Remaining secure in the digital world is a huge task, but it is niche in terms of the skillset required. There is a global shortage of high-quality security specialists and most SME organisations don’t have the resource to have an in-house Cybersecurity presence.
A survey conducted by the National Association of Corporate Directors found that almost 42% of 500 IT leaders have listed Cybersecurity threats as one of the top 3 most pressing concerns they face within their businesses.
With the technology space being so dynamic and constantly evolving, it can be hard to cut through the hype when it comes to trends to watch out for. Especially as IT leaders will be pitched to on an almost daily basis by companies wanting to sell them their ‘leading edge’ product or service.
There’s a few things we think you should be looking out for:
Every year it seems that there is a regular drip of major hacks at large companies that result in millions of username/password combinations being compromised. The real-world consequences of these attacks are what is known as credential stuffing. This is when an attacker uses long lists of stolen login credentials in large-scale automated attempts to log in to various websites.
The attackers rely on the fact that a large percentage of people will use the same username and password across multiple sites. Thanks to the automated nature of the attack, even if only a small percentage of the stolen login credentials are a positive match, it can still be worthwhile for the attackers.
Internet of Things (IoT)
Internet of Things is an umbrella term that covers a disparate host of gadgets smaller and simpler than a computer, connected to a wireless network, and deployed for specific purposes. Ranging from industrial sensors to smart home thermostats and designed to deliver on the promise that the internet can go beyond something we only see on screen and can truly interact with the “real world”.
IoT devices are often non-standardised, lack built-in security, are difficult to administer remotely, and have just enough functionality to be hacked. Security experts realise that IoT gadgets need to be locked down — or at least kept quarantined from the internet at large — if the technology is to survive.
The art of tricking users into giving up login information — certainly isn’t novel at this point, but that hasn’t stopped it from being a favourite tool in an attacker’s bag of tricks. While we mostly associate phishing with email, attackers are taking advantage of a wide variety of attack vectors to fool their victims today.
Most people do not realise how fast phishing threats move, typically lasting minutes to just a few hours before sites are taken down and cybercriminals move on to evade existing security controls.
Multi-Factor Authentication (MFA)
If a password is stolen, then the attacker can gain unlimited access to private information or functionality. To overcome this difficulty, security systems should treat passwords as just one of several factors needed to access restricted data. For example, you need a physical card and a PIN number to withdraw cash from an ATM.
As mass hacking attacks have left passwords less reliable, more and more companies are turning to multifactor authentication for security. According to Okta’s 2019 Business@Work report, a reassuring 70 percent of companies are using two to four factors for security — that’s up from 65 percent the previous year.
Article by: Tony Edwards
This is an article from: Insight & Innovation: Issue 2 – click here to read the whole newsletter.