Cryptojacking. Software subversion. Data manipulation. Ransomware. What are the threats that you need to look out for?
It’s hard to believe that there are still so many organizations unaware of or unprepared for cyberattacks, given the modern threat environment. Over 85% of companies have reported a breach in recent years yet only 39% have a strategy for cyber defense. We’d recommend those businesses read our previous blogs, including one that reveals how to think like a hacker.
Sooner or later, neglecting cybersecurity will come with a price tag. The global average cost for a data breach is $3.86 million. The U.S. average is $7.9 million. Almost half of these breaches are the result of criminal attacks. Add to this the more than 200 days before an organization even notices it’s been hit, and the potential devastation becomes clear.
Organizations need to do two things to empower themselves: stay informed on current and coming threats in 2019 and implement robust security measures. Let’s start by looking at the former:
The latest threats – Crypto jacking and Crypto mining
Hackers can target your business and make off with anything you may have in the form of cryptocurrency. Cryptocurrencies may be relatively recent on the cyber scene, but the ways hackers gain access to it are old news. Dummy online ads, infected websites, and loaded email links are all classic methods use to target entities with this new threat.
One wrong click and you’re infected with crypto mining malware like Cryptoloot or Coinhive; two of the prime offenders which will silently syphon away funds. The most disturbing thing is that it doesn’t take a hacker of great skill to exploit victims using crypto-methods (the simplicity of how it’s transmitted shows how little it takes to snag a victim).
Luckily, avoiding infection is helped by a few tried and tested rules: never open a suspicious or unsolicited email link, keep antimalware and antivirus programs current, and treat online ads as loaded risks.
Ransomware may be the venerable ancestor of crypto jacking but make no mistake: it’s still everywhere today and rapidly evolving. The U.S. is mercifully clear of the top ten worst-hit nations in terms of percentage of users attacked, but ransomware consistently ranks highly in global cybersecurity priorities and the cost to US-based users is huge. Ransomware lacks crypto jacking’s stealth and tells you in no uncertain terms that your system is now held hostage until a certain sum is paid.
Failure to comply with the extortion means you lose all access to your system and data. The INFOSEC Institute offers this breakdown of the worst ransomware and their methods including Apocalypse, Cryptowall, and Cerber. Keeping robust antivirus/malware programs current and regularly backing-up and storing data are the two primary ways to combat ransomware.
The use of chatbots is on the rise across every sector, fueled by the demands of a growing global customer base and their need for 24/7 service. It’s no surprise that cybercriminals know this and see another opportunity to attack. Financial chatbots, in particular, pose a serious risk. Even many bots used by major companies lack the protection of end-to-end encryption.
Hackers may take control of a chatbot on a site a customer is familiar with (a bank, an online store, or a medical site) and ask all the wrong questions. Identity, address, financial account details, health conditions; all of these can be given in blind trust in this sophisticated new form of phishing. The duration and location of customer data storage related to chatbots are also inconsistent from business to business.
The autonomy of chatbots is their most serious flaw. Many companies just install them and walk away, assuming they will do their basic work without supervision. This is a hacker’s dream come true. If your business is using or considering a chatbot, you should carefully evaluate and implement ongoing cybersecurity procedures to ensure customer safety.
Your own people remain a huge problem
Your staff may not intend it, but they’re often the worst enemies of your business’s security. Sloppy security practices and ignorance of company cybersecurity policy are open doors for criminals. Phishing and vishing remain common avenues for hackers to get credentials and other sensitive information from unwitting employees, and the more senior the employee, the more potentially devastating the damage.
And sadly, some employees really do mean to cause harm and exploit access privileges. It’s crucial that businesses fully assess their mission-critical data and strictly regulate and monitor who has access to it. Proper training and the cultivation of a security culture within your business are also keys to a healthier 2019.
Partnering with a cybersecurity provider can help you assess your current and future risk and create an effective response plan to handle threats. Get in touch with us today to learn about our cybersecurity services or CyberGlass, our groundbreaking new cybersecurity suite which not only spots a wide range of threats – but also works to immediately fix them.
At Absolute Logic, we guide clients from 40 industries safely through the internet threat landscape. Our wide array of services includes system security suites, risk assessment, education, training, and disaster recovery. Call us at 844-315-9882 or use our contact form for a free consultation.