Rethinking Today’s Threats And Tomorrow’s Digital Business

Tips For Managing Your Security Posture​

10.04.19 by Jeremy MacBean, Director of Marketing and Communications, IT Weapons

Your business is at risk. Every organization faces an increasing range of cybersecurity threats from ransomware, email spoofing and more.  Today’s business leaders have to address this reality, understand the evolving threats and commit to pro-active investment and maintenance of their security posture.

Every business is now a digital business

Whether you operate a B2B accounting firm or you make guitar accessories from recycled textiles, your customers are expecting to interact with you digitally.  You have to embrace the increasing role of digital technology in your business. You cannot shrink away from digital-first engagement with your customers. You can certainly bet your competitors are hoping you are slow to adopt a digital-first mindset.

We live our lives online and we expect to conduct business digitally as well. We shop online, we pay our bills using banking apps, and most of us spend a great deal of time on social media.  We search for reviews online before we purchase anything, and we are growing more accustomed to interacting with chatbots and AI in our pursuit of services, solutions and consumer products.

It’s not about trying to eliminate risk, it’s about understanding the risks and mitigating their potential impact on your business.  The research is clear; your company WILL suffer a cybersecurity incident at some point.  The question you face is this: how prepared is your organization is to respond to these new and emerging threats?

 

NEW THREAT #1 – Cryptojacking

Cryptojacking is an increasingly popular kind of malware that hides on your device, sucking up processing resources and mining for cryptocurrencies like Bitcoin.  The short story on cryptocurrencies is that they are systems of encrypted, decentralized transactions and ledger records.  They require a tremendous and increasing amount of computing power.  For cybercriminals, stealing your computer’s horsepower is a lot cheaper than buying a fancy, purpose-built computer to mine for bitcoins.  Hence the growing popularity of cryptojacking.  The malicious code infects desktops, laptops, smartphones, and even your company’s network servers.  Unlike a piece of ransomware that will lock down your files and demand a ransom from you, cryptojacking viruses are designed to stay completely hidden from the user.  This often leads to severely degraded device performance, increased electrical bills and a way slower internet connection.

For your personal and work devices, invest in good anti-virus software and make sure you regularly back up your files with a modern (perhaps cloud-based) solution.   Those are among the best, and easiest things you can do to prevent damage and infection.

 

NEW THREAT #2 – Formjacking

Forget about trying to hack into your device or your company’s network, that might be too much work for today’s cybercriminals.  An easier method of seeking illicit profit is to hack an e-commerce website and intercept personal, private and financial information at the point of digital data entry.

In 2018, nearly 5,000 websites were compromised every month (2019 Symantec Internet Security Threat Report).  Formjackers install malicious code onto vulnerable websites, compromising the forms where we often input our personal and credit card info when we shop online.  The nefarious code steals the information and then the stolen data is often sent to a dark web server for distribution or sale, with the victim unaware that their payment information has been compromised.

In one high-profile example from last year, a hacker managed to modify web scripts running on the British Airways site and stole 380,000 credit card details, netting more than $13 million in the process.  Yikes!

Is your website and corporate network secure and up-to-date?  When is the last time you conducted a vulnerability assessment? Is your staff aware and mindful of cybersecurity in their everyday work?  These questions matter. A simple, six-question quiz can help measure the health of your technology.

“Security is a Process, not a Product”
Bruce Schneier

Managing your security posture at work and at home is just like owning and driving a car. Sure, there are risks, but what is the cost of lost productivity and limited mobility if you don’t have a car?  Safe car operation means that we take the right precautions, we follow the rules of the road, and we invest in regular maintenance to ensure the safety of our vehicle.

The same needs to be true for cybersecurity at work and at home.  You need good habits. You need to change your passwords regularly and back up your files to a secure service or device. At work you need strong policies, and everyone has to be on board to follow them. You need to make sure you don’t use your work email address for personal use—like shopping on Amazon or subscribing to Netflix.   You need to invest in good antivirus tools for your computers and mobile devices.  And you must commit to regular updates from the vendors who publish the apps you use (Microsoft, Symantec, Apple, etc.) to keep them up-to-date and secure from bugs and vulnerabilities.

A Rising Tide Floats All Boats

A cybersecurity incident is not a matter of if, but rather when.  And your leadership group needs to take this reality seriously.  Now.  Sadly, cybersecurity is chronically underfunded by most organizations– especially SMBs in North America.  And that situation makes it easier for cybercriminals to make a living off our collective vulnerability.  The more we take risk management seriously, the better off we will all be.  The more we take the right precautions, educate our staff, invest in the right tools, the harder it will be for cybercriminals to make a profit.

The first step to a safer business is accepting the risks of today’s digital-first ecosystem and deciding to do something about it.  Are you ready to talk security?  We can help.

To learn more about mitigating cybersecurity risks, please head to our YouTube channel to watch our recorded webinar. Our National Security Manager, Tim Coker, took us through real examples, and best practices for avoiding a hacking incident.