As we approach 2021, our society and economy continue to embrace digital transformation as the covid-19 crisis force businesses to adapt to new and evolving cyber security threats, while countless employees suddenly found themselves working from home.
Organizations need to invest in a comprehensive cyber protection solution that keeps their data security one step ahead as cyber threats becomes relentless, targeted and disruptive involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more.
Fortune favours the prepared, so let us look at these threats and how to prepare yourselves:
1. Insider Attacks
Insider threat is not new; however, it is growing more sophisticated and aggressive. The risk could come from an employee, former employees, contractors or even associates.
Furthermore, with employees working from home and no longer accessing resources from inside the organization’s network, they are getting involved in data leaks intentionally or by accident.
Verizon’s report tells that 57% of information leaks involve insider threats, and 15% of leaks are a consequence of misuse of privileges.
Some steps can be taken before a new insider attack:
· Check employee background before hiring
· Monitor employee behaviour
· Educate and train employees
· Control third-party access
How else can we prepare for it?
One way is by deploying Senhasegura, a Privileged Access Management (PAM) solution that allows you to control access to specific accounts, store all access records for auditing purposes and analyze user actions in real-time that generates alerts about unusual activities. This lets us identify insider attacks much faster and more efficiently.
2. Phishing attacks
Now that more are aware of the dangers of email phishing or of clicking on suspicious-looking links, hackers are using machine learning to create and share convincing fake messages in the hopes that recipients will unintentionally compromise their organization’s networks and data.
CSO finds that phishing attacks account for more than 80% of reported security incidents and 94% of malware is delivered via email.
It gets more sophisticated as targeted digital messages are spread to trick people into clicking on a link that installs malware or expose sensitive data.
For example, you might get an email from Apple stating that your Apple account is kept on hold for security reasons, and the email will instruct you to type in your login credentials in order to restore your account. These attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, plus gain access to private databases.
A solution that can detect phishing in emails is RedSift’s OnINBOX. It shows real-time warnings by colour-coding the top of every email’s content from an automated security scan that breaks down the trustworthiness of a sender:
A for Authentication: emails are evaluated by security protocols the sender has in place. The stronger their security, the lower the risk of being spoofed by a familiar partner, supplier or other contact in your supply chain.
C for Content: All content in emails are scanned to highlight hidden signals that might cause harm, like malicious URLs or a hijacked domain. OnINBOX's advanced machine learning can spot non-technical threats with social-intelligence by analyzing human language and behaviour. So your employees don’t have to.
T for Trust: OnINBOX learns about the way users interact with people to identify threats and build a personalized trust network.
3. Mobile Breaches
Mobile security is at the top of every company's priority — and for good reason: Covid-19 has spurred businesses to allow employees to use their devices to Work From Home, and many to access corporate data from smartphones.
While smartphones, tablets and other small connected devices such as webcams and smart watches — commonly known as the Internet of Things (IoT) — allow companies to save money and streamline business processes, they also bring a new risk because they generally do not have consistent software updates, which makes them vulnerable to cyber attacks and infections.
According to an IBM study, we are 3 times more likely to respond to a phishing attack on a mobile device than a desktop, partly because people are more likely to see a message on the phone first.
What’s more, It's not just email anymore. A security firm, Wandera, stated in its latest mobile threat report that 83% of phishing attacks this year occurred in text messages or in apps like Facebook Messenger and WhatsApp, mobile games and social media platforms.
Despite these dangers, the policy of Bring-Your-Own-Device (BYOD) is now commonplace to minimize costs and increase operational productivity as it allows employee flexibility through remote work.
So, how can we protect both company’s data and its employees?
BlackBerry’s BYOD Solutions uses a containerization program to keep corporate and personal data separate, blocking unauthorized devices from accessing your network and allows mobile devices to access the organization’s intranet, emails and corporate network via a secure browser.
Alternatively, for pure BYOD without Mobile device management (MDM), SyncDog’s Secure.Systems™ also has a defense-grade containerized workspace that can control a third party’s access and actions by securing emails and cloud file management. It also offers anti-virus protection, instant messaging, Geo-location and GPS tracking.
Still, even that cannot stop data leakage if an employee makes a mistake.
For example, copying and transferring company data onto a public cloud storage service or forwarding a confidential email to an unintended recipient.
For that type of leakage, Data Loss Prevention (DLP) tools may be the most effective form of protection, where products such as Zimperium's zIPS Protection and Corrata’s Immune System for Mobile can scan apps for "leaky behavior," and automate the blocking of risky processes.
Corrata’s solution can detect and disable malware, even instantly quarantine infected devices while Zimperium's machine learning-based engine, z9 Machine-Learning, is the only machine learning-based engine capable of detecting unknown mobile malware.
Still unsure how to #WorkFromHome safely?
Comments