The new security threats
As 2020 gets well underway, the Grant McGregor team is taking the opportunity to ask: what are the security threats we need to be aware of now? Here’s our take on the security issues you should be thinking about in 2020.
Facing off against the ever-changing IT security threat resembles a game of whack-a-mole. As soon as IT specialists and solution providers have fixed one vulnerability, hackers are looking for a new one to exploit.
And no one is safe: not even the richest man in the world, and head of one of the world’s biggest technology companies.
This makes staying abreast of current vulnerabilities and favoured attack vectors vitally important if we’re going to have any chance of keeping up with the cyber criminals. Here’s a round up of some of the new security threats we’ll be facing this year and beyond.
1. Social phishing
We highlighted in a recent blog the expansion on of phishing away from email and onto social media platforms. When you’re training your staff to identify potential phishing activity, be sure that they understand that it isn’t just email where they need to be wary.
Ransomware continues to be a profitable business for ciminals, as we saw in the latest breach to make the headlines. As long as companies continue to fall victim to these attacks, hackers are going to have the money to finance their activities. Add to that the ease of downloading ransomware from so many sources and we can see why it continues to be a problem.
Your best line of defence? Keep your anti-virus and anti-malware and system scans up to date. Get a strong backup, disaster recovery and business continuity plan in place and test it regularly. And ensure your people are aware of the threat via regular training.
3. Not upgrading or installing security patches
Are you aware of the latest Windows security update? On January 14, 2020, Microsoft released an emergency patch to fix a vulnerability. If you haven’t installed this already, please do so as soon as you can – otherwise you’re leaving this vulnerability open to be exploited by hackers. In fact, all software needs to be kept up to date.
Read the advice from the UK national cyber security centre (NCSC) in its weekly update here.
Microsoft also took the opportunity to reiterate: “Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020. We strongly recommend that you update any computers running Windows 7, Windows Server 2008, or Windows Server 2008 R2 so you will continue receiving security updates.”
4. Office 365
Microsoft is now the most impersonated brand in phishing attacks. It makes a good target for the hackers thanks to its ubiquity. And hackers are getting cleverer in their impersonations, including links to real Microsoft pages in their emails to add credibility. Make sure your Office 365 users understand that they need to think twice before clicking on a link or entering their login details.
Also ensure you have adequate mail filtering in place, as O365 alone is not enough.
5. IoT devices
The Internet of Things is expanding rapidly as the range of connected devices available continues to grow. No matter how small or seemingly insignificant a device you’re connecting to your network is, it needs to be secured. Hackers will exploit devices on your network that don’t have adequate protections or have simply been connected with factory security settings intact.
All users need to understand they need to check with IT before connecting an IoT device.
6. Mobile malware
Malware specifically designed to target mobile devices is another growth area. Hackers are always going to look for easy ways in and, too often, mobile devices don’t have adequate security protections in place. Organisations need to develop and enforce good policies, ideally with the help of an effective MDM deployment.
7. Supply chain attacks
New collaborative ways of working and the way in which complex supply chains are becoming increasingly integrated poses a new threat as systems and supporting supply chain technologies are also integrated.
A security solution is only as strong as its weakest link. Tales abound of organisations being targeted via the IT systems of their supply chain partners. As a result, we’re increasingly seeing security considerations play a key role in purchasing decisions and security questions being asked in RFIs and RFPs.
8. Not getting the basics right
OK, so this isn’t a new security threat, but it is a perennial challenge, so it has to make the list. As long as you’re leaving the low hanging fruits on the tree for the hackers to pick, then the rest of it is all so much of a waste of time. Close the easy loopholes first by undertaking the Cyber Essentials scheme.
If you’d like help or advice about any of these technology topics, please get in touch with the Grant McGregor team.
Did you know that we can assist you through Cyber Essentials too? Find out more here.