Cybersecurity threats are real, and the dangers they bring to the world of enterprise are detrimental. The reality is that if your business owns just a single computer, you are at risk. The climate of today’s business culture understands that cybersecurity is important, but almost every security expert will tell you that most businesses are not protected or prepared for an attack.
New cybersecurity threats in the form of ransomware, malware, and other malicious attacks enter the digital sphere every hour of everyday, their complexities and sophistication growing exponentially with each new threat.
The reality of doing business in the digital enterprise world is this: a business will fall victim to a ransomware attack every 14 seconds. And, by 2019, the cost of damages from cyber attacks will rise to $11.5 billion. – Steve C. Morgan, Cybersecurity Ventures.
Businesses must understand the simple fact—your business is under attack from cybersecurity threats every second, of every minute, of every hour, of every day. Are you ready to defend against attacks?
zbrella Tech is highlighting the top 3 cybersecurity threats trying to penetrate your business that you should absolutely know about.
Every business in the digital world knows about ransomware—a nasty little software bug that’s meant to block businesses (and just about anyone else) from their systems until they pay the ransom fee—but unfortunately, many businesses are doing little to protect against it. Ransomware attacks rose by 250% in 2017 from 2016, and the United States was hit the hardest by these attacks. Over 15% of top business industries were hit with ransomware in 2017, including Education, IT, Entertainment/Media, Financial Services, Construction, Government/Public Sector, Manufacturing, Transport, Healthcare, Retail, etc..
Cybersecurity threats and attacks often target end users in an array of different methods—phishing emails, malicious websites, remote desktops, smart devices and more. Wherever there is a digital doorway, hackers are trying to penetrate. And, in a single company, ransomware attacks target multiple employees, which results in multiple infected systems in your business.
Some of the most notable attacks of 2017 is the WannaCry ransomware outbreak, that successfully infiltrated over 200,000 business computers globally by exploiting a security defect in Microsoft’s Server Message Block, and hackers collected nearly $100,000 for their efforts. Other notable cybersecurity attacks include an attack on the San Francisco Municipal Transit Authority in which hackers demanded $73,000, an attack on the Hollywood Presbyterian Hospital in which they paid $17,000 to retrieve data, and an attack on Cloud provider company VESK, in which they handed over $22,800. These examples don’t even scratch the surface.
So what should you take away from this? Cybersecurity threats are extremely real, and cybersecurity plans and implementation should be of the utmost importance. Start by delegating your most important data into groups and protecting them. Create backups of everything, ensure backups are running every day, and are tested by a human at least once a month. And most important, train, train, train! Your employees are high targets, and by proactively training them in monthly sessions, you can ensure that they will implement best-industry practices that will protect your business on its front line.
Many, many companies employ the Bring-Your-Own-Device (BYOD) method in the workplace. Smartphones, whether they are Apple or Android or something else, have increased in today’s market and will continue to increase as time moves on. Because of the increase of use, and the increase of what users are relying on their phones for (banking, business, IoT, emails, etc.), mobile devices have become a hot target for hackers and their malicious software.
Cybersecurity threats lie in a multitude of things: SMS attacks, users not keeping phones up-to-date with vital security updates, malicious app downloads, malicious ads, malicious email attachments and links, etc.. In the case of SMS attacks, or rather attacks sent through text message, users receive links that look as if they’ve come from credible sources (like a bank), tempting them to click. More often than not, they do, and because of poor security measures on mobile phones, malicious malware can easily enter the phone. And when it does, if your company employs BYOD, and your employee works from their phone, they’ve just compromised your data. Hackers can now obtain credentials to all of your business accounts that said employee has access to.
One of the most notable mobile phone attacks of 2017 came in the form of an experiment discovered by an Exodus Intelligence security researcher, Nitay Artenstein.
The Broadpwn Wi-Fi Vulnerability Hack sent waves across every industry this past year due to the fact that a Broadcom Wi-Fi chip, which was installed into every Apple iPhone and most Android phones on the market, had major security flaws. Malware could be spread via Wi-Fi networks, meaning that if one phone was infected with the Broadpwn hack, any person who was using the same Wi-Fi network would automatically become infected. This hack had the potential to affect 1 billion Android and iPhone users. Scary, right?
Smartphone security in business, especially businesses who use the BYOD model, is absolutely essential. You must start by creating guidelines and regulations if your utilizing BYOD methods. Your business can and should implement security mandates, such as requiring employees to have software installed on their mobile devices that let your techs perform vital updates. And again, employee education is absolutely essential. They are your front line, and if you don’t equip them with knowledge and skills, they cannot, and will not protect you.
The Internet-of-Things, or IoT, has been the go-to technology for many businesses over the past five years. It’s a relatively new technology, and it has massive potential for business use, especially in industries like Construction, Real Estate, HVAC and others. IoT allows machines to talk to each other without the need for humans. Many companies have implemented IoT in simple ways to extract data such as how many people are in a room at a time, to see if conference rooms are available, if a room needs more heat, or if a room needs more cooling. The Construction industry has implemented IoT into building structures in bridges and buildings, allowing key members to track the health of the structures and monitor them over time.
IoT has given businesses the opportunity to garner a massive amount of intelligent data that is extremely sensitive. And because IoT is still relatively new, and because of its potential and popularity, IoT has become a massive platform for cybersecurity threats. According to Gartner, an American Research firm for IT, in 2017 8.4 billion devices were connected to IoT, 3.1 billion of those devices being employed by business. The forecast shows that IoT connection will continue to rise and is expected to reach 20.4 billion in 2020.
Cybersecurity experts know that IoT has a major flaw—there is not enough focus on security. Devices have extremely poor security protection and encryption, and IoT devices are often linked to mobile phones which, as mentioned above, also have poor security. The reality is that IoT devices pose a major enterprise threat. According to a 2017 Mobile and IoT study by company ARXAN, 58% of businesses were worried about getting hacked through IoT devices, and 70% of businesses were even more worried about insecure IoT apps.
If your business is using IoT devices and apps, it is vital that you put regulations, processes, and policies in place surrounding those devices and apps in use, as well as your business’ entire network infrastructure. It is not impossible to implement strong cybersecurity plans, but it is essential that you have a strong IT team who specializes in cybersecurity to help you plan and implement these things.
zbrella Technology Consulting is an IT Support, Technology Consulting, and Cybersecurity firm that specializes in helping businesses create strong system networks and security plans to protect every area of your business from end-to-end. Looking to create a stronger cybersecurity plan and protect against cybersecurity threats? Call us today at 800-750-4296 or contact us here.