In 2019, the world will mark the 75th anniversary of the invention of the Rubik’s Cube and the 50th anniversary of Woodstock – but chances are also good that it will be the year your organization is hit by one of the daily insidious cyberattacks.
Verizon reports that in the 12-month period ending in March 2018, there were more than 53,000 cybersecurity incidents and 2,216 data breaches in 65 countries. Yet despite constant headlines of massive data breaches, only 25 percent of organizations are making plans on how to stop such attacks, Deloitte reports.
For organizations to combat the increasing security threats, they need to address:
Police often say that burglars like to choose homes that have unlocked doors or windows, no burglar alarm or a dog. That makes sense, which is exactly why cybercriminals like similar targets such as outdated hardware and software systems that are more vulnerable. Companies with online sales need to be especially cautious, as DDoS attacks can slow their site so much that customers head elsewhere.
You may believe you have the Fort Knox of cybersecurity, but do your third-party vendors? If they are breached, hackers may now have the key to your business as well. Getting access to your company through a partner or vendor helps attackers by “establishing a beachhead there and then leveraging the trust implicit in the integration to gain access,” says Ralph R. Russo, director of applied computing programs and professor of practice of IT management and cybersecurity at Tulane University School of Professional Advancement. Do a risk assessment that identifies potential security gaps and put vendors through a rigorous vetting to ensure they are a trusted – not vulnerable – partner.
Social media connections
Random connection requests often are used for scraping and data mining for social engineering attacks. Technical professional organization IEEE recommends that if your company has a social media account, then one person should be the administrator, but also give social media administrative access to other key people so they can do damage control if needed. A shared password manager can help protect corporate accounts, as well as stopping employees from connecting personal accounts to professional accounts.
Internet of Things (IoT) hacks
Researchers at Senrio found that an organization’s vulnerable IoT devices – such as security cameras – can give hackers a way into networks, moving from one device to another. Criminals gaining access through devices makes it more difficult to detect than if they are trying to access a PC or server, researchers find. It’s important for organizations to stay current on security patches of various devices – and even let “hacker” teams try to compromise new devices to look for vulnerabilities.
Poor password protection often leads to a privileged access management attack, which Gartner ranked as the No. 1 security priority for 2018. In 2019, that concern grows as many organizations won’t acknowledge their vulnerability. Okta recommends multi-factor authentication, restricting privileges of employees and devices and ensuring that all security patches are current.
While defending your organization may seem daunting, keep in mind that as fast as criminals are trying to get in, many security measures are making it more difficult for them. By committing to ongoing risk assessments and making it a priority to stay current on secure protocols, you can push hackers into moving on to less-secure targets.