As businesses continue to adopt ever-advanced technological processes and digitize their operations, cybersecurity becomes all the more crucial. Reiterating what our post on 'Current IT Trends' previously highlighted on corporate cybersecurity, this practice requires highly customized and “out-of-the-box” thinking. Especially as cybercriminals become more adept, creative, and quick to adjust to the latest — and vulnerable — advancements in tech.
This year, cybersecurity attacks are only expected to increase. Leading with the following threats dominating the landscape:
AI-enabled Attacks and Deepfake Scams: The thought of machines banding together against their inventors is something that’s been widely explored in movies and books. As it turns out, it may not be that far from reality, with artificial intelligence (AI) being one of the biggest areas of concern in cybersecurity. These technologies are being used by cybercriminals not only in automating attacks, but also in learning data that can be used to trick a company’s stakeholders.
Last year, a UK-based energy firm was targeted by a hacker who used AI-enabled software to imitate the voice of the company’s CEO. Nearly $250,000 was transferred to the hacker before executives caught on that it was a fake. This is an example of a deepfake scam, which can easily be used to spread disinformation within an organization.
Phishing: Since we’re on the topic of scams, phishing is another that continues to be another problem plaguing businesses. This is when criminals impersonate important personnel or the company itself in order to trick people into giving away precious information. These attempts are usually in the form of legitimate-looking emails that are difficult to tell from an original. Phishing usually start with generic address lines, or are targeted and contain information of specific people, such as their name and position in the company. The latter, often referred to as spear phishing, usually targets employees in finance departments, who have the capacity to transfer funds without further endorsement.
IoT and Cloud Storage Attacks: What many people fail to realize is that the need to be connected comes with a lot of privacy risks. This is true for both IoT devices and cloud-based storage. The most common risks include lack of standardization when it comes to the security and privacy of these devices. On top of that, some businesses also fail to train their personnel in how to handle new devices or cloud storage solutions. This can result in the failure to identify, monitor, and combat cybersecurity threats.
Gaps in the Deployment of 5G: The wide adoption of 5G is exciting, especially with the increased speed and bandwidth it promises. However, the Financial Times highlights how this advanced cellular network opens up a plethora of problems for cybersecurity professionals. For one, the increased connectivity creates a bigger surface of attack that cybercriminals can take advantage of. There will be more devices accessing 5G this year, many of which will have weak security. Faster speeds also mean that hackers can download data more efficiently.
Insider Threats: Lastly, let’s not undermine the power of human error in exposing sensitive information. Insiders, like employees, continue to be a major threat to a business’ cybersecurity — whether they cause breaches deliberately or as a result of an oversight.
So what are businesses to do? Here are some of our recommendations:
Don’t Overlook Basic Cybersecurity Measures: When it comes to cybersecurity, more advanced doesn’t usually mean more effective, which is why businesses shouldn’t fail to take basic measures. Let’s look at the finance industry as an example. Contrary to what one might think, the majority of hacking and malware breaches involve smaller financial organizations as the main targets. Compared to bigger banks, these institutions are more vulnerable and are easier to infiltrate. Cybercriminals also know that these banks may not have the resources to invest in multi-million dollar cybersecurity measures, unlike JP Morgan’s $600 million budget for cybersecurity.
Given that smaller financial institutions aren’t as proactive about cyber threats, it is up to the consumers to demand accountability from their banks. This is why on top of FDIC insurance and deposit policies, a Marcus article on online only banks notes that consumers should thoroughly examine their banks’ security measures — from SSL encryption and multi-factor authentication, to the use of firewalls and other cybersecurity solutions. Responding to these needs, along with strengthening passwords and using secure browsers, are the most basic, yet effective, steps any business can take to strengthen cybersecurity.
Incentivize Staff Training: From patient records to MRI scans, many processes in healthcare are now being done electronically. This poses a problem, however, as cybersecurity researcher Christian Dameff points out that cybersecurity training is inadequate or non-existent among healthcare professionals. “There’s a lack of awareness, and there’s a lack of resources,” Dameff says,” especially for rural hospitals”. Many clinicians are also resistant to cybersecurity measures as these may add tasks to their already busy workdays, taking away from their ability to provide adequate care.
However, cybersecurity is no longer optional, and it has become essential for industries like healthcare to standardize training in order to protect their stakeholders — from their medical professionals to their patients. Businesses across various industries should make cybersecurity training a priority, and give incentives if needed. It should be clear how it aligns with business objectives and for hospitals, as the value of their patients’ health is not far off from their personal privacy and safety.
Deploy Email Security Platforms: Unsurprisingly, the public sector is a primary target for phishing. There’s a lot of sensitive information kept by key organizations, something that cybercriminals are clearly aware of. Other than training employees on how to detect fraudulent communications, what the public sector, along with other industries, need to do is update security platforms at the very least. This includes installing spam filters and anti-phishing software that increase protection against phishing attacks.
Comply with Security Standards: Security standards are set in place for a reason — they ensure that companies work on improving the security of their IT networks and protecting their stakeholders. Compliance with these standards is all the more important in retail, where consumers’ hand over personal details every day.
One example is the Payment Card Industry Security Standard — a mandate that protects cardholder information to combat credit card fraud. If an e-commerce website gets infiltrated, for instance, hackers can store stolen information for future use or sell it on the dark web for malicious use, like identity theft and large-scale phishing campaigns. These regulations are important for risk management as well as protecting the legal interests of the company.
Mitigate Insider Threats: No sector is immune to insider threats, but unfortunately for the manufacturing industry, Industry Week’s ‘Insider Threats: Manufacturing’s Silent Scourge’ report reveals that it costs companies $8.86 million annually. Aside from their own employees, independent contractors, consultants, and third-party vendors need to be thoroughly vetted. These individuals are given access to the company’s networks, which they may expose unwittingly or maliciously. Businesses also need to be on the lookout for signs of malicious insider activity, such as unauthorized access to networks and excessive use of flash drives.
At the end of the day, cybersecurity is still a highly intricate endeavor. Don't wait - lets connect today. ISOutsource is here to help you out with planning your next moves in protecting the interests of your company.