Phishing schemes as a form of cyberattack have taken off in recent years. Those attacks have had high-level successes, reaching organizations such as the Democratic National Convention in a 2016 breach allegedly by a foreign actor in a form of cyberespionage. Ransomware attacks, through which a company’s systems are infiltrated and their files sealed off, have also been on the rise. But the steepest rise has come through crypto jacking, which involves a bad actor adding malicious code to a website, which enables them to surreptitiously mine cryptocurrency.
Since the start of the pandemic, businesses have seen an increase in various cyberattacks. That’s in part because many companies have adopted a remote or hybrid situation. Whereas security once had only to protect devices within a single building, now, with many people working remote, employees are operating from personal networks that are likely not as secure. Those environments have given bad actors plenty of entry points to exploit.
Smart Business spoke with Mark Dunkley, engineering manager at Blue Technologies, about the cybersecurity issues facing businesses today and how to mitigate them.
How is today’s cyber threat environment affecting businesses?
The major impact businesses face because of the increase in cyberattacks is a loss of productivity. When a bad actor infiltrates a network, the people affected can be locked out or unable to get to certain files — through a ransomware attack, for instance. There are also financial consequences to such attacks, either because it’s decided that a ransom will be paid to recover the stolen data, or because systems need to be replaced.
One indirect effect to businesses of the increase in the number of cyber security events this past year is that insurance companies are increasing cyber insurance premiums. They’re also mandating that companies adhering to certain best practices, such as multi-factor authentication, secure VPN connections and more. This is a response in large part because the threat environment has broadened because there are more remote users.
What should companies do to bolster their cybersecurity and protect their business?
It’s often the case that when people think of cybersecurity they imagine that it’s all handled by an individual in an office building’s back room. If something goes wrong, the blame rests with that person. However, that’s not really the case. But bad actors typically aren’t finding their way into enterprise systems through an IT-guarded channel. Rather, events are triggered by the end-user errors of oversight — they click on a link or open a file that allows the bad actor to exploit a company’s, or individual’s, system. Cybersecurity, then, is largely about end-user training. Security awareness training is an important building block in an organization’s cybersecurity defenses. It takes just one user to click on the wrong link to compromise a company’s systems. The right training helps system users know what to look for, helping companies significantly mitigate risk.
Additionally, while cybersecurity insurance premiums have increased, it’s still something companies should consider. Just be sure to buy from a licensed and certified provider.
How is cybersecurity training being taught in remote work environments?
In a remote environment, training can be done through web-based modules in which the end user gets an email notification with information on a specific subject — how to identify a phishing attack, for instance. The user reviews that information and is then tested, and graded, on what they learned.
Another approach companies have taken is to unsuspectingly launch a controlled phishing attack on an individual user. A link is sent in an email that looks as if it’s come from an outside source. If the user clicks what would, in a real-world scenario, be a malicious link, the company can follow up with training materials and videos to help that user better identify threats and how to properly deal with them.
Cyber threats are likely to evolve both in sophistication and frequency. And with remote and hybrid work environments offering new vulnerabilities to exploit, it’s important that companies work with knowledgeable cybersecurity experts to identify and patch areas of weakness. ●
INSIGHTS Technology is brought to you by Blue Technologies, Inc.