5 Cyber Security Threats You Might Not Be Aware Of
This is a guest post by Lynne Jeffery, the Head of Public Safety Solutions at NEC New Zealand. Lynne has over 20 years’ experience in the global technology sector with a specific expertise in biometrics and cyber security solutions.
Cyber security continues to be a hot topic in 2020. Despite advancements in Cyber Security solutions, 2019 has already seen 4 billion records breached, according to Norton. These vary from mega-breaches that grab the headlines and tend to hit large global organisations to the hundreds, possibly thousands of less familiar data hacks that often go unreported in the media.
Over the past months, organisations such as Capital One, Georgia Tech and even the UK Police have been hit with data breaches. Norton reported that there was a 54% increase in the reported number of breaches in the first half of 2019 compared to the same period in 2018 – a sign that cyber security remains a very real threat for businesses large and small.
Whilst cyber security threats like phishing attacks and Internet of Things (IoT)-related threats are widely reported and combated, it’s often the less well-known cyber security threats that cause the most damage for businesses.
5 lesser-known cyber security threats
There are many reasons why organisations leave themselves open to cyber security threats. Having a robust cyber security policy and investing in cyber security software can help to mitigate against the majority of threats, however it’s sometimes the lesser-known cyber security threats that can fall under the radar of both policies and software solutions.
Here are five of the lesser-known cyber security threats that have caused problems for organisations large and small.
1. Supply chain
Whilst your own cyber security measures and policy may be extremely robust, other organisations within the supply chain might not have the same level of security and this can lead to issues for you and your business.
With the increase of information sharing and the ways and means we have of sharing data, so too the opportunities for exploitation increase. The best way to mitigate against cyber security threats within the supply chain is to work closely with suppliers or partners in the chain to ensure your cyber security policies and security measures are aligned.
Software is one way of mitigating against cyber security threats, however education plays just as important a role and the opportunity to pull suppliers and partners together can also help to reduce the cost to all businesses in the supply chain when it comes to cyber security education.
2.Backing up to the cloud
The cloud presents many opportunities for businesses and employees to work remotely and to ensure information is backed up. With the increase in flexibility and functionality, however, comes a variety of threats to cyber security that need to be controlled and managed.
One of the big issues comes when people back up corporate information (such as contacts) to their personal iCloud/Google account. If employees use personal devices to access their work files through the cloud, it becomes more difficult to manage the apps that they are downloading and the permissions they are granting to those apps. Quite innocently, employees can grant third party apps access to your secure data via the cloud and a breach becomes possible.
It’s important for organisations to control any applications that have access to their network through a strict vetting process. Education is also a key part of ensuring that in this day and age of BYOD, employees are aware of the threats of third-party apps and the vetting process you have in place.
3. Untrusted browser extensions
Browser extensions can be brilliant. They can help us to go about our day to day jobs more efficiently and provide us insights directly in our browser that we may previously have had to work a lot harder to find.
A process that often gets overlooked in cyber security policies is the vetting of these browser extensions. These should be vetted like any other piece of software. At the end of the day, they potentially have the opportunity to see and track everything you are doing online presenting a serious threat to cyber security.
Whether you are vetting them personally or your IT department keeps a closer eye on them for you, all extensions should be vetted like an app or piece of software. Check for the permissions they ask for, check the background of the developers and any other apps/extensions they have developed and look at the reviews left by other users. Keep browser extensions to a minimum – the ones that are essential to your day to day work.
4. Weak passwords
This might not fall in the lesser-known bracket, however for a lot of people, it falls into the ‘never changed it or haven’t changed it for a long time’ bracket.
In an age where businesses large and small are relying more on more on cloud-based services that require password access, one of the big problems face by organisations is employees selecting passwords that are too weak and easily guessed. Another issue is using the same password for multiple accounts.
There are a number of software solutions out there to help businesses manage more tightly controlled password security including third party sites such as One Password or LastPass. Google also provides its own password management service through the Chrome browser which will help to auto-generate highly secured passwords and store them for you.
Multi-factor authentication is perhaps the most secure way to go. This means that employees will need more than just a password to gain access to business accounts. Steps can include verification texts sent to a mobile device or using authentication applications.
5. Dodgy USB sticks
The innocent USB stick can be a cause of major cyber security issues if they are not managed correctly. Some of this is done with malicious intent – viruses are pre-loaded to USBs before the even hit the stores and unwittingly, people transfer a virus to their computer thinking they are using a brand new, clean USB.
As with most of the items on this list, education is important. Ensuring all your employees know where the USBs have come from that they are plugging in to their computers is the first step in preventing a cyber security incident.
Company-wide, it’s important to keep operating systems up-to-date and make sure you have effective anti-virus software installed. If you are unsure about a USB device, run a virus scan on it before you open any files.
Moving more and more into 2020, cyber security is more important than ever. With the number of breaches increasing in 2019 compared to the previous year, cyber criminals are finding more sophisticated ways of breaching cyber security measures. That’s why it’s crucial to ensure your cyber security policy is robust and that you have a comprehensive educational program in place to ensure your employees are aware of all the latest threats as well as some of the lesser-known cyber security threats mentioned above.