2015 SMB IT Cyber Security Threats
Cyber security experts expect cyber security threats to intensify in 2015, with innovative & complex attacks.
Cyber crime is profitable and the risks for the criminals to be caught or punished are still negligible.
2015 is likely to see more copycat crimes as well as increased sophistication in attacks.
Top 10 cyber threats Small Businesses should prepare for in 2015:
1. Ransomware
Expect increased frequency of ransomware attacks. They will come from new malware as well as be highly clever. The experts forecast attempts at the cloud storage level as well as network level.
What you can do?
- Be sure you have redundancy in backups of your critical data.
- Make security awareness a company culture to reduce the chances of an employee allowing the malware to access your network.
2. Social Engineering
More cyber criminals will attempt to find ways into networked systems with creative and highly targeted strategies. These people are really, really good at investigating people. CIA level skills of investigating are not uncommon, but often the criminals just search social media and phone employees for easy clues
What you can do?
· Have employee’s role play social engineering activities so your people understand the type of questions a criminal may ask. Share ways to avoid responding to the criminal’s questions.
3. Internet of Things (IoT)
More cyber criminals will attempt to find ways into networked systems with creative and highly targeted strategies. These people are really, really good at investigating people. CIA level skills of investigating are not uncommon, but often the criminals just search social media and phone employees for easy clues
What you can do?
· Have employee’s role play social engineering activities so your people understand the type of questions a criminal may ask. Share ways to avoid responding to the criminal’s questions.
· Hackers are expanding their efforts into products that can easily be accessed. They will go after products such as network printers for a lateral attack into a business network. It is all about maneuvering to get to the end goal – confidential data on your network system.
· Ensure your IT specialist looks for second tier entry points. Once top tier entry points are secure, harden the other possible access points to make it more difficult for the hacker.
4. Rogue Insiders
Even in small businesses, there are disgruntled employees as well as friends and relatives of employees that will exploit an employee.
What you can do?
· Be sure your security precautions do not place employees in the position that they could directly or indirectly access information they do not have a need to access nor remove such data from your company.
· Evaluate all suspicious activities impartially; don’t assume the employee would never harm your business. Hire a third party to investigate if needed.
4. Cyber-espionage
Assume there will be more attacks, from more sources. The experts think there will be an increase in attacks from small nation states and terrorist groups. The Sony Pictures attack shows how much media can be generated and how damaging a serious attack can be. There will be copycats in 2015.
What you can do?
· Think about what corporate positions/policies you state on your website or social media. Americans cherish freedom of speech but we must be vigilant to protect that right. Have strong website security to reduce site takeovers or malware distribution opportunities.
· Be diligent with your security measures and have a strong breach recovery plan in place.
5. Weak Passwords and Flawed Password Retrieval Processes
If you allow customers or vendors to access confidential information on your system via password, make sure your password reset process is secure and complex. Traditional questions for reset are too easy to hack. Just go to Ancestry.com and find lots of mother’s maiden names.
What you can do?
· Review your password reset procedure to see if the process is complex enough. Two level authentication is better than just answering a basic personal question and providing a user email address.
· Personal tip: create a fictitious personal profile and family for use on less secure sites that really don’t need true information about you. Who said you can’t select your own relatives or be 21 forever on the internet?
6. Mobile Device Exposure
With the rapid increase in mobile device usage for business, the amount of business data accessible is staggering. The cyber criminals see this as a rich frontier of opportunity. Even Apple products will be targeted more frequently since the volume of users is now a significant sized market.
What you can do?
· Review your BYOD (Bring Your Own Device) plan and ensure employees follow it.
· Control the number of employees that have access to confidential information via mobile devices. Many employees need access during normal working hours in the office, but not all may need the same data access via mobile.
· If you do not have a BYOD plan, please contact us for a quote to get that implemented for you.
7. Web-Based Infection and Browser-Based Exploits
Cyber criminals are shifting away from spam to deliver their malware and turning their talents to web-based infection and browser-based exploits. It is very easy to rapidly infect poorly secured websites. There are thousands of websites that are key entry points to company networks and can provide a way to disseminate malware to visitors.
What you can do?
· Ensure that your website software is frequently updated with the latest security patches.
· Talk with your website developer about where your site is hosted; make sure the hosting server or third party provider has strong security measures in place.
8. Flaws in Widely-Used Open Source Software
Before Sony Pictures, before Home Depot—Heartbleed was the big problem. There will likely be another exploit on similar hidden open source code. Many systems have embedded open source software; hackers are looking for ways to exploit vulnerabilities that have been dormant for years.
What you can do?
· Stay alert of early warnings of exploits on open source software that is embedded in your system.
· Patch software immediately after an exploit is announced.
9. Cyber Theft
Too many merchants and companies that accept credit cards have not fixed their payment system yet. We regularly hear of smaller companies that have a data breach involving stolen credit card information.
What you can do?
· If you accept credit cards, be sure you meet the latest payment system security requirements. If you are not in compliance, you will not only risk losing customers and paying for the recovery, you will likely be sued by the victims as well as the other parties involved.
Cyber crimes are not decreasing. Rather, more crimes will be committed. Recovery will usually be painful and disruptive. Legal recourse is limited at this time. However, we do know there are many ways a small business can take responsibility and protect itself. You may be hacked, but you can diminish the negative impact with strong cyber security. 2015 will be a year worthy of increased vigilance.