In the previous two posts about Cybersecurity Awareness, we discussed cyber hygiene tips & best practices, and we’ve talked about the bane of security teams - the dreaded phishing scam. Having locked our accounts tight behind multifactor authentication and steeled our minds against invaders from the Inbox, our data is in a much safer place than where we began.
Unfortunately, for as long as there are profits to be made from stolen data, clever and motivated bad actors will always abound, finding leaks and exploiting them. Due to the ever-changing nature of cyber-threats, awareness is one of the best tools for the security-minded employee.
For this reason, I want to go over some of the recent trends in the cybersecurity world, and the risks presented by them - either to the industry as a whole or to individual users.
Home Office Security
Over the past year, we’ve all gotten accustomed to working from home. Of course at first this was by necessity rather than preference. Now, as the world grows accustomed to working through the ongoing pandemic many employers are reconsidering a full return to the office.
Some companies are going all the way remote while others are hybridizing, maintaining in-office operations at a much-reduced capacity and obligation by employees who can do their work from home. It remains to be seen where various industries will land on the issue, but to cybersecurity experts the increased number of potentially permanent at-home workers represents a significant risk to company data.
Years of work have gone into hardening the corporate network, ensuring that so long as employees are within the walls of their office building, they are shielded from bad actors. Remote work causes employees to remove potentially sensitive data and devices from that hardened environment. This can be risky, as most people’s home networks and personal devices don’t have the advantage of a professional IT team working to protect it against intrusion.
In the coming years, as work moves out of centralized spaces and into distributed remote offices, organizations will need to be mindful of the new risks or vulnerabilities that may arise as individual employees become more responsible for their own security.
Surge of Ransomware
Ransomware, like phishing, is one of the threats that most people are at least peripherally aware of. The danger posed by ransomware is very real and growing, and nearly anyone in the tech industry has heard of it.
Projections for losses due to ransomware attacks have increased 57 times over what they were in 2015. That estimate comes out to $20 billion in losses by the end of 2021. Unfortunately, that increased awareness doesn’t take much of the edge off the threat. Fresh off a high-profile ransomware win last year (Colonial Pipeline), this tried-and-true extortion method is surging like new.
Ransomware encrypts data on networks it infiltrates and demands a sum of money in return for the restoration of the data. In addition to demanding a ransom, the hacker will often threaten to leak sensitive stolen data, creating a sense of urgency. Modern ransomware frequently demands payment in bitcoin, as the digital currency is exceedingly difficult to trace.
Ransomware needs to find its way onto your system to take effect. The best way to defendyour systems against ransomware is to prevent it from ever arriving there inthe first place, which circles us back to strong cyber hygiene.
Multifactor Authentication ismore and more frequently relied upon to secure sensitive data. Frequently it’slauded as the premier security solution for username/password accounts. And to be fair, it’s a really good solution.
The problem is that most users of this tool use it with their cell phones, using SMS codes. As it turns out, the weak link in that chain is SMS. While SMS does have some limited security, it does not encrypt messages in transit, which means that bad actors can perform man-in-the-middle attacks.
In response to this threat, many services are instituting other more secure methods of sending codes to the user. Currently, the popular solution is an encrypted authenticator app such as Authy, or the Google Authenticator.
There are constantly new exploits or strategies that need to be combated in the quest for sound cybersecurity, such as ransomware, as we store more and more sensitive data on our computers. Currently with the transition into the home office we’re more at risk than ever, and bad actors are always working to circumvent our defenses, such as MFA.
Fortunately, by staying aware of these attacks we can prepare ourselves. We can find where the bad guys are likely to strike and improve our defenses in response.