West Nile Disease and the Biggest Cyber Trends for SMBs

img blog West Nile Disease Biggest Cyber Trends for SMBs r2

As Adaptive’s fearless leader, Brett Gallant, was being eaten alive by mosquitos on a recent hike in the woods, he felt compelled to stop mid-trek to record a short video about a local business that had just been hacked. 

The fact that another attack happened, despite constantly warning the local business community – and providing security tips on a regular basis – was getting to him. You’d have to live in a cave to miss the daily social media posts, my weekly videos, and Adaptive’s bi-weekly emails, he thought.

So, if the information is reaching people and they know how real the current threat environment is, why aren’t they listening? Why aren’t they doing something – anything – to improve their cyber security? 

Recording the video, Brett said, “All that business owner had to do, to avoid this particular type of hack, is install 2-factor authentication on his email account. That’s it.” 

If you had seen his frustration, his impassioned plea – despite the fact that the number of mosquitos attacking him looked like something out of a Hitchcock film – to just do ‘something, anything, one small change,’ you would have realized his genuine concern for the people and businesses in the community.

Did Brett put his life at risk for you, just to talk about cyber security? 

RELATED: Fight the bite – Mosquito borne diseases are on the rise in Canada

(And why, in the world, do these Canadian doctors seem so happy about these new mosquito-borne diseases?

The information that is created and distributed by Brett and Adaptive isn’t a sales gimmick, it’s information. Information that you can use to improve your cyber security awareness and protection, with or without our support. 

Yes, our cyber security measures are going to be better than what you can do on your own, but there are so many things that you can do, right now, to avoid being hacked. And you will be hacked. It’s not a matter of if, but when. 

That statement isn’t intended to scare you, it’s to prepare you. It’s naive to think that a cyber attack will never happen to you. It’s as risky as driving without a seatbelt, going without health insurance, or… taking a hike through the woods without first applying bug spray. 

Simply put, you are not invincible. And neither is your business.   

Below, are some current trends in the world of cyber threats and security. Beneath each trend are tips about how to deal with each one. Please pay special attention to each tip. Don’t just read them, please, incorporate them. We don’t need Brett taking another bug-infested hike through the woods to blow off steam about another cyber attack. (Did we mention West Nile Disease?) 

According to excerpts from an article by CyberGuy, he wrote, “If we go by the trends, the attacks have become more frequent, targeted, and complex. Cyber criminals are always attempting to launch attacks against small businesses.

The increasingly online nature of our lives means opportunities for cyber attackers. Hackers, phishers, and cyber thieves do all sorts of cyber crimes that disrupt our lives. This is why individuals and business owners should be aware of cyber security trends.

Small businesses worldwide are still reeling from the effects of Covid-19. Many are moving their operations online and adopting remote work. And cyber criminals are happy about this development because they can practice their trade and target small businesses with more elbow room.  

10 cyber security trends that SMBs should know

The future of small businesses depends on whether they choose to know the trends in cybersecurity or remain ignorant of them.

1. The rush to remote work created new threats

Small business owners decided to shift to remote work to cope with Covid-19. The shift needed to be rapid. But this left small businesses with inadequate security protocols that could compromise their systems.

Remote work poses new cyber security threats. Home offices tend to be less protected compared to corporate offices. Corporate networks have firewalls and routers managed by trained IT security teams.  But unsecured devices used by remote workers can expose the whole network.

More employees working from home are using their personal gadgets for work. The lines have gotten blurred between personal and professional use of these devices. Using personal gadgets increases the risk of mixing up personal and company information.

Threat actors take advantage of the remote work environment. They beef up their criminal tactics to cope with new security technologies.

How to deal with this:

You need to patch up the weaknesses of your security infrastructure. This includes training your employees on cyber security awareness. You must also provide protection for remote employees’ home offices and personal devices.

2. Ransomware continues to soar

Ransomware attacks have been around for the past two decades. But the volume of cyber attacks and the size of ransom amounts continue to rise. These attacks are becoming more sophisticated with the use of machine learning. The driving force for most cyber attacks is ransom. Attackers share their loot on the dark web with coordinated effort. 

