Along with the good comes the bad; at least that’s how it is in the technological realm. While digital technology has certainly brought us an insurmountable number of advantages, the ne’er do wells of the world have used it for no good.
Cyber attacks have been increasingly plaguing companies all across the globe, ruining both businesses and personal lives. 2015, in particular, saw a number of detrimental cyber attacks that violated the security and sensitive information of millions of people.
The Number of Cyber Attacks Rose in 2015
The rising figure shows the ever-increasing importance of cybersecurity awareness, especially for businesses. A CIS critical security controls audit may go some way to reducing the risk of a cyber attack. Perhaps one of the most infamous cyber attacks of last year was that on Ashley Madison, the infidelity website that helps married people to connect with one another discreetly. A hacking group known as Impact Team stole the website’s user database in the summer of 2015 and tried blackmailing the site’s parent company, Avid Life Media, to take the site down. When the site was still found up and running 30 days later, the hackers publicized all the info they gathered, exposing the personal information of 37 million users on the site.
Impact Team also released a number of corporate emails from Avid Life CEO, Noel Biderman, who ended up resigning soon after.
Approximately 15 million T-Mobile customers had their personal information stolen after Experian, the cellular company’s credit-checking company, was hacked. Even though the breach didn’t directly involve T-Mobile, it directly affected those who applied for services over the past three years. Such a breach highlighted the hazards of companies depending on other companies to shield their user data.
And let’s not forget about the breach on the Office of Personnel Management, where data on approximately 22 million federal workers was stolen by hackers. The US government agency that is in charge of background checks was believed to have been breached by the Chinese government.
The hack allowed access to pertinent information on SF-86 questionnaires that are filled out by intelligence officers and military personnel to gain top secret clearance. Over 1 million fingerprints were also stolen, which could mean even more hacks on data may have occurred. A month after the breach was publicized, OPM Director Katherine Archuleta stepped down.
These are but three examples of the many major hacks that occurred in 2015, and are samples of what is becoming a spreading epidemic. And while external attacks are dangerous on their own, attacks involving insiders pose a more devastating threat. Since they’ve got easier access to systems, insiders can actually cause more harm than external hackers. They can leak sensitive information to other entities, steal intellectual property, cause reputational harm, and cause the ceasing of operations.
It’s estimated that at least 80 million insider attacks occurred in 2015, but this number could realistically be much higher than that because many are unreported.
The consequences of such hacks can be dire. They’ve caused companies to shut down, executives to abandon their positions, and government agencies to risk exposure. Considering the magnitude of cyber attacks and their extreme ramifications, it’s critical for companies to step up to the plate in cyber security if they haven’t already. Along with other critical components to the business landscape, cyber security and penetration testing services needs to be a priority.
The question remains: is your company prepared for the potential threat of cyber attacks?
Many businesses have confessed that they still haven’t placed the proper safeguards in motion to avoid cyber attacks. But it’s more important than ever to put these measures in place as soon as possible in order to mitigate any threat that could literally be coming from anywhere.
It’s clear with what’s already happened in the recent past that cyber attacks are a real threat, and cyber security is a fast-growing scene that will be keeping entrepreneurs on their toes. Whatever hackers have done in the past will no doubt evolve into something more innovative and savvy, which means cyber security measures also need to adapt along the way.
Security vendors have the immense job of staying one step ahead of these hackers.
Stepping Up on Cyber Security
As savvy as hackers are, those behind cyber security measures can be even more so – and they need to be. Chief Information Security Officers (CISO) need to have a certain plan in place in order to protect their companies from future attacks to avoid bruised reputations and even total financial collapse.
Put data classes in proper priority. Which types of company information would hackers be most interested in going after? This is a crucial question that CISOs need to ask themselves when prioritizing their information assets.
Once these classes have been placed in proper order, funneling more resources to protecting those on top of the list is important. Even low-profile organizations have been targeted, so it’s essential that even the smallest of businesses be on guard.
It’s not necessarily the big honchos that hackers are after, but rather specific types of information, which could come from businesses both large and small. Think about which specific data your company has that appears very attractive for hackers to steal – this is what needs to be safeguarded with full force.
Keep your head up on insiders. As painful as it sounds, insider hackers are real. They could be the new hire or the admin assistant you’ve known for years. Insider threats pose a real danger, and it’s critical for the powers-that-be to start increasing their focus on them.
Insider attacks can be more challenging to detect and deal with; it takes approximately 70 days to alleviate an insider cyber attack. Even employees clicking on simple email attachments they think are from trusted sources can be a major threat for organizations.
Businesses need to develop, regularly update, and internally publicize a security policy that applies to everyone involved in the organization, including personnel, partners, third-party vendors, and any other entities that have access to your corporate data and infrastructure. Just about anyone can realistically be a risk.
Get a handle on mobile devices. Just about everyone uses a mobile device these days. From accessing social media, to online shopping, to banking, mobile devices allow access to just about every aspect of life. But as much as they boost convenience, they also pose a security threat when they’re brought to the workplace.
If employees are using their own mobile devices – even for work purposes – businesses need to take measures to restrict access to critical information. IT departments should have the ability to completely wipe out these devices if they are ever lost or stolen, which would be possible if a centrally-controlled system is in place. Hackers are always on the prowl for new and better ways to access pertinent business data, and mobile devices are one of them.
Increase surveillance. It’s amazing how much security can be obtained by simply increasing the level of system monitoring within an organization. Filtering communications, keeping malware defenses current, encrypting sensitive data, and dealing with bugs immediately are just a handful of ways that companies can boost their vigilance on cyber attacks.
Pouring investments into monitoring controls will help companies quickly identify when a cyber attack happens, and is among the most important ways to protect sensitive data within an organization.
Spend the big bucks on cyber security. Out of all areas to budget on, cyber security should not be one of them. Considering the fact that cyber attacks pose a major risk to companies of all sizes and in all industries, it makes sense to adequately invest in such security measures. Sure, it’s expensive, but it’s worth every penny to avert a cyber crisis which could potentially cause a company to fold.
Cyber attacks are a real threat, and the plethora of companies that have already been victimized can attest to that fact. Taking measures to protect your company from cyber attacks is a critical step to take right now, no matter what niche your business hails from or its size. Get a handle on what needs to be done to protect your organization from the threat of a cyber attack and feel more confident in 2016.