As a business decision-maker, you probably field plenty of pitches from vendors about the benefits of their goods and services. The managed IT industry is no different than others in that regard, and you’ve probably received rate sheets and reasons why a third-party firm delivers cost-effective services. For the most part, they are typically right about outsourcing being a better solution than swelling your in-house staff. And then there are the reasons to invest heavily in cybersecurity.
Tom Martinez, who provides IT services in South Bend with tca Synertech shares his insights into the threats facing business leaders and why they need to pay attention starting now.
It’s not uncommon for those in the IT niche to present a heightened concern about cybersecurity threats. Although you see the splashy headlines about hackers breaching the likes of Equifax and Marriot International for hundreds of millions of digital files, the idea that you are under siege still seems over-the-top. Plenty of entrepreneurs and CEOs said the same thing, right up until the moment they were robbed.
The facts are that the average cost of a data breach reportedly hovers around $3.6 million, according to Cybersecurity Ventures. Compounding that threat, 60 percent of outfits go out of business within six months after suffering a digital assault. Yes, hackers are the Boogieman, and you need to sleep with the lights on. If you are one of many professionals who haven’t yet adopted the determined defenses IT experts are advising, consider these five threats and the solutions required right now.
1: Phishing Schemes Are A Silent Siege
Living in the digital age hasn’t changed the character of thieves, but it has changed their tactics. Electronic messaging ranks as the most prevalent and successful methods used by cybercriminals. Digital scammers typically send out bulk emails with an incentive for someone to open the message, download a file, click on a link, or respond by giving away personal identity information.
Criminals incur a low cost to run phishing schemes, and a reasonable certainty that one of the thousands targeted will fall for the trick. Supporting that claim, the Verizon Data Breach Report indicates that more than 30 percent of all hacks featured phishing. While many of these emails are routinely directed to the spam folder or deleted as nonsense, it only takes one convincing message to upend an entire organization. Cybersecurity experts typically advise industry leaders to provide ongoing awareness that includes the following.
- How to recognize the telltale signs of a phishing email
- Real-time cybersecurity alerts that identify emerging threats
- Ongoing education and training to keep security at the forefront of people’s thinking
The question business decision-makers need to ask is: Do you have at least one employee that could fall for a phishing scheme?
2: Ransomware Attacks Can Crush A Small Business
It’s important to understand the relationship between email phishing schemes and ransomware attacks. Although ransomware occupies a unique cybercrime space, the delivery of the malicious file may leverage email or brute force hacking. Digital thieves generally take the path of least resistance to infect a computer or entire network.
Once the malicious software has been embedded in your system, hackers take control and demand a ransom, usually payable in bitcoin. Frightening statistics about ransomware attacks include downtime of more than two days, and an average payout of more than $700,000, according to an Acronis report. These are measures you can take to prevent a ransomware attack.
- Keep software and hardware updated at all times
- Enable click-to-play protocols for Flash and Java
- Cleanse your system of outdated apps that create vulnerabilities
According to CSO Online, the healthcare sector suffers the most ransomware attacks of any industry, and they are expected to quadruple by the end of 2020.
3: Databases Exposed By Social Engineering
Given that you may have already taken some advice and hardened your defenses by installing enterprise-level antivirus software and firewalls, among other steps, you may feel reasonably secure. Unless you have taken a long look at standard employee login protocols, your entire organization may be exposed right now.
Social engineering schemes are sophisticated methods of impersonating someone who works in your business orbit. Using electronic messages, a dialogue may be opened that employs personal information culled from business networking sites or social media platforms. Once a valued team member has developed the confidence they are corresponding with a trusted colleague, a request for information is made. That data often involves login credentials.
There’s little you can do to prevent someone from being taken advantage of in a digital confidence scheme. But what decision-makers can do is limit employee database access. Commonly called “zero-trust,” each login profile has stringent limitations. Zero-trust doesn’t mean that you suspect a bad actor is in your ranks. It means that if a valued employee falls prey to a social engineering scheme, the hacker cannot seize control of your entire database.
4: Hackers Use Automated ‘Credential Stuffing’ Methods
Cyber-crime statistics regarding credential stuffing have not made the splashy headlines of other hacks, yet. That’s largely because it takes a specific class of hackers to leverage the technology necessary to breach a network in this fashion. Credential stuffing involves a digital burglar identifying an organization that allows workers to use their company email account as a username. Given that most profiles require only a username and password, commonsense dictates that the hacker is halfway into your network without doing a single thing.
Securing a correct password often requires either trickery or effort. Credential stuffing requires neither because a tech-savvy criminal can use automation to run common passwords against hundreds of usernames until they hit the jackpot. These are cost-effective defenses a cybersecurity expert can provide.
- Two-Factor Authentication
- Multi-Factor Authentication
- Password Management Systems
The rise of automated tools at cybercriminals’ disposals has substantially elevated the threat of credential stuffing in recent years. ZD Net reports that the financial sector experienced a 5 percent surge in brute force, credential stuffing incidents from 2017 to 2019.
5: File & Message Sharing Mistakes
At the root of many data breaches, there’s typically some level of human error. Believe it or not, one of the biggest problems stems from a seemingly harmless option in your company email. Using the “Reply All” tab too often results in one-on-one private messages reaching the wrong inboxes.
While embarrassing and unprofessional messages can leave you red-faced, this option can also result in sending out confidential employee and customer identity information. As an example, EA Games reportedly sent out the sensitive identity information about its subscribers. Even though the platform wasn’t actually hacked, digital assets were strewn across the internet.
Accidental file sharing isn’t just the one person’s mistake who clicks Reply All. The mistake can only happen in the absence of a well thought out cybersecurity strategy. Human error begins with the organization’s decision-makers not taking proactive measures.
If you are a business leader who has grown deaf to excessive service pitches, it may be worthwhile to listen to cybersecurity experts. Hackers truly are the digital Boogieman, Grim Reaper, Keyser Söze, and thief that comes in the night. The hard data proves that fact. Only your determined efforts to maintain robust cybersecurity can keep your organization safe.
Interesting related article: “What is Phishing?“