Adapt Your Cyber Security Defenses
Cyber security has become a critical part of the modern business environment and is a common discussion topic in planning meetings and boardrooms throughout the globe. As cyber security threats evolve, businesses must also adapt their defenses to protect against these threats.
To defend against these threats and ensuring your business continues to function, proper IT planning and a solid security plan must be part of a modern business plan. Identifying cyber threats before they are realized is not always an easy thing to do, but is necessary to develop proper response and defense tactics.
Here is our list of the top five cyber security threats of 2017 that businesses should be aware.
Ransomware attacks rose dramatically in 2016 and continue to be prominent in 2017. The attacks on larger organizations are typically the ones that make the news headlines, however small and medium businesses make up the largest percentage of attack victims.
A ransomware attack loads malicious software on your computers that encrypts your files and documents, rendering them unusable until a ransom is paid for the decryption key or they can be restored from backup. This is very disruptive to a business and can be very time intensive and expensive to cleanup if proper planning and defenses are not in place prior to the attack.
Cloud Attacks and Malware
With the use of cloud computing services and software on the rise, we believe we will see an increase in attacks on cloud providers in 2017. These attacks will likely come in the form of:
- DDoS (distributed denial of service) attacks
- Security breaches, and
- Man-in-the-middle attacks. Man-in-the-middle attacks are particularly concerning as they are hard to detect and can continue for long periods of time.
Usage of cloud synchronization products, such as Dropbox and Google Drive, has become very popular for both personal and business data bur can put a lot of data at risk.
The man-in-the-middle attack uses malware installed on a victim’s computer to intercept traffic while it is in transit to the cloud storage server.
Since neither the computer nor the servers are aware of this intercept and since the data is still synchronized to the cloud storage, everything appears fine. This attack allows the hacker to get a copy of all the files stored using these cloud storage services.
Listen to Greg discuss Ransomware and man-in-the-middle cyber threats that are targeting small to medium businesses during his appearance on Financial Focus; WCRN Radio.
Internet of Things (IoT)
More and more devices in your home and business have internet connectivity capabilities for remote access and management. Thermostats, door locks, lighting, and security cameras are just a few examples of these connected devices that are targets for hackers. The greater threat, beyond the hacker’s ability to manipulate these devices and intrude on your privacy, is the connection they can provide to the rest of your computer network.
IoT devices are commonly connected to the wireless network that is shared with your business or home computers. If a connected device is compromised by a security flaw, it can provide a hacker full access to your computer network as though they were directly connected. Isolation of these devices is critical to ensure they cannot provide a pathway into your network in the event they become compromised.
Listen to Greg discuss IoT and the potential cyber threats associated with these devices during his appearance on Financial Focus; WCRN Radio.
Distributed Denial of Service attacks have recently become more prominent. Hackers conduct these attacks by producing many simultaneous connections to an internet connected device. This causes the attacked device to be unable to respond to legitimate requests. These attacks are common on web servers and servers that host cloud services.
A recent example of this was an attack on Dyn, a company which provides domain services to many large websites such as Twitter, Etsy, and CNBC. This attack effectively disabled legitimate traffic from reaching all Dyn serviced sites for several hours until the attack could be mitigated.
Hackers need access to hundreds to thousands of devices to orchestrate a DDoS attack. I believe we may see compromised IoT devices used in one of these attacks in the future. Hackers may be able to activate thousands of these compromised devices simultaneously to attack one of their targets.
Social Media Hacks
We are deep in the social media age where posting and commenting on a platform such as Facebook and Twitter has become part of our daily routine. The popularity of these services makes them a prime target for hackers. The amount of information stored on these platforms is staggering and the ability to steal someone’s online identity can be very powerful.
Evidence of this type of threat is in the news quite often. There have been countless celebrities and high profile individuals that have been the victim of social media identity theft. Often times, hackers are able to gain access to the users social media associated email account and change their account passwords, giving them full control of the social account. While a lot of these hacks are fairly benign and can be laughed off, they can have serious social and business impacting effects.
The threat becomes more serious as more and more critical information is disseminated through social medial platforms. A great example of the danger is President Trump’s use of Twitter in his presidency. President Trump has proven to rely heavily on Twitter to get certain information to the American people. It is rumored that his Twitter account was still associated with a public email account after he took office. If this email account was compromised, someone could easily pose at the President of the United States and have the potential to do a lot of damage. While most would take outlandish information to be the result of unauthorized control of the account, many may also take the information as fact and react to it in a detrimental way.
Even though cyber security threats continue to evolve and show no signs of slowing down, you still have the ability to protect your business. Implementing a proper security and recovery plan is paramount, even for the smallest business. Systems must be properly patched and updated and proper equipment should be implemented to defend against these threats. Ensure a proper backup and disaster recovery solution is in place and working properly.
Preventative measure can help defend against cyber security threats. Greg discusses prevention during his appearance on Financial Focus; WCRN Radio.
With proper planning, your business can be well defended against these threats and their potentially disastrous outcomes. To be sure your business is protected, consult your IT provider and ask what plans they have implemented to defend your business network from potential attack.
Gregory has more than 15 years of experience in information technology. He started a consulting business while still in college at Worcester Polytechnic Institute. In 2009, he founded Astari Networks, an IT outsourcing and consulting company which provides services to small and medium businesses. Through his experience working in government IT, large enterprise IT, and small business IT, Gregory focuses on providing secure, enterprise class solutions to the SMB market.