The new year is upon us and that means it’s time for our annual cyber threats to watch out for list which honestly couldn’t come at a better moment.
2018 will go down as one of the most notable years in the annals of data privacy and IT security history. Not only did enterprise businesses such as British Airways, Orbitz, T-Mobile, Tesla, and Saks 5th Avenue fall victim to high level hacks, tech giants including Google+ found themselves vulnerable not only to cybercriminals but to public relations backlash that follows in the aftermath of a user data breach. Of course, more than hacks hit the headlines throughout the annum, as major moves to better protect the privacy of consumer information around the world were made. Most notable was the EU induction of the General Data Protection Regulation (GDPR) act in April, followed by a very significant update to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) in November. These compliance updates prove that the call for accountability is ramping up to match the IT threat today and tomorrow, just ask Uber.
We also want to remind you that SMBs are far from isolated from the threat. In fact, you’re in the eye of the storm as data shows that 50 percent of small businesses have experienced a cyber attack while over 70 percent of attacks target small businesses. Without a doubt, you’re staring down the barrel of one of the most dangerous fiscal years to date, as hacking groups have increased their efforts and evolved malware and other tactics to take your IT systems down. Today, Fully Managed is here to identify rising threats to watch out for so that you can better prepare your systems and infrastructure for the year ahead.
5 IT Security Threats Your Small to Medium Business Needs to Prepare for in 2019 and Beyond
1. Spear Phishing Aims Closer to Target
Phishing attacks consistently rise year in and out, but in 2019 the trend will be more targeted than ever before, via spear phishing. What the difference?
Phishing is a fairly broad term for any attempt to trick victims into sharing sensitive information. The malicious activity is a numbers game as cyber criminals blast masses of people at the same time, knowing that without fail a percentage will click the link or attachment in the email. Spear phishing however, is much more targeted, personal, and downright violating. Once hackers have gained access to your email, they will take their time to collect information about you, recent online activity, associates, coworkers, suppliers, and personal relations. From there, they can formulate ways to get you to give up sensitive information. For example, they can view a recent purchase from a vendor, and follow up with the specific details of your most recent online communication with said vendor, and request payment information or other details that you won’t think twice about giving up to your trusted “partner”.
Just imagine what someone can find in your inbox, sent files, or trash, and what they could do with it. Moving forward, institute a don’t click policy for any and all suspicious links and attachments and tighten up security for email and messaging apps.
2. Exploiting Cloud Migration Holes
All year long you’ve been hearing that your business should increase adoption/migration to the cloud, not only for efficiency but for security too. So why does it make this list? Because few businesses get the cloud right. There is a clear lack of planning and security measure implementation along with a neglect to communicate changes to, and train, staff on cloud adoption. Plus, few business are choosing a solution that makes the most sense for them, be it a private, public, or hybrid cloud.
The problem, is that there is a very significant skills gap when it comes to cloud adoption and management. Existing IT staff likely does not have the requisite skills to ensure proper migration. Cyber criminals are well aware of this and are exploiting the numerous vulnerabilities to follow. While we encourage you to increase your use of the cloud in 2019, you must do so with the guidance of a proven expert. Otherwise, everything you seek to accomplish with the cloud could be at greater risk that it was before when dependent upon traditional servers.
3. Hijacking Your Business IoT
The devices you use in your office or shop environment may make corporate life easier and consumer/client service more convenient, but they are often overlooked as being the targets of hackers. Make no mistake, because from HVAC controller to security camera system they are susceptible. All of these internet of things (IoT) wares have in common a tiny chip called a micro-controller (MCU) embedded within them. The MCU is the brain which hosts the computing functions, storage, memory, and device operating systems, and as each year passes more and more are connected to the web. While there are obvious security measures taken when it comes to any IoT device that say, accepts payment, few businesses take steps to secure others.
What you and your IT staff need to do, is take a look around the office/shop and consider what could happen when even the most seemingly harmless device is compromised. If your HVAC system is hijacked could the extreme temperature changes impact servers? Could office camera installations be used to grab information off of whiteboards? Could lighting systems be shut down to prevent operations during high customer traffic periods? While the possibilities of IoT to increase efficiencies are endless, so are the cyber security implications. Moving forward, your security protocol must factor in IoT, and look to solutions that will secure them. For example, earlier in 2018, Microsoft announced the arrival of Azure Sphere which provides a holistic solution for creating highly-secured, web-connected MCU devices. By vetting solutions and matching them to your IoT you can hedge the risk of this rising threat in 2019.
4. Exposing Weaknesses in Operational Technology
You may be rightfully looking at security for your business’ information technology (IT) but what about operational technology (OT)? OT carries over somewhat from the IoT concept discussed above but is a relatively new expression in the world of corporate security. Essentially, OT is defined as hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise. It is a concern for businesses that depend upon manufacturing and the “assembly line” where web technology and industrial systems are merging more than ever. Not relevant to your SMB? It may not seem like it at first, but as a business that depends upon supplier/vendor relationships to secure equipment and/or electrical products you are a part of the supply chain that hackers of OT are targeting in 2019.
Look to the Tesla Breach as an example, where a disgruntled employee was able to make direct code changes to the Tesla Manufacturing Operating System. Attacks (be they internal or otherwise) on OT can disrupt the ability of a supplier to get products to you, or deliver you with a end product that could be comprised and directly harm your own operations.
5. Complacency
That’s right, the biggest threat to your business may be looking back at you in the mirror. The perils addressed above can be mitigated with immediate attention and action on your part. Unless you’re already working closely with a reputable IT support and security firm you are extremely vulnerable to all of the above, no matter how small your business is. However, there a very good chance that you along with thousands of other businesses in Canada remain complacent on the topic of cyber security, knowing that the threat exists but failing to take the appropriate action. At the same time, you may assume that many modern threats have little to do with your company, something that is especially true of mom & pop type of brick and mortars. Again, we must reaffirm that you are not removed from any of it.
For example, in our mid-2018 malware update article we named crypto mining as being a big concern to watch out for (and it still is). Many business owners will have glossed over this information, immediately dismissing it as an issue only for companies that accept Bitcoin or some other cryptocurrency. However, this unique use of malware doesn’t target your data. Instead, it wants your electrical power along with server storage space, be you a bank or a bakery. The point here, is that any form of malware can endanger your business, so please do not for one second think that you are isolated from any threat.
At the very least, reach out to Fully Managed for a consultation to find out if you’re prepared for what’s to come in 2019. Our
robust cyber security solutions include
email security, endpoint advanced threat protection, password management and
multi-factor authentication, monthly phishing testing, cloud secured internet gateway services, staff training, and more. Contact us today for a friendly conversation, followed by peace of mind.