Is your business protected against 2016’s biggest cybersecurity threats?
As we move deeper into 2016, we wanted to take a look at the issue of threats to cybersecurity and what experts are recommending that businesses look out for this year. Among the top predicted cyber threats are:
- Sniper and shotgun malware, designed to get past the cyber defences of specific organisations (e.g. the cyber breach of Target’s data systems in 2013)
- Attacks on mobile phones, often via compromised apps
- Attacks on infrastructure, public utilities & key industrial processes
- Attacks on smart devices, such as smartwatches – viruses known as ‘headless worms’ could move and spread from device to device
- Hacking in-transport systems
- Attacks on virtual environments
- Attacks on new operating systems
- Machine-to-machine attacks – these are threats to the ‘Internet of things’ connected to one another (see below)
- Drive-by attacks, where websites can fingerprint your smartphone when you connect to them and pinpoint its vulnerabilities
- Attacks on the cloud and cloud infrastructure
- Ghostware (malware that covers its tracks) and blastware (malware that disables or destroys a system when detected)
In a recent article on the CNBC website about 2016’s biggest cybersecurity threats, Derek Manky, Fortinet global security strategist, is quoted as saying that “Every minute, we are seeing about half a million attack attempts that are happening in cyber space”.
The article also highlights that Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30% from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected every day.
Each one of these new connections potentially represents a vulnerability. If you’re able to connect with energy meters, lighting, fridges, baby monitors or even your kettle via your smartphone, can you be sure that these items are secure or could they present a way into your data for hackers?
Plus, given the number of attack attempts highlighted above, does a vulnerability mean an inevitable attack? Do all businesses have to accept that their data will be breached at one time or another? After all, if big brands such as Experian, Carphone Warehouse, TalkTalk and Ashley Madison were breached in 2015, couldn’t it happen to any of us?
The cybersecurity threat of spear phishing
As well as the threats highlighted above, let’s not forget that 91% of targeted attacks on IT systems still come from ‘spear phishing’, which is when an email appears to be from an individual or business you know, but isn’t. Spear phishing attacks are usually looking to access financial data and passwords. This may be where your business is most vulnerable.
In an interview at the RSA Conference 2016, Rohyt Belani, CEO of PhishMe, discussed the fact that he doesn’t believe breaches through spear phishing are inevitable, although infections may be. By infections, Belani means phishing emails or viruses probing into the IT infrastructure and being caught in seconds or minutes, rather than lurking within systems doing damage for weeks or months. Belani would only consider the latter to be a breach.
Beyond investing in the best security systems that your budget will give you, Belani discussed in this interview how humans are still the best defence against cyberattacks because we have the ability to understand context. Something as simple as seeing an email footer claiming it’s been sent from an iPhone when you know the person has a Samsung phone can be enough to set off alarm bells about phishing emails. Equally, you may notice typos or random capital letters in an email sent from someone whose grammar is usually spot-on. Or, when you open an email, you may notice that the sender’s address is different to where the email appeared to come from when it popped into your inbox.
What can small businesses do to protect against threats to cybersecurity?
In our experience, it’s better to have centralised security management solutions to protect against a variety of different attacks. Businesses often think they need to improve their security by implementing lots of different systems, but this can unnecessarily complicate matters and allow attacks and even breaches to slip through the net.
It’s important to develop a clear security policy for your business, and give your employees training about cybersecurity and what they can do to be vigilant, as well as implementing ways for them to report anything suspicious they notice. Remind them not to open documents from unknown sources; ask them to exercise caution about clicking on unknown links in emails, and make sure that software is regularly updated. This last point is important as software developers are constantly adding patches to stop hackers getting through and adapting defences for new threats – software updates can help keep your IT systems and data safe.
Your cybersecurity strategy should include anti-virus software. Here at One Source Communications, we recommend and use AVG for internet security and mobile protection.
You should also consider giving end users limited privileges and only letting your IT team, or at least a limited number of personnel, have administrative rights.
If you could like to discuss any aspect of your IT solutions, including cybersecurity and making sure that your data is properly protected against breaches, give us a call at One Source Communications on 08442 570 111.