Summer is here and with the warmer temperatures come outdoor parties, long weekends and extended vacations. Unfortunately, the freedom associated with the summer season does not extend to your cybersecurity needs. Here are 7 new cybersecurity trends and potential solutions to watch for this year.
- Accountability for Device Security has become a focus of the FTC when it was discovered thousands of low security, IoT (Internet of Things) devices were used to launch large-scale DdoS (Distributed Denial of Service) attacks. These attacks impacted DNS provider DYN and several other organizations.
The FTC filed a complaint claiming the device maker “failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds...”
IoT device manufacturers and tech suppliers are required to ensure adequate security precautions are being taken to protect devices from attacks, or they will face potential legal charges.
- Business Email Compromise (BEC) schemes are exploits driven by stolen or invented identities and are growing in effectiveness and sophistication. In 2016, BEC attacks compromised financial institutions, leading healthcare organizations, the Democratic National Committee and an NBA team.
Although most BEC attacks are unsuccessful, the few that are most often result in million-dollar losses for the affected corporation. This large payout has led to an increased effort by cyber attackers. Additionally, each time a BEC attack is successful, the news reports how it was accomplished, providing a framework for other attackers to build upon.
- Mobile Device Security policies and practices need to become a priority for businesses. Mobile devices are fully controlled by employees and are more difficult to protect than computers housed within an office.
To protect sensitive company data, it is crucial that proper identity and access management policies are created and enforced. Basic policies should include these protocols. Require mandatory updates when security fixes are developed. Ensure all company devices are secured with a PIN number, password or fingerprint detection. Set a backup schedule for all data stored on mobile devices, as well as a remote wipe in case the device is lost or stolen. Implement device measures that prohibit the download of unnecessary third-party apps, or apps that require more access than is absolutely needed for the service.
- Contextual access to safeguard digital assets requires answers to certain questions, so organizations can be more confident in whom they are granting access. This technology connects to online databases or trusted sources for answers to questions designed to improve identity procedures of the individual requesting access.
- Cloud storage services and shadow IT putting businesses at risk occurs when employees unintentionally expose sensitive data to external threats. While popular apps, such as Dropbox or Google Drive may be sanctioned by the company IT department, users who access them from a non-corporate email account can place the data at risk.
Additionally, employees often turn to other services, such as Evernote and Asana that do not provide formal usage policies and make it easier for company information to be shared or exposed to malware or ransomware attacks.
- Authentication and DMARC have been designed to protect email users from phishing scams and shut down same-domain impersonation attacks. With DMAR, IT staff can discover and authorize, or deny any third-party software distribution service as soon as the service attempts to send an email.
In addition to pre-send, emails that are rejected generate a report that is sent back to the domain owner. This allows IT a chance to see if phishing attacks are underway and identify “shadow” services being used without the department's knowledge. Essentially, DMARC has allowed email service providers to build a global army of bouncers that block attacks before end users see them.
- Device-specific credentials “bind” a user account to a physical device. This balance of security, convenience and privacy means a user’s phone will become their password and existing credentials will be improved. Once these credentials are set up, the user, via their device, will be asked to enter a PIN number, use a biometric authentication or otherwise identify they are a human before information will be released.
Implementing the necessary steps to ensure your data stays secure may seem like a daunting task. With Protelligent's Premonition Security Suite™ you can get the professional security you need without cutting into your summer fun. Call us today at (855) PRO-TELL.