Is Your Business Vulnerable to Cybersecurity Threats?
In 2017, Deloitte was ranked the best cybersecurity consultant in the world for the fifth year in a row. But later that year, news emerged that Deloitte itself was the victim of an ongoing hack that had lasted nearly a full year.
How could this dramatic reversal have happened so quickly?
Any enterprise is vulnerable to cyberattack. The bigger the company, the bigger the target. For most companies it’s only a matter of time.
Hackers aim to steal sensitive data such as corporate secrets, personal data and intellectual property. Hackers also launch sabotage attacks. The financial damage to the global economy exceeds $575 billion annually—more than the GDP of many countries.
How vulnerable is your business?
Cybersecurity = constant vigilance
Here are some cybersecurity vulnerabilities to watch for:
- Security misconfiguration. This is the most common and dangerous flaw because it relies on exploiting some simple computing errors, such as running outdated software, using factory default settings and passwords, and using default accounts.
- Buffer overflows. When an application attempts to put more data into a buffer than it can hold, the buffer overflows. This can let an attacker overwrite memory blocks to corrupt data, crash programs, or install malicious code. These attacks are common and hard to uncover, but are also more difficult to exploit than an injection vulnerability attack.
- Sensitive data exposure. This refers to any instance of a hacker gaining access to sensitive data, either directly from a system, or as it is in transit between a user and a server. The most direct flaw that can be exploited is a lack of encryption, or encryption that is compromised by weak passwords or lack of multi-factor authentication. Every organization that manages sensitive data may be vulnerable to this type of attack.
- Broken authentication and session management. Exposed accounts, passwords, or session IDs represent leaks or flaws in authentication procedures. Hackers use these to take over accounts and impersonate legitimate users.
- Outdated security software or infrastructure. Older equipment doesn’t readily support modern applications, and it isn’t easily protected against current threats.
The threat from hackers is only growing as sophisticated techniques become more widespread. The most recent breach level report shows that an average of over seven million records were lost or stolen every day in 2017 – that’s 82 records a second! And of these hundreds of millions of cybersecurity incidents, only four per cent are considered ‘secure breaches,’ meaning the data stolen was protected with encryption. Over a quarter of these breaches occurred in healthcare.
The newest form of cyberattack is crypto-jacking. Also known as coin-mining, this is the unauthorized use of computers to mine cryptocurrency. Hackers plant code on a target computer using malicious links in emails or infected websites. Symantec reports that coin-mining activity increased by 34,000% during 2017, and that detection of coin miners increased by 8,500%. At the end of 2017 coin-mining activity was also detected on mobile devices, and it will likely grow in this space as well.
Defending your business
While no system is 100% safe from attack, strong encryption is an effective defense tool against hacking.
Keep these tips in mind:
- Encrypt all sensitive information that hackers or cybercriminals could access.
- Keep login credentials confidential and protected with passwords.
- Use multi-factor authentication whenever possible.
- Practicing strong password hashing.
We use the cloud. That’s safe, right?
Cloud computing doesn’t protect you from risk. As Sandra Liepkalns, CISO at LoyaltyOne points out, data still must be stored physically, and “the cloud” just means that you’re using off-site servers. Do you know where those servers are? If your servers are in the United States, do they have the proper credentials to handle GDPR-protected information from Europe? And what about physical threats? Are the servers located in areas prone to flooding or forest fires? What about hurricanes? Or earthquakes?
At the end of the day, every organization is responsible for protecting customer data. After all, it’s not a matter of if your organization will be breached, but when. Don’t be caught unprepared! Minimize the risks and make security integral to all your systems and processes.
By Randy Yu, Manager of Deployment at Echoworx