Computer hacker with mobile phone.
Cybersecurity threats are a serious source of headache for organizations everywhere. Businesses, small and big, as well as government entities are all potential targets. Recognizing this, the U.S. Department of Defense (DoD) mandates private DoD contractors to adopt some defined cybersecurity standards and even has a Cybersecurity Maturity Model Certification (CMMC) in place to ensure appropriate levels of compliance.
If the government, with its already high cybersecurity controls and processes is still on its toes, smaller entities should not see security as a one-time deal. It is ongoing, all the time. As soon as certain security measures are put into place, cybercriminals will try to find ways around them or new methods for hacking.
Security breaches of Experian, Target and even Facebook all occurred during 2017. They made international news because they were “big boys” and worthy of reporting. 2018 took a bit of a different turn. While there were some breaches of major global enterprises (e.g., Facebook, Amazon, HSBC) and a disruptive wave of cyber attacks hitting the energy sector in the Middle East, a large fraction of attacks was staged against much smaller organizations. This is a newer trend in cybercrime, for a very good reason. Smaller organizations have not thought of themselves as targets and thus have not made security their top priority.
But when hackers can get into accounts of smaller businesses like digital agencies, think of the information they can obtain. They can steal full client personal information and thus “sell” identities. They can hold those records for ransom. When they get into smaller retailers’ accounts, they can do the same. No business is “small” enough for a targeted attack. So you should come prepared.
The types of cyber threats to account for in 2019
Too much connection to mobile. Mobile malware, when downloaded by an unsuspecting user, does not just jeopardize that user’s information but the data of any organization that user patronizes on their mobile device. ZooPark – a new Android malware – made a lot of fuss this year in several middle-eastern countries.
Wearables and IoT devices. The more devices that are collecting and moving data over the web, the greater the threat of security breaches. Many of these devices have only minimal security software, but once a hacker is in, he can move through that device to large stores of data. Smart appliances, for example, allow owners to regulate them from afar. But with each command, there is the chance for an attack.
BYOD. This has become an increasingly common practice within organizations. Employees bring their own devices to work and are provided passwords, etc. that get them into the IT infrastructure of that organization, but could then be easily stolen by hackers, when users connect with same device to a public network.
Employee personal use of company devices. It’s not just the PCs in offices. Many employees are provided “company-owned” mobile devices which they also use for personal activities. This is a major pathway for hackers to gain access to an organization’s data.
Essential steps for preventive preparation against new threats
Continuous employee education and training. The human factor still remains the main cause of most breaches. However, according to a recent report by Deloitte, only 25% of organizations are actually putting preventive security breach plans in place and enforce those within their companies. Clearly, more education needs to be provided to ensure that your team can spot suspicious activity early on and mitigate the risks. You could invest in yourself or some key employees to take courses in data analytics and security. It’s also a smart idea for an organization to conduct a penetration testing session that would help establish the “weak links” technology-wise and then train your staff on prevention measures and activities.
Limit practice of BYOD. Prohibit your key employees, dealing with sensitive data, to use their own devices. Most of the times they become key targets of the elaborate spear phishing email campaigns.
“Hackers can now send very ‘legitimate’ emails, imitating a real person or company – your CEO, a bank, or even a government official,” said Moran Zavdi, CEO of Nucleon. “Such emails often include links or downloads. Once the receiver engages with any of those, the virus file is released and starts roaming through your network. The biggest issue with spear phishing is that 96% of executives worldwide cannot tell the difference between a legitimate email and a malicious one. So, proactive cyber security, education and training is the best cure here.”
Password security. Yes, no one likes lengthy or complicated passwords, but they are still the best means against unauthorized network access. Enforce changing passwords often and be certain to block access to any company information on the part of any departing employee. As well, ask everyone to enable two-factor authentication whenever possible.
Cybercriminals try to stay one step ahead of organizations. Hence, businesses need to stay abreast of the latest types of threats and putting preventative measures into place. It means ongoing analysis of your vulnerabilities and minimizing them. If you do not have the in-house network security experts, its best to hire a firm that does.
