Trick or Threat?
This Halloween, many of you will find it difficult to get a good night’s sleep. This might be because of the scary movie you just watched, the sugar overload from all the Halloween goodies you’ve eaten, or perhaps you’re afraid that cyber threats are about to jump out at you. Just like the ghosts and monsters stalking the streets this 31st October, there are a variety of cyber threats you need to be aware of. Given that Halloween falls on the final day of Cybersecurity Awareness Month, it’s fitting to provide some lessons we can learn from the movies:
Everyone/thing Is A Threat
Most of us are now programmed to be suspicious of people we don’t know. ‘Stranger Danger’ is a phrase that many will have learnt from an early age, but in this cyber age it’s very easy for attackers to pretend to be someone they’re not, or for people we know to be the biggest danger.
In Business Email Compromise (BEC, aka CEO fraud) criminals use email spoofing, social engineering techniques etc., to send emails pretending to be the CEO or other person with authority requesting an urgent wire transfer.
In April, the FBI reported a 270% increase in victims of CEO fraud since the beginning of 2016, which has cost organisations over £1.7billion in the past three years. On average, BEC victims lose between £18,500 to £55,000 but some companies have been severely hit. Toy maker Mattel lost $3 million in 2015 through CEO fraud phishing scam, and Austrian aerospace firm FACC recently fired its president and CFO after it lost almost €40 million to BEC.
Suddenly, Phishing Exposure Assessments are a great idea.
Do malicious outsiders really pose the biggest IT risk to companies? Numerous data breach reports and studies indicate otherwise. According to a recent study conducted by Ponemon Institute, insiders are more than twice as likely to cause a data breach as external culprits.
From whodunnits to horror films, are we still surprised to find out it was someone trusted that turned out to be the culprit? The people that we work with that could pose the biggest threat even if they do not have any malicious intent. BEC and cyber fraud rely on the weak cyber awareness of employees, whilst vulnerabilities are introduced into the corporate network through infected employee owned devices, or bad security hygiene such as employees clicking on attachments or links.
Ongoing security awareness training and testing is important here, but core security controls should prevent and mitigate the insider threat. Privileged Access Management is essential in keeping the keys to critical systems safe, whilst encryption of sensitive data is important to keep the crown jewels safe both at rest and in transit. Internal segmentation firewalling makes sure that when your security does get breached (it’s no longer a case of If it gets breached), the attacker is contained and the breach alerted on.
There’s Nowhere To Hide
As we’ve seen in films, you can squeeze yourself into a corner of your wardrobe but sooner or later that door will creak open and your time will be up. Attacks are no longer limited to a select few computer gurus. Cybercrime is more lucrative than the drugs trade, and now worth 0.8% of the global economy. If cybercrime was a country, its GDP would rank 27th – above Singapore, Austria and Denmark. This is a major industry with hacking toolkits on sale with available training and support.
Attackers are targeting third-party suppliers because they often have access to confidential information and systems, yet the smaller third parties typically have weaker security controls. Attackers use ransomware and Distributed Denial of Service (DDoS) attacks as diversionary tactics, to give them time to scan the network and devices. You can try to run but in the end they’ll find you. It’s only a matter of time.
Danger Is Everwhere
When running for your life, it might seem like the biggest threats are behind you – until you find you’re surrounded and there’s no room for escape. The Internet of Things (IoT) has introduced an unending array of new points of vulnerability that pose a serious threat both personal safety and privacy. Johnson & Johnson recently warned that its insulin pumps could be accessed by hackers, who could then overdose patients. Source code is now readily available online, for the malware that infected tens of millions of IoT devices and used them to launch DDoS attacks.
Don’t Fear The Unknown
There are plenty of reasons these threats will keep you awake at night. Not knowing what they are should not be one. By performing a comprehensive Security Risk Assessment with Infosec Partners, you’ll be able to identify all the things that you should be worried about and decide how much of a risk they actually pose and what we need to do so you can get a good night’s sleep.
Infosec Partners can protect you
Concerned that your organisation isn’t prepared for a cyber attack, or need expert help in integrating your defences? We can help. From stress testing your security strategy and resilience to attacks, to helping you choose and deploy the security technologies you need, Infosec Partners are proven experts in full-spectrum cybersecurity and a team you can trust.
For your free consultation, please complete the adjacent form or to speak with trusted advisor immediately
Call us on +44 (0)1256 893662.
Did you know? Infosec Partners are the only full-spectrum security experts offering any vendor any device managed security services? It’s our comprehensive security expertise and dedication to keep the customer secure that our reputation has been built on, and the reason why clients and leading security vendors alike consider us partners of excellence.