Cybersecurity is the biggest threat to business today. In fact, just this week, the New York Attorney General said data breaches have increased by 40% The crucial question business and their stakeholders must ask is how do we protect ourselves against numerous attackers who seem to be above the law? The following list should be a solid starting point for your business.
- The IT professionals in Congress sent an alert to staffers that Yahoo! Email will be blocked due to ransomware – which encrypts all computers on a network – they will be potentially unlocked if you pay the ransom but there is no guarantee. If Congress – with its infinite resources admits it cannot protect its computers – how does everyone else?
- Within the same week, the FBI sent out an urgent warning that ransomware is becoming an epidemic and emails are just one way the infection spreads; infected websites are a major new threat as well. We reached out to Chief Administrative Officer of the House and were directed to Communications Director Dan Weiser. We emailed him, asking about the discrepancy between blocking email while websites are still insecure. We asked how they’re dealing with this. We haven’t heard back yet. Regardless, the point it seems the US government is confused about how to protect themselves from ransomware… How do the rest of us deal with this issue?
- Quite often organizations don’t have a clear handle on where all their sensitive data resides. Customer lists, government IDs, articles of incorporation, etc. Government agencies like FINRA, NIST and the FCC have voluminous checklists of items companies should potentially protect.
- Another challenge is the data is not easy to identify in terms of its risk value. A customer list may be very valuable to ex-employees and the competition while patent information may be of great value to nation-states who want to steal US R&D and use it to boost their own economies at your company’s expense.
- Once information is stolen, quite often it shows up on the dark web and the only way to find it is to continuously scour the dark web for your customer’s data. At the recent Inside Dark Web conference in New York, much of the discussion centered around the tools and techniques needed to ensure important corporate data is identified if it does show up for sale on an anonymous forum reachable only by a Tor browser.
- User error is a major factor in cyberattacks. This can come in many forms such as an improperly configured system like at Bangladesh bank. Another example is a user who clicks on a link they shouldn’t or one who plugs in an infected USB drive. It is very difficult to police something you can’t control 100%. BTW, the bank lost $82 million.
- The inside job. An increasing number of attacks are coming from insiders – whether they are business partners, contractors or employees. There is no way to be 100% certain that an insider is stealing your precious data but there are warning signs which may be there worth being aware of.
- A lack on analytics or anomaly detection services in your organization. Even with the most advanced systems, Advanced Persistent Threats or APTs can be a major issue because not all algorithms are created equally. Meaning, some threats may be found easily via one vendor’s system but not another’s.
- Cloud break-ins… Increasingly, companies are using the cloud and this is happening at the same time that the government is very interested in getting access to more and more data. This sets many companies up for a situation where their data could be shared with government agencies – states and federal and they may not be made aware of this data transfer. Worse, attackers are targeting the agencies collecting the data, meaning your data could be stolen thanks to a back door in your public cloud contract.
- BYOD devices are increasingly becoming targets and more difficult to defend against.
- Backups aren’t being done properly or audited by organizations. As scary as it sounds we often run into companies with no system of backups when we meet them. In other cases, backups are being done only for the previous day and kept onsite. These are all major causes for alarm as not only can a hard disk failure kill a business but so can a ransomware attack where the perpetrator doesn’t want to unlock your files.
A new bread of Hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. 5-star rated Apex Technology Services stands ready to protect your company regardless of whether its located in New York City, White Plains,Connecticut, Australia, Europe or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal so you can spend less time worrying and more on growing your business.