- Security TWENTY
- Women in Security
As well as the evolution of traditional cyber threats, 2018 has seen a number of new threats introduced into the cyber scape, including new forms of phishing attacks and stronger data protection regulations with increased penalties for sensitive data leaks. Businesses need to be more aware and prepared than ever for a data breach, writes Dr Guy Bunker, pictured, SVP of Products, at the email and data security product company Clearswift.
With GDPR introduced in May, organisations such as Ticketmaster have already seen how the regulations impact security efforts, including the need to be far more careful with customer information, while Dixons Carphone has been the victim of a long-lasting malicious hack that has affected more than ten million customers. In the current landscape, there are 10 key cyber threats that organisations need to address, to reduce some of today’s biggest risks:
1. Non-compliance with GDPR
No matter where the world an organisation operates from, GDPR applies to all who hold or process EU citizen data. Organisations need to think about what impact it would have on them if they were to be found non-compliant, including up to a 20 million euro fine, unwanted media attention and subsequent reputational damage. For many organisations, the impact could mean closing down the business.
Phishing is one of today’s most common forms of hacking – for both consumers and businesses. A malicious sender targets individuals with an email that holds embedded malware, or asks for sensitive information. All employees, including the C-suite, need to know the signs to spot a phishing email – such as email addresses and tone of voice – to ensure that the risk is minimised and cybercriminals don’t gain access to the sensitive information they’re ‘phishing’ for that often results in financial loss.
Similar to phishing, spoofing – or Business Email Compromise (BEC) – is when a malicious email appears to come from the top of the chain – perhaps the CEO or CFO – and often has content around transactions of money. Because the email appears to come from the top of the organisation, employees are more likely to act without questioning meaning sensitive information such as bank details are shared without anyone internally noticing until it’s too late.
As we saw in 2017 with the WannaCry attack on the NHS, ransomware has the ability to take a business back to ‘pen and paper’ as entire networks are shut down. Ransomware attacks occur when employees click on a malicious link and instead of hackers stealing data, they hold it to ransom. It is ultimately a type of malicious code that can enter a network and encrypt all data and files.
5. Remote Access Trojan (RAT)
Remote Access Trojans, or ‘RATs’, create a backdoor into a computer that allows a cybercriminal remote access to an entire network. The malicious code enters an organisation’s network – generally through employee’s interactions with Phishing or Spoofed emails or websites – and allows for ‘backdoor’ access into systems. This threat can be used for the stealing of data or the running of a spam campaign – or botnet.
6. Distributed Denial or Service (DDoS)
DDoS refers to a hacker ‘pinging’ a network to cause a delay in legitimate website traffic. When a botnet is attacking the network, it makes it virtually impossible for those outside (consumers, stakeholders) to access it and will ultimately grind businesses to a halt. DDoS attacks start with a degradation of service so it is important to monitor the website for a drop in visitors.
7. Social Media
Social media poses a number of threats to an organisations. Employees can be ‘phished’ through a Tweet or message containing a link which appears to come from a friend, but actually includes a link to deploy harmful ransomware or malware. Reputational data can be caused through employees sharing inappropriate messages or images through a corporate account, or data breaches can occur from unauthorised information/file sharing.
A major threat to many organisations is out of date software applications. Without regular patching, cyber criminals will find vulnerabilities through which can attack can be executed. In today’s day in age, organisations should be streamlining patching processes, to make sure they are applied as soon as they’re available otherwise, it’s an open door for cyber attackers to come in.
9. Internet of Things (IoT)
IoT encompasses everything connected to the internet. In today’s modern world, there is more scope now for devices to be connected to the corporate network, with employees using personal IoT devices such as phones, tablets and fitness trackers, all day, every day. Connecting both personal and corporate IoT devices means there’s another set of objects the company now needs to control in terms of unauthorised corporate data transfer, unwanted sensitive data acquisition and patching, most of which will go under the radar of the IT department.
10. Insider Threat
Simply put, the insider threat refers to any threat to an organisation’s security or data that comes from inside the business, however in most cases, it’s from employees who make mistakes. An employee could send an email with sensitive data attached to the wrong person resulting in a compliance breach, or click on a malicious link embedded inside a document that distributes malware. There is another thread of insiders who are out there known as malicious insiders. Malicious insiders are referred to those who are employed by an organisation and leak sensitive corporate information, or steal databases and files. The person may be leaking the information for personal monetary gain or to compromise compliance.
Reducing the risks
To mitigate the risk of these top security threats, organisations need to ensure that they implement best practice security. At the heart of any security strategy should be education. Educating employees are essential to reducing the risk of a data breach or malicious cyber-attack. Making sure staff understand today’s cyber risks and how to spot them will take the pressure off IT departments constantly monitoring for (and fighting) threats, as well as reducing the chance of inadvertent data breaches from occurring.
Organisations should also implement policies and processes to ensure if a data breach or cyber-attack does occur, employees know what to do. Processes around “who do I talk to if I think I’ve clicked on a malicious link” or “what do I do if I think I have opened a suspicious attachment?” will be integral to ensuring incidents are handled in a timely and effective manner.
The latest security technology should be deployed as a last line of defence to protect an organisation from internal and external threats. There are a number of technologies that can be put in place to mitigate each threat but an end-to-end solution that protects a company from both cyber-attacks entering, and sensitive data from leaving the network, will be vital for any company. While technology is not a silver bullet for tackling today’s variety of cyber threats, it provides a safety net for mistakes and a defence wall for when malicious content tries to get in.