of the Internet of Things (IoT). As PwC points out, technology businesses are leading the charge in IoT security. Nearly three quarters have an IoT security strategy in place or are deploying one.
The technology company survey respondents reported that security compromises of IoT components such as operational systems, embedded devices and consumer technologies soared in 2015. Many of the technology companies are taking advantage of big data analytics to identify security threats, while others are tying analytics into cloud-enabled cyber security services such as real-time monitoring and advanced authentication.
Nearly all of the technology companies have implemented on-premises authentication technologies to manage access to systems and data. About 70% use software and hardware tokens to strengthen access, and two-thirds use biometrics such as fingerprint scanners. Those companies that have implemented these authentication technologies reported that they have helped improve confidence in their cyber security capabilities, fraud protection and security of online transactions.
Despite the business they’re in, the companies understand all too well that technology alone will not protect organizations against all cyber attacks. Many of them are also emphasizing the human aspects of cyber security, PwC says. Increasingly, they are sharing cyber security threat intelligence and response techniques with outside partners.
And, as an indication of how important information security has become for these companies, boards of directors are increasingly getting involved in cyber security issues, strategies and budgets, the report says.