Cybersecurity, as defined by the Cybersecurity and Infrastructure Security Agency, is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.
The many dangers of poor cybersecurity could include malware erasing your entire system, an attacker breaking into your system and altering files, an attacker using your computer to attack others, or an attacker stealing your credit card information and making unauthorized purchases. There is no guarantee that even with the best precautions some of these things won’t happen to you, but there are steps you can take to minimize the chances.
Five common digital threats of 2020 that could potentially affect our company are as follows:
Phishing Attacks
Phishing scams are used to steal user credentials for both on-premises attacks and cloud services attacks. Phishing attempts are now being launched through cloud applications as opposed to traditional emails. As more and more documents are stored via cloud applications this will become a more common target.
Remote Worker Endpoint Security
Due to the Corona Virus pandemic 2020 saw record numbers of people working from home. While this option worked well for many who could work remotely it also brought with it many new security challenges. Remote workers often work without any network perimeter security and mobile devices can often end up concealing signs of potential phishing attacks and other cybersecurity threats.
Cloud Jacking
Cloud Jacking is one of the most prominent cybersecurity threats in 2020 due to the increasing reliance of businesses on cloud computing. These attacks will be carried out to eavesdrop, take control of and even modify sensitive files and data stored in the cloud
Sophisticated and Targeted Ransomware Attacks
Ransomware attacks are a major concern for businesses. The effects of a single ransomware attack can be extremely damaging to small and midsize businesses, leading to exorbitant costs associated with downtime and recovery.
Mobile Malware
Due to the increasing number of employees working from home more mobile devices will be in use than ever before. These mobile devices can potentially store large amounts of sensitive data. Mobile malware is designed to specifically target mobile phone operating systems.
We have many areas that could potentially be used to gain sensitive information. Email continues to be at the top of the list. Regardless of the amount of security in place we continue to see emails that could result in security threats. Email filters have an average 10.5-15% failure rate, so you need to practice security awareness to keep our information safe. We are seeing an increase in emails that at first glance look to come from someone internally. But on closer examination you will see that they are using the person’s name with a different email server.
As we are still seeing large numbers of our organization working from home those accessing our servers and software remotely must be especially vigilant for security threats. Company computers must only be used for company business. The potential for picking up malware from random surfing of the web is a constant threat.
Also due to an increase in remote workers is an increase of using shared cloud documents. These documents can be shared by many users and can often contain very sensitive information.
Out of date security programs are also a potential for threats. If not updated properly on all devices this could be a definite risk for a security breach.
Also be wary of meeting invite from outside our organization or from unusual email addresses. These often contain links that if clicked on can release malware or ransomware. Be sure you look before you click.
My recommendations as CIO are mostly focused around training and prevention.
All employees will receive quarterly training updates on proper email security. These will be carried out by department with each supervisor personally gaining each team members signature after completing the training module.
All company computers being used remotely will be update with security software monthly instead of quarterly. Additional firewalls will be in place to prevent a breach from the computers of our remote employees.
Additionally the only mobile devices to be used for company business must be provide by the company. You may not use any personal device to access company information.
The company cloud documents will also get an extra layer of security. Access will also be restricted to only necessary personnel.
IT will be upgrading our security software immediately. Security threats are constantly changing and we must change with them to ensure our continued safety.
https://us-cert.cisa.gov/ncas/tips/
https://blog.techboston.com/social-engineering-red-flag
https://www.kaseya.com/blog/2020/04/15/top-10-cybersecurity-threats-in-2020/