Hackers have become more adept at hiding malicious code. They use more than 120 separate classifications of ransomware, according to some estimates. The wide array of options makes it easy for cyber criminals to launch attacks. Digitization and remote work also partly contributed to the rise.

Ransomware involves breaching cyber security systems to steal data. Hackers install malicious software on a computer or network. After stealing data they need, they encrypt it so that you can no longer access the data. The hackers then withhold the data and blackmail you until you give in. You are then forced to pay ransom, usually in cryptocurrency, for the release of the data.

How to deal with this:

Update hardware and software regularly. Patch operating systems and browsers as a matter of practice. Have a backup plan and go back to the basics. That is, use strong passwords, multi-factor authentication, and a robust cyber security strategy.

3. Cyber attacks are expanding to IoT devices and the supply chain

The use of the Internet of Things has changed the direction and size of cyber attacks. IoT devices include:

  • Smart home devices
  • Connected cars
  • Wearable health monitors
  • Autonomous farming equipment
  • Smart factory machinery
  • Wireless inventory tracker

IoT devices will grow faster than non-IoT machines. Research firm IoT Analytics estimates there are 21.7 billion connected devices worldwide. The report predicts that of that number, 11.7 billion or 54% are IoT devices.

The same report forecasts that by 2025, the total number of IoT devices will reach more than 30 billion. Each person will own almost four devices. 

The goal of hackers is to breach these networks through third parties. They may be contractors, partners, customers, and other components of the supply chain.

The unprecedented use of IoT creates supply chain vulnerabilities. Hackers use certain techniques to exploit the weakest links in the chain.

They first identify poor security systems in some devices. Then they embed compromised hardware or software. They can also conspire with insiders to launch data breach attacks via IoT devices.

How to deal with this:

Business owners should develop a strong endpoint security system to achieve digital security. You can start by changing default names and passwords. Do this for both the router and each individual IoT device. Use strong passwords, robust encryption, two-factor encryption, biometrics, and/or a pass card. Avoid third-party risk by building relationships only with trusted supply chain entities.

4. Increased cloud services mean increased cloud security threats

Cloud services are becoming popular with small businesses. They offer a range of benefits, such as efficiency, scalability, and lower costs. The rapid adoption of remote work also increased the need for cloud services.

The move to cloud computing was drastic. It gave small businesses little time to prepare their infrastructure. They also came unprepared because of limited resources.

Another drawback is the inadequacy of some cloud services. Some providers cannot provide secure encryption and authentication. Others lack proper configuration and audit logging services. Some others fail to isolate the data of tenants from each other because they are sharing space in the cloud. These weaknesses opened vulnerabilities that hackers gladly exploit.

How to deal with this:

Prepare your infrastructure before transferring data to the cloud. Be aware of added vulnerabilities that cloud services may bring. Partner with a trusted cloud service provider.

5. Multi-factor authentication is gaining popularity

This is a positive trend that small businesses are embracing. But then again, threat actors are keeping up with the trends. They have found new ways to hijack some methods of authentication. More specifically, they’re seizing control of authentication through SMS and phone calls.

SMS has some built-in security, but messages sent are not encrypted. One-time passwords (OTP) can be intercepted in plain text via man-in-the middle attacks. Online banking transactions using SMS authentication are the most vulnerable accounts.

How to deal with this:

Financial institutions must turn to app-based authentication. Consider using Google Authenticator, Microsoft Authenticator, Authy 2-Factor Authentication, and other similar apps.

6. Mobile devices are attractive targets for hackers

Two-thirds of the world’s population use smart mobile devices. That’s nearly every adult having one.

People often carry with them their phones, tablets, and wearables. They use these devices for many of their online transactions. For example, they use their phones or laptops when they bank, shop, or travel.

Cyber criminals are happy with the widespread use of mobile devices. They’re taking it as another opportunity to target mobile channels as attack vectors. About 70% of fraudulent transactions originate from mobile platforms. This was one of the significant findings of the RSA Conference 2019.

How to deal with this:

There is no single method of protecting different kinds of mobile devices. It’s about providing extra layers of protection to both hardware and software. The 5G technology is another area that needs patches for potential security vulnerabilities. Training employees on device security is also a big help.

