Cybersecurity is anything but a new concept, and if recent and current events are any indication, the concept isn’t going anywhere anytime soon. Let’s take a few moments to consider some of the bigger threats currently out there, and how they will influence the threats we see going forward from here.
Nowadays, there are a few specific threat vectors that are clearly en vogue for cybercriminals to use. These are the threats that you now see mentioned by name in the news. Let’s review some of the primary threats that businesses face today before we review the lessons that we can glean from them.
Phishing—the use of deceit and deception to fool a person into granting a scammer what they want—has proven to be unfortunately effective. This is also commonly used as a means of spreading ransomware. Ransomware is a distinctly nasty threat that encrypts its target’s data until a ransom is paid under threat of deletion, with attackers now asking for an additional payment to not leak the data they initially encrypted. While neither threat is good, the combination of the two adds insult to your business’ injury. You need to ensure that your team is prepared to deal with these kinds of threats (as we’ll get into later).
Perhaps unsurprisingly, the recent financial assistance given to so many was a veritable smorgasbord of opportunity for cybercriminals. Between the pandemic assistance, unemployment benefits, and the data that was stolen from Facebook and LinkedIn, it isn’t hard to imagine that identity theft cases could potentially rise.
Passwords, while the default protection for effectively every user account in existence today, aren’t all that secure—particularly when they are reused, or other shortcuts are taken that make them more convenient to the user but also make them easier for a hacker to crack. This makes it crucial that you and your team members are doing everything you can to use the most secure passwords possible.
While Internet of Things and Industrial Internet of Things Devices are undeniably useful in many ways, many of these devices are not built with sufficient protections in place. As a result, the presence of IoT/IIoT could potentially leave your business vulnerable—either by opening up a vulnerability in your defenses or by allowing data to leak out.
While we all like to think we can trust the people we’ve hired to work for us, there are always going to be a few people who aren’t above lashing out if they feel slighted or who take advantage of their position for their own exclusive benefit. Access controls will be key to helping to reduce the likelihood of such attacks.
In a way, they’ll likely look very similar… they’ll just use different technologies and methods in practice. Deepfakes and artificially mimicked voices could be used to bypass access controls and stress-test a business’ cybersecurity protections. Increased use of voice assistants (we’re looking at you, Alexa) could lead to cybercriminals collecting data from these sources.
In short, future cyberattacks will likely look a lot like what we deal with today, albeit a little worse and using different methods to collect information.
And we mean lock it down, both in terms of the cybersecurity software you have on it and around it on your network, and in terms of access controls and physical security. The obstacles between a cybercriminal and your resources need to be maintained and tested to ensure that, should you be targeted, the attacker will be motivated to seek out a different target.
Okay, so while you should be doing everything you can to prevent your data from falling into unapproved hands, encrypting it helps ensure that any data that is exfiltrated is effectively useless. Encrypting your data as it is being stored and especially transmitted helps to ensure that—even if data is stolen—it isn’t actually breached.
It should come as no surprise at this point that cybercriminals will often try and take advantage of the users whom you have given data access to in order to steal it. Phishing attacks and the like are only too common, so it is important that your staff knows the risks and are well-versed in the procedures to help eliminate these risks. Incorporating a security-first mindset into your company culture will do a lot more than you might expect it to.
It’s clear that, as we increasingly turn to digital solutions and technology for more and more of our activities, cybersecurity will only become more important. Suffolk Computer Consultants is here to help put your business on the right foot moving forward. Give us a call at 631-905-9617 to learn more about the cybersecurity tools and protections we can implement for you.