As opportunities for growth have expanded throughout all spheres of business, enabled by the rapid spread of connectivity created by the Internet, so did it attract those seeking to profit or create mayhem through the creation of cyber events or cyberattacks. These breaches are an attempt to steal personal information or cause damaging disruptions to competitors.
These cyber-attacks and data breaches don’t only affect businesses: hackers also seek to steal personal and sensitive information from government institutions, hospitals, and finance providers. In addition, Cyber-extortion can be used by criminals to demand ransom payments.
Recent events that elevated threat levels:
In what is suspected to be a campaign by a foreign civilian spy agency, 500 million guests of the Marriot hotel group had their personal data compromised by a breach of the chain’s computer system. These breaches also occurred at some health insurers and other security systems. Sources assert that all indications show that since 2014, China has been attempting to build a database with the details of prominent US citizens and government officials.
The rational is that foreign governments would then have the crucial and sensitive information needed to use against the US as a negotiation tool in the trade war which has developed recently between the two countries. Cyber attacks can lead to the loss of trade, industrial, and even military information.
The continued denial of responsibility for the breaches where foreign countries offered to investigate any evidence presented to them is concerning, especially since the US and China are currently locked in important trade negotiations.
Huawei’s recent troubles, which deepened with the recent detention of their CFO, Meng Wanzhou in Canada, are due to national security concerns voiced by many countries about their wireless network equipment. Bear in mind that Canadians in China were detained in subsequent tit for tat arrests.
Equifax, a US based credit rating agency, reported a year ago, that 143 million consumers across the globe were affected by a hack on its systems. This is considered to be one of the largest data breaches in history. A recent House Oversight Committee report on the incident confirmed that the breach was entirely preventable. Even though Homeland Security had issued a warning to them some months before the breach about vulnerability in its open source web server, the company failed to act.
Intellectual property (IP) theft is when someone steals inventions, art or written work and has recently emerged as a new risk. Media and entertainment companies have suffered theft by hackers of unreleased television serial episodes or films over the last two years. This form of theft uses cyber-extortion as the hackers demand payment, usually in the form of crypto currency, in order to not release the stolen material and can cause huge financial loss for producers of costly film productions, television series, and music records.
One of these hacks on a leading cable network was reportedly carried out by the culprits who took advantage of a software security vulnerability which allows almost no time for the vulnerability to be discovered before the attack begins.
When taking statistics into account ranging from 2014 through 2018, there has been an ongoing annual rise in cybersecurity incidents. These risks have increased since companies and service providers need to use IT applications which offer better productivity through outsourcing or cloud use. These versatile and cost effective tools also make companies more vulnerable to cybersecurity breaches.
A recent study by the Ponemon Institute revealed that 91% of global entities have suffered at least one type of cyber event over the last two years and 60% of those have had more than two disruptions. What was most worrying in the report was that 54% of these organizations did not fully understand the threat or the cost implications of cyber attacks.
However, there has been remarkable growth in cybersecurity jobs and spending which is proving to be a valuable return on investment for entities, with the amount of breaches in the US appearing to have stopped increasing as rapidly in 2018 as in the previous years.
Cybersecurity has become a necessity ad should be budgeted for, offering preventative measures to cyber threats that can be extremely costly. Action against this cyber bullying remains the only choice.
Cybersecurity risks explained:
The worlds’ leading experts warned repeatedly that these risks do not only include the loss of data, data theft or extortion to home-grown attackers but also threaten the importance of our national security against international intimidation, as highlighted by the Marriot incident. Another serious security risk pertains to the countless devices which we rely on and their connectivity through data systems. Christian Espinosa, CEO of Alpine Security, recently noted that medical devices are also vulnerable to hacking and these are often connected to hospital systems making them susceptible too. He stressed that protection against cyber threats were no longer optional.
Available protection measures:
Protection against cyber risk requires action as early as possible in order to avoid expensive breaches. Besides financial loss, inadequate cyber security most often leads to client loss. Risk tolerance should be tested and preparations made to prevent such eventualities from the outset. This needs decisiveness and awareness from the highest levels of the hierarchy and IT managers are those who should make them aware of these dangers.
The first step in ensuring protection is to have a professional penetration test. The importance of this is that you cannot fix what you are not aware of and the penetration test reveals weaknesses and indicates how to prioritize the fix. It is important to choose an experienced and reputable company that follows Rules of Engagement as users, systems, and data may be exposed during testing.
The penetration testing should include a remote and on-site test. Results should be presented as a report, together with the findings and actions needed to secure the network and systems.
An Enterprise Security Audit is like a compliance check but with the goal of helping an enterprise become more secure from real and current threats. The results and implementation of the findings should be presented and acted upon with a follow-on audit to ensure validation.
An authenticated vulnerability assessment, which is less exploitive than a penetration test, can be run with credentials during the scan, checking the files on an internal system but can also be run on external and wireless systems.
The fight against cybercrime can only be successfully implemented if personnel within the enterprise also receive training and know what to watch out for.
Incident response is an important service which allows digital forensics teams to help you respond to any type of cyber incident, both technically and legally.
Saipem’s server systems in the Middle East were the latest victim of a cyberattack earlier this week. These threats and their occurrences ebb and flow but it is most certain that businesses are not ignoring cyber security anymore.
The benefits of technology and an interconnected world enable expansion of business and services, yet it is not without risk. There are solutions for protection against cyber threats and attacks that every business ought to consider. Be prepared by engaging expert penetration testing and advise. Empowering a business and organization with the long term security and protection it deserves, has never been more important.