For 11 years now, the U.S. government has recognized October as Cybersecurity Awareness Month. While the original goal may have been to acknowledge the growing risks that cyberthreats pose to national security, it has – unfortunately – become all too clear in recent years that cybersecurity is an issue that affects not just government agencies, but anyone and everyone, regardless of industry.
Consider how, in the last few years, claims of identity theft and tax fraud have skyrocketed, targeted data breaches at major companies – from big banks to retailers to healthcare providers – are compromising millions of records containing personally identifiable information (PII) and the IT departments responsible for safeguarding against these risks seem virtually powerless. And with businesses progressively moving their operations online – shifting email, files and other data into single-vendor cloud platforms like Microsoft Office 365 or Google Apps – these risks and their ripple effects will only continue to grow.
As our lives become increasingly digital and interconnected, implementing proper cybersecurity and staying one step ahead of new threats will only become more important. To that end, and as Cybersecurity Awareness Month winds down, here are a few cyber risks you should put on your radar to protect yourself and your data in 2016:
1. BYOD Workplace Policies
Bring Your Own Device (BYOD) policies may allow employees the freedom to use their own familiar phones, tablets or laptops for work purposes. But, it also presents a glaring security flaw when you consider that 43 percent of smartphone users in the U.S. don’t use any kind of password, PIN or pattern lock protection – let alone sophisticated methods like two-factor authentication – and 50 percent connect to unprotected Wi-Fi on a monthly basis.
Or, consider what would happen if a former employee went rogue and managed to use workplace credentials that remained on their personal devices to access and deliberately sabotage company data. It’s bad enough when a hacker manages to crack your password or network security on their own, but it’s even more troubling when the perpetrator was willfully given that access in the first place.
2. Connected Cars
This is something we wrote about last year, and the threat against connected cars clearly isn’t going away, as it just landed on CNBC’s list of top cyber concerns for 2016. While we still may be a ways off from seeing driverless cars as the norm, that hasn’t stopped Internet-enabled smart cars from growing in their popularity. But while we may use these handy features for calling up GPS coordinates on the go, hackers may increasingly see an opportunity to piggyback on that same network connection to hack into your car – a vulnerability that can leave your engine or brakes in someone else’s control. Vulnerable connected cars are a highway pileup just waiting to happen.
Gone are the days when hackers masqueraded as foreign princes and sent you badly misspelled emails asking for bank account numbers. Cybercriminals have become much more sophisticated, now utilizing targeted spear-phishing tactics to bypass traditional email security and sending more personalized messages to victims that, without a more discerning eye, can seem completely innocent. That is right up until the recipient clicks a link that redirects them to a shady website and promptly infests their computer with malware and hands over network access to the hacker. The Anti-Phishing Working Group’s most recent Global Phishing Survey found 124,000 cases of these attacks occurred in just the first six months of 2014, marking a drastic and alarming increase.
Network administrators can’t always prevent employees from unsuspectingly clicking on suspicious links or downloading malicious attachments. What they can do, though, is employ tools that allow them to revoke access to breached endpoints and suspend network connections to infected devices to quarantine the impact of a spear-phishing attack and keep it from spreading.
The Best Offense is a Good Defense
These are just a few of the all-too-many fronts where cyberattacks are gaining in both frequency and impact. But the situation is far from hopeless – and as is often the case in life, the best offense is a good defense. Keeping yourself apprised of these and other emerging threats and taking the appropriate defense-in-depth measures to safeguard personal and company data ahead of time – through a combination of VPNs for remote network access, multi-factor authentication, firewalls, and intrusion detection systems – can make all the difference in keeping you from becoming the latest addition to these statistics.
Want to learn more threats to your company’s network?
In 7 Security Threats You May Have Overlooked, we cover:
– How to handle environments fraught with rogue employees, personal devices, and EOL products.
– A sound approach to security policies and their enforcement, including the important of executive involvement.
– A new way to think about VPN solutions to simultaneously maximize security, flexibility, and ease of management.