Mobile nav
Ready to Boost your Company's Cybersecurity?
Protect, defend, and recover your company data on all devices with Norton Security Online.
BACK
Cyber hacker comic
| - Small Business - Cloud - IT/Tech Solutions - Tech Trends - All - Cyber Security - Entrepreneurship - |
 Mike Connell
 
“The Allianz Risk Barometer 2020 highlights that cyber risk and climate change are two significant challenges that companies need to watch closely in the new decade,” Joachim Müller, CEO of Allianz Global Corporate & Specialty, said in a news release.

Cyber threats are one of the most significant challenges companies need to pay attention to in 2020. And while “business” is the focus of the report referenced above, cybersecurity in general and, more specifically, cyber awareness and education, is paramount across the board. Not just for businesses, but for all levels of government, and in our personal lives as well.

This isn’t meant to scare you. This isn’t fear mongering. It’s a much-needed reminder that as we strive to make our lives easier and more efficient… As we increasingly become more connected, we open ourselves up to more risk. You can’t have one without the other. That doesn’t have to be scary. You just need to be aware and protect accordingly.

Cybersecurity: Fact vs. Fiction

Still, there is a blurry line between what is real and fictional when it comes to cybersecurity. Many of us assume that we wouldn’t be the target, and the implications of a cyber “attack” can be difficult to contextualize.

As an interesting aside, we spoke to former cyber security executive, now best-selling author, Matthew Mather about the realities of cyber crime, and how they informed his fiction.

Mr. Mather wrote a fictional thriller called CyberStorm, a techno-thriller set in present-day New York City that explores what could happen when critical infrastructure becomes the target of terrorists.

“I wrote CyberStorm seven years ago,” Mather says. “I was working with Fortune 500 companies in the US, and being asked to talk to them about information security. There was a big disconnect between information security and the general public,” he explains, indicating that the motivation for the book was to illustrate what would happen if someone attacks critical infrastructure.

“Awareness around that critical infrastructure has improved [since then],” he acknowledges, “however a lot of those vulnerabilities still exist.”

While improvements have been made, he explains, the “attack vectors” have changed. “It’s not like hackers are sitting in a room by themselves. They’ve become more professional,” he says, pointing to the rise of the ransomware business model (we explain more about ransomware further along in the article).

The problem? “Consumers want everything to be ‘open,’ but they also want it to be super secure. If you want to be able to access something anywhere anytime, that makes it very hard to make it invulnerable to hackers.”

Mr. Mather is hard at work on a sequel to CyberStorm, moving from a more traditional understanding of cybersecurity, to the idea of “how dependent terrestrial infrastructure is on space-based assets and what happens if they get destroyed. What happens if you knocked all the satellites out of orbit?”

Cybersecurity Everyday

Back to reality, we have some good news: Awareness IS growing, thanks in large part to initiatives like National Cybersecurity Awareness Month. But while businesses know that cybersecurity is important, and they know they SHOULD be paying attention to it and building a plan, we thought it would be helpful to identify the different types of breaches businesses of all sizes can and should be watching out for.

A recent research report from AT&T Cybersecurity (“Confidence: the perception and reality of cybersecurity threats”) breaks down various threats and potential breach concerns across a number of different industries.

Overall, these are the biggest perceived risks/concerns internally: (Source: AT&T Cybersecurity)

The “Winner”: Phishing

Phishing emails are often the vehicle for a malicious payload, or to “social engineer the recipient by gaining their trust or scaring them by posing as an authority to get them to make payments—as we often see in business email compromise (BEC) attacks,” (“Confidence: the perception and reality of cybersecurity threats”).

There are tech-based solutions to help warn and protect against phishing attacks, but as supplemental support. Ultimately, education is best here… the email recipient(s) should be trained to monitor, recognize and, potentially, identify these potential breaches. technology solution is usually available to ward off attacks, but with phishing, most systems rely heavily on the email recipient being able to detect and respond appropriately.

Externally, these are the breaches most businesses focus on: (Source: AT&T Cybersecurity)

The “Winner”: Cloud Security

Cloud security isn’t new, and the conversation is ongoing, but that doesn’t change the fact that it can be a daunting change and issue for companies of all sizes.

“With so many data leaks attributed to misconfigured cloud databases, or through poor credential management, companies are right to be worried,” (“Confidence: the perception and reality of cybersecurity threats”).

This is why it is so important to get help and support when choosing your cloud solutions.

Ransomware

Back to the business side of things, ransomware is considered one of the biggest threats businesses face, large or small.

“Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands,” said Marek Stanislawski, deputy global head of cyber for Allianz Global Corporate & Specialty.

“Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions,” ("Cyber now top business risk globally – Allianz reveals”: Insurance Business Magazine).

What is ransomware, exactly? It’s talked about a lot in the news, and portrayed on television and in movies, but it’s important to truly understand what it is in order to begin the process of protecting against it:

Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. (See Protecting Against Malicious Code for more information on malware.) After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.

If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands, as the FBI’s ransomware article states.


- “Protecting Against Ransomware,” Cybersecurity and Infrastructure Security Agency (CISA)

Ultimately, ransomware is about greed. Ironically, it is one of the easier breaches to protect against: Avoiding “untrusted websites” and “suspicious emails/email attachments” is still the best practice, but accidents happen.

In 2020, the unfortunate truth is that ransomware attacks will increasingly target public infrastructure. That doesn’t mean small businesses (or any business) shouldn’t be concerned, rather it means they should continue to focus on awareness and protective measures such as those outlined in the CISA article referenced above.

What Have We Learned?

The lesson? Know where you’re vulnerable, and have a cybersecurity plan in place. One of the best ways to start and/or improve your cybersecurity efforts is to work with trusted, specialized professionals, such as Norton Security Online by Symantec.

Their business solutions take the guesswork out of much of this, but they also create a number of educational resources to help support the process.

Check out their article “What is ransomware and how to help prevent ransomware attacks” for an in-depth discussion around different types of ransomware attacks, their origins, and Dos and Don’ts.

Stay tuned: We are hoping to talk to Mr. Mather further about his in-depth knowledge of cybersecurity, how to combat cyber threats (as a writer, he effectively runs his own small business, and protecting his data is a huge priority), and what risks we should be looking towards in 2020 and beyond. Check out his book CyberStorm!