This new year has seen an alarming spike in ransomware as cybersecurity concerns have plagued businesses. Data privacy, malware, security breaches, business intrusion…the threats go on and on. There is also the very real concern of election tampering. Every business out there with a computer that is connected to the digital world is now at risk.
“We are seeing growing attack surfaces — for example, automotive, drones, satellites and hardware components,” said Michael Sechrist, chief technologist at Booz Allen Hamilton.
There is also “increased obfuscation from sophisticated actors — that is, malware code reuse and similarities,” he shared.
“Several major domestic and international events will likely provide attackers opportunities for digital disruption across large and small companies and governments alike,” Sechrist said.
“The main threat companies face is in not adequately keeping pace with the ever-evolving security threat landscape,” said Ellen Benaim, information security officer at Templafy.
“It is a constant battle to keep abreast of the latest issues. To make matters worse, we predict that in 2020 cyberthreats will become more frequent and sophisticated, spanning a wider attack surface and causing a more deadly impact,” she emphasized.
How do they get in?
Phishing, Phishing, Phishing…
“Phishing is essentially tricking others into taking an action that can be profited from,” said Tom Thomas, adjunct faculty member in Tulane University’s Online Master of Professional Studies in Cybersecurity Management program.
“Since all those millions are still sitting in a bank in Nigeria for over 20 years now, I am sure phishing is here to stay as long as people are greedy and easily tricked,” he told TechNewsWorld.
“Education is quite common, but these scams are evolving as well — and some of these email scams are very believable unless you look closely, which most people do not,” warned Thomas.
Phishing plays on the problem that most people are overworked and in a rush and don’t take the time to really look at a domain. They are counting on victims to haphazardly click without giving it too much thought.
Over half of all terminated employees take sensitive corporate data with them. That’s a big number!
Outlined in a 2009 study conducted by the Ponemon Institute, data theft is rampant in the business world. The study found that 59% of employees who either quit or are asked to leave take confidential or sensitive business information upon their departure. Done without the employer’s permission, this confidential electronic information has the potential to be saved in multiple locations beyond the employer’s control and on devices unknown to the employer.
The Ponemon Institute study found that over 50% of departing employees claimed that one reason they took employer data was their perception that “everyone else did it when they left.”
Even the best employees make mistakes and a targeted attack uses social engineering to deliberately trick people. Spear phishing is a variation on phishing in which hackers send emails to groups of people with specific common characteristics or other identifiers. Spear phishing emails appear to come from a trusted source but are designed to help hackers obtain trade secrets or other classified information.
The difference between spear phishing and a general phishing attempt is subtle. A regular phishing attempt appears to come from a large financial institution or social networking site. It works because, by definition, a large percentage of the population has an account with a company with huge market share.
In spear phishing, an email appears to come from an organization that is closer to the target, such as a particular company. The hacker’s goal is to gain access to trusted information. This is often as simple as looking up the name of a CEO from a corporate website and then sending what appears to be a message from the boss to email accounts on the corporate domain.
Computers aren’t the only devices at risk-smartphones are now a risk as well. The simple act of downloading apps can open the door to a malware attack.
“The StrandHogg malware is using malicious but popular apps on the Play store as a delivery mechanism, and until Google closes the vulnerability that allows this to work, any device and user is susceptible,” said Pitt.
“Mobile phones have become a gateway to our most sensitive and personal information, and yet the offer of a free application still gets millions of downloads without a thought as to whether it’s ‘safe,'” he added.
“Users need to stop blindly accepting device requests for access to resources; stop downloading free apps that they do not need and probably will only use once; and, finally, deny if an application requests access to something that seems strange or unnecessary — for example, a PDF reader wanting access to SMS messages,” advised Pitt. “This will help keep devices and data more safe.”
If you need help with cybersecurity contact DarkHound at [email protected]