Back when the Internet was still in its infancy and there was less malware in circulation, we all approached cybersecurity in a much different way. For the most part, it was possible to stay safe online with an anti-virus program and a firewall. The belief was that by taking basic security measures, you could keep malware out of your network.
This is no longer the case. The threat landscape has changed enormously over the last several years, and unfortunately many businesses are still using yesterday’s techniques to combat cybercrime.
Today, fighting cybercrime is like trying to fight mosquitoes in the forest; try all you like, but eventually you are going to get bit. As we discussed in a recent blog post, it’s no longer a matter of if, but when. There are too many threats coming at your business, and from too many angles, to fend off every attack.
Here are 10 reasons why your company will get with a cyberattack:
1. Cybercrime is still an IT problem: Most workers today still have a compartmentalized view of cybersecurity. In other words, they think cybercrime is a backend IT issue and not a problem that they need to pay attention to. Until your workers get the message that fighting cybercrime is everyone’s responsibility, your company will have a gaping hole in its cyberdefense strategy. IT can only do so much to keep intruders out of your network.
2. Cybercriminals are now on social media: Most of your employees are actively using social media channels like LinkedIn, Facebook and Twitter while they are at work. And so are cybercriminals. According to one recent report, social media phishing attacks grew by a whopping 500 percent in 4Q16. Many of your employees may be networking and interacting with bots or spammers that are trying to worm their way deeper into your network to steal information or embed malware.
Try this experiment: Take a look at your own LinkedIn connections. How many of these people do you actually know? You may want to consider sending an advisory to your team to be cautious about who they connect with online.
3. Malware is constantly changing: As soon as you eliminate one cyberthreat on your network, at least three more are bound to pop up. New types of malware are constantly being created and deployed into the wild. For example, news broke this week about a new type of SQL-based malware that is targeting companies using the Magento e-commerce platform. The malware supposedly lies dormant in the Magento database and executes when a customer places an order in an online shopping cart.
"Malware was stored in [databases] before, but only as text,” Byte BV co-founder Willem de Groot told Bleeping Computer. “You could scan a dump of your database and know whether it contains malicious stuff. But now, the actual malware is executed inside the DB. This is the first time I see malware written in SQL. Previously, malware was written in JS or PHP.”
This begs the question: How many online businesses will continue using the Magento platform without even knowing about this threat?
4. There is no access control on your network: Are employees sharing accounts among themselves? Are executive folders accessible on shared drives? Can former employees still access your network? If so, your business is at serious risk for a cyberincident. You need to establish secure access controls as soon as possible. Make sure all accounts are protected with strong passwords (meaning passwords that are difficult to guess and utilize a variety of different characters). Biometric, or biological, security tools like fingerprint or voice scanners should also be used to protect accounts and devices.
5. The cloud has consumed your business: Your employees are using many different cloud services (like Google Drive and Dropbox) to store and share information. IT has no idea what they are using, and where information is being stored. This is called “shadow IT” and it’s becoming a major problem for businesses.
According to Cisco, the average large enterprise now uses 1,200 individual cloud services. This is about 25 times more than most IT leaders think their businesses are using. This problem will undoubtedly get worse over the next few years, as cloud services continue to grow in popularity.
6. Your IT department is stretched too thin: Sure, you would love to hire a team of full-time cybersecurity experts. But you are an SMB — not a Fortune 500 company — and you are on a budget. As a result, your IT department is already stretched very thin. Most of your IT workers spend their time responding to trouble tickets, instead of investigating cyberthreats on your network.
Your business is not alone in facing this problem. In fact, even businesses with the budgetary allowance are finding it difficult to find full-time cybersecurity experts. Right now, 27 percent of U.S. companies are unable to fill cybersecurity positions.
7. Breach acceptance has set in: A few years, ago cybersecurity experts warned against the onset of “breach fatigue,” or the normalization of data breaches. Unfortunately, this happened. Today data breaches are no longer seen as uncommon occurrences. Last year, the total number of U.S. data breaches reached an all-time high. As such, the problem has moved from breach fatigue to breach acceptance. Many people think the problem is too big to stop, and not even worth fighting. And this is incredibly dangerous.
8. Hackers may already be inside of your network: In the past, it was relatively easy to tell when your computer became infected with a virus. A virus, for instance, would delete files or cause pop-up advertisements to appear randomly on the screen. But today, there are many types of malware that can sneak on to a computer or network and silently cause damage in the background without you even knowing. In fact, there is a chance that your business may already infected with malware. Making matters more complicated, many of these strands can evade threat detection software — leaving you with a false sense of security.
9. Your data is valuable: Make no mistake about it: Hackers want to steal your data. Healthcare companies are especially at risk, as individual medical records are selling for between $14 and $25 online. Eventually, someone is going to test your network to see if they can hack it. And if your information is not protected, it will be stolen right from under your nose.
10. You are working with multiple vendors: Imagine you hire a third party agency to help grow your website, and one of your vendor’s employees decides to store your website’s login credentials on his or her laptop. Someone could steal that machine and gain access to your website. Unless you are using a cloud security access broker (CASB) to monitor suspicious login attempts, you may not even know that a malicious third party intruder is logging into your system and stealing information. The problem could go on for months or years without your knowledge.
So with these points in mind, it’s time to take a different approach to cybersecurity in your organization. Cybercrime is no longer a threat you can ignore.
Here at Apex Technology Services, we can provide your business with an integrated approach to threat detection and prevention. Apex has a variety of resources to offer, some of which include:
- Anomaly detection and analytics
- Cybersecurity training and education
- Auditing and documentation
- Penetration testing
- Network forensics
To learn more about how Apex can help protect your business, click here.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.