Jenkins added that Google use a "combination of pattern-matching systems to recognise any unauthorised access" of a user information. "If we notice something unusual, we will ask more questions designed to prevent break-ins, send notifications to the user's phone and email so he/she can quickly act on anything that looks unfamiliar."
Besides that, "organisations should use encryption in transit and at rest for all their services or find a cloud vendor that does so," Jenkins advised.
The increase adoption of the Internet of Things (IoT) devices also calls for IT/security teams to focus on end point security. "The current state of IoT devices is very much like the early days of computing: competing standards, poor security understanding, and lack of security infrastructure. Since IoT devices are designed to be plugged in and forgotten after basic set-up, they are a prime target. Moreover, the Dyn attack in 2015 demonstrated that the vast number of IoT devices don't have security on them, and are tremendously vulnerable to attacks," said Rohatgi.
Employees' cybersecurity responsibilities
Cybersecurity shouldn't be the sole responsibility of the IT team; it requires a conscious effort by all parties." Protecting customer information needs to be a part of your organisation's culture. [Every employee] is a custodian of your customer's information and should respect the privacy and security of the data that your customer's trust you to maintain," said Jenkins.
As such, Rohatgi advised employees to play their part in protecting customer information by:
- Using different passwords for devices and services
- Enabling two factor authentication on all cloud devices
- Updating their software or systems regularly
- Installing security software on PCs to ensure they won't become a zombie PC.
- Avoid opening emails from unknown/suspicious senders
- Checking for SSL certificates on external websites that require sensitive data
Sign up for CIO Asia eNewsletters.