7. Phishing remains a very devastating cyber threat to small businesses 

And there are no signs it will stop soon. Phishing scams continue to use emails as launching pads for cyber threats. It’s scary because phishing is moving at full speed with more varieties.

Phishing emails often target employees working from remote places. Many employees use unsecured personal gadgets to connect to their company networks. Add to that sophisticated social engineering tactics and you have an almost perfect cyber breach.

Attackers adapt and refine their techniques to their victims’ habits. Social engineering makes it hard to detect the attacks. Phishing victims easily fall for the perceived legitimacy of the phishing emails.

How to deal with this:

Phishers use fake identities to carry out their devious acts. Employees should undergo identity training programs. These will help them recognize the authentic from the fake. Most phishing attacks come through emails. It’s worth emphasizing not to click on malicious links or download suspicious files.

8. Insider threats are growing 

Insider threats come from actors you never suspect. They are lurking around company cubicles. They’re waiting for an opportunity to attack when employers least expect it, doing their regular tasks to avoid detection. 

Insiders may be current employees that misuse company information. They are financially motivated and want to generate extra income. Gartner estimates insiders make up 62% of all malicious players.

Disgruntled current or former employees also contribute to insider threats. They deliberately steal information or sabotage the company. Gartner’s threat statistics show that 29% of this group are motivated by money. About  9% are driven by a vindictive desire to commit sabotage against the company.

Some employees exhibit compliant behavior toward cyber security. But they also make inadvertent mistakes. And they don’t realize their mistakes until it’s too late. These people are unknowing members of the insider threat circle.

Malicious insiders are more dangerous because they know their way around current security systems. They know how to bypass security measures and how and where to find unpatched vulnerabilities.

Some company executives are also partly to blame. They don’t take security awareness training seriously. Sometimes, their busy schedules do not allow them to attend training programs. Their indifference could leave them vulnerable to business email compromise (BEC) attacks.

According to a recent Verizon report, 34% of cyber attacks are caused by employee mistakes. The occurrence of insider attacks is projected to grow.

How to deal with this:

Insider threats are often triggered by excess access or abuse of access. Companies should develop a perfect balance between granting access and limiting access. Give the right access to the right user when they need it in their job, or no access when they don’t need it to do their job.

9. Data privacy will no longer be a mere component of a security program, but a program in itself

Sensitive data is the single most important target of attackers. Companies are increasingly concerned with merciless data breach attempts. Many are moving toward making data privacy a discipline. The European Union has started its own General Data Protection Regulation (GDPR). So far, it’s the toughest privacy and security law in the world to counter cybersecurity threats.

GDPR was crafted and passed by the EU. But it covers all organizations around the globe that want to collect data related to people in the EU. The regulation imposes fines against violators of its privacy and security standards.

How to deal with this:

Data privacy impacts almost every aspect of an organization. A data privacy discipline involves the creation of a data privacy management system. You must have a competent chief security officer and trained security staff. You must also have security tools that prevent data loss and repel cyber breaches.

10. Artificial intelligence (AI) is expected to automate threat analysis 

The sheer volume of cybersecurity threats is overwhelming to human capabilities. AI is expected to simplify the analysis of tons of cyber security data. Machine learning will also be a great compliment.

AI can establish threat patterns and malicious cyber behaviors. It uses as much data for as many potential scenarios as possible more quickly than humans. This saves time and money for cyber security teams. This will also help them perform their routine security tasks more efficiently.

Many businesses have yet to embrace AI. The practical applications of AI are still developing. Companies expect it to grow in sophistication and capabilities. They want something that can beat automated cyber security attacks.

How to deal with this:

AI is not only for larger businesses. It’s relatively expensive because it’s still in its early stages. It can also benefit smaller businesses whose security teams are under-resourced.

Final Thoughts… 

The same is true for cyber criminals. They continue to search for new ways to harm people and organizations. But there’s no stopping digital transformation while cyber security threats continue to evolve.

We hope what we shared will help you adopt cybersecurity best practices. These will also help you shape a foolproof cybersecurity strategy.”

RELATED: What’s the safest and most effective mosquito repellent available in Canada?

We know these requirements can seem overwhelming, but they are nothing compared to the complexity of dealing with a mosquito cyber attack. And, you don’t have to go it alone. 

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. 

To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives