Target, Sony, Home Depot, Staples, GoDaddy — the list of companies who’ve made it to the “cyber-attacked” list goes on and on. Every day, over 4,000 cyber-attacks occur, nearly three attacks every minute. The sophistication and techniques used by hackers is growing and evolving constantly. Fortunately, we can use the lessons learned throughout the history of cyber-attacks to increase our knowledge and awareness, and in turn, better protect ourselves from cyber-attacks.
Anyone and Everyone is Susceptible. Big box companies, small organizations, healthcare companies, government, private businesses, schools, you name it. If you have the internet, you’re at risk. Cybercriminals will go after any business that allows for a quick attack and quick return. It’s important to remember that just because you are a large established organization with a top tech team (think, the Target 70 million stolen credit cards),a cyber-attack is still a real, present threat for your organization. On the flip side, just because you’re a small “mom and pop” shop, doesn’t mean hackers won’t bother with you.
Don’t Rely on Another Company to Safeguard Your Data. You may recall the 2015 data breach that affected millions of T-Mobile customers. What’s interesting is that the breach did not directly attack T-Mobile. Rather, T-Mobile’s credit reporting agency Experian (which checks out potential customers for T-Mobile), was hacked. In turn, the 15M people who applied for T-Mobile wireless services had their names, addresses, birth dates and social security numbers stolen. Third parties are often used as a launch pad to a bigger compromise – so do your homework and make sure your associated and affiliated companies, partners and vendors have strong cyber protections in place.
Hackers Hail from All Over, Many From Oversees. Historically, the profile of a hacker has changed and expanded. No longer are they simply “tech-geeks” hacking away in their basements, they’ve evolved and grown geographically. In particular, attacks from oversees have grown exponentially. China and Russia are common culprits. Nationalist and state-sponsored attacks are one of the biggest trends in cyber-attacks. Many experts believe that with so many attacks attributed to China in 2015, Chinese hackers may be compiling profiles of millions of U.S. citizens, particularly intelligence agents.
Your Insiders Pose a Big Threat. According to a Verizon data breach report, 20.6% of all attacks are due to insider misuse and an additional 15.3% of attacks stem from device loss or theft.1 This is where employee education and cyber-awareness training comes into play. Don’t assume your employees “know better.” All it takes it one opened email, one click of a hyperlink and one lost smartphone. Take precautions to get your team thinking differently about the risks and consequences of their electronic actions.
Internet of Things Means New Things to Attack. Internet of Things (IoT) devices are now flooding the market. As more and more of our belongings (cars, toys, wearable devices, headphones, etc.) send and receive data electronically, connecting to the internet and/or each other, the threat against them grows. Vulnerabilities have been revealed in connected cars, child gaming devices, baby monitors and even Barbie dolls to name a few. Digital toymaker, VTech, was one of those attacked, exposing the data (name, birthdate, gender) of 6.4 million children. Cyber-attacks are no longer limited to the workplace.
BYOD has Added to the Problem. Smartphones, tablets, laptops, personal devices in the workplace… this all means more vulnerabilities, more targets for hackers. As we multiply the devices that connect to our network, cybercriminals now have more ways of “getting in” to our data, network and information. This makes it a bit harder to fight. It’s important that your organization has a BYOD plan and policy in place for mobile devices and employee personal devices used in the workplace to lower your risk of breach.
This isn’t Going Away. Some of us may remember when we thought the internet was a “fad” and that computers weren’t going to change our workplace. Clearly, we couldn’t be more wrong. Technology has changed our lives, the way we work, the way we bank, communicate, shop, play, etc. As such, crime has followed and also pervades our lives. A Symantec analysis of security threats found that cybercriminals are working faster than companies can defend themselves and are launching more malicious attacks than ever. Over 317 million new pieces of malware (PC viruses, other malicious software) were created in 2014-which means nearly one million threats were released every day.
“The Board” is Now Demanding Attention. Gone are the days when company leadership left everything in the hands of the “IT Guy;” now, they are asking more questions. Boards of Directors now have a much greater interest in the security operations of their organizations. According to an ISACA poll regarding the level of concern Board and Executive level management expressed regarding cyber-security, 81.7% said they were either concerned or very concerned. Boards and Executives can no longer ignore cyber risks, now they are becoming more involved in cyber security discussions, looking to educate themselves and make smarter, more informed decisions pertaining to security.
Though new cyber-attacks are born each day, we can do our best to learn from the past. It’s important to read the news, understand the attacks that are out there and learn from these mistakes of the past. Remember that every cybercrime story applies to you and your organization! Shielding your eyes from the reality of this immense threat to technology and our operations will not make your organization any stronger. Keep your eyes and ears open and learn from the mistakes of others, security trends and cyber experts to help keep your organization off the “cyber-attacked list.”