Get inside the latest trends in cyber security news, updates and industry threats from July in our monthly recap.
Quote of the month:
“To successfully prepare for a cyber attack in today’s landscape is to accept that your organization will be the next target. Whether you are most vulnerable or not is entirely up to you.”
Rodney Joffe, Neustar senior vice-president.
Don’t wait until an attack strikes – get in contact with our world class team of security professionals by calling: 1.800.985.1365
The Growing Cyber Liabilities Targeting Today’s C-Suite
It is no wonder the top of the corporate ladder has attracted the most attention from cyber criminals looking to extract vital business information to conduct organizational hacks. With access to companies’ most confidential and sensitive information, it is increasingly important for c-level executives to protect themselves from the security risks they face.
With new threats and cyber weaknesses uncovered each day, what that requires is executives taking much more precautions and security measures than what was expected ten, five, even two years ago. Keeping tight reign on how information is stored, shared and accessed is a critical component in the necessary steps to take in breach prevention. Communication is another key area targeted by cyber criminals with a potential to uncover secure information about business practices, current challenges, customers and more.
As the wave of importance on cyber security continues to grow, many executives are not however keeping up. New research uncovers the lack of data and network protection being taken by the biggest professional figures in today’s organizations.
This gap between security and the executive suite has been a hot topic in the news. Highlighting these issues, sources like Computer Weekly look to reports from security firms like that of Code42 who recently emphasized the need for data security strategy and the role human behavior plays in their latest study.
Some stats uncovered in the Code42 report:
- 93% of CEOs say they keep a copy of their work on a personal device, outside of company networks
- 63% of CEOs in the study admitted to clicking an unsafe link in emails
- 59% admit to downloading software without corporate security approval
With this lack of effectiveness in top level employees taking on necessary practices, security professionals are beginning to predict growing threats are imminent in today’s businesses. Outlined in the Code42 report, 64% of CISOs believe their company will have a breach in the next 12 months while 61% say they have already experienced a breach with the company in the last 18 months.
Understanding the widespread impacts of not taking steps towards creating a safer business environment is the first step to getting best practices in security more widely adopted. As we continue to hear about more globally recognized organizations with multi-million dollar budgets compromised by preventable actions, there will be a drive to take on these measures.
So what does this mean for today’s corporations not adapting to the growing risks? The barriers for entry through security hacks are a reality that is only getting stronger as businesses and their employees rely more on digital technology. As stated by Computer Weekly, an example should be set by the leaders of our organizations but for now, “While companies spend billions to prevent data loss, the research suggests that data remains vulnerable to employee transgressions – and the C-suite is among the worst offenders.”
90% of eCommerce Login Attempts are Made by Hackers
The alarming rate at which reports are surfacing on the number of cyber security vulnerabilities is only continuing to rise with a new study released earlier this month on the ecommerce space and the weaknesses it faces. Historically targeted for users’ financial and personal data, businesses operating in the online retail space have been forced to continue to introduce measures to protect their customers in order to survive. However, as the number of breaches in 2018 alone have hit record-breaking numbers, the landscape for online stores is only getting more complicated and despite new technologies helping to prevent existing threats, hackers are developing their own new tactics to exposure new weaknesses not yet discovered.
Understanding just how far away we are from ensuring protection to online users is a constant reality both companies and their customers must adapt to. Last year alone 1.4 billion passwords were hacked and leaked and distributed through a network of hackers to use. This alarming stat comes a new study covered by Forbes that also showed an overwhelming 90% of all login attempts on these ecommerce sites were made by hackers. Why? This is business is called “credential stuffing” and is used for tapping into online businesses to access users’ personal and financial details for identity theft and fraudulent charges.
Last year, 1.4 billion passwords were hacked, leaked, and dumped into an online document that circulated the information for hackers to reuse. And selling the information on the dark web is a business for online hackers.
In this case, hackers are using an attack method called “credential stuffing” to breach a system and gain access to user credentials, which they later use to breach other online systems. When targeting online businesses, they are able to use this information to gain access to retail sites to steal gift cards and other products from companies.
The biggest let down is through that of unsafe payment processors that are not equipped to block this level of risk. Now clearer than ever is the critical need for increased security measures on the application and user level. But a future without security threat is growing more impossible as business and consumers transition more to the digital space. These advances are opening the gate to cyber criminals to continue developing new methods of attack. With an obligation to protect customers, this has created some of the costliest and reputation harming threats that is only expected to grow.
Bluetooth Opens up Another Opportunity for Hackers
The means at which Bluetooth technologies have entered our personal and business environments has grown rapidly over the past few years. Now with more devices Bluetooth compatible through computers, cars, mobile devices, hardware equipment and countless other digital systems, the threats targeting the technology once considered secure has begun to catch up.
At the route of Bluetooth technology and compatible devices is secure networks that are tapped into to connect systems together. Required to conduct a sync in devices, the proper encryption keys must be setup before making a wireless connection. However, a vulnerability in the technology Google has called severe now reveals there are weaknesses accessible to third parties when devices are actively searching for each other.
As described by a lead cyber security researcher at the Hiroshi Fujiwara Cyber Security Research Center who helped to uncover the exploit, “The technology we developed reveals the encryption key shared by the devices and allows us, or a third device, to join the conversation.” What this creates is an opportunity for hackers and third parties to listen in and sabotage the conversation of wirelessly connected devices.
This threat is particularly sensitive to businesses relying on Bluetooth devices to run their most critical operations and to exchange confidential information. In response to this alarming discovery of potential Bluetooth breaches, manufacturers including Google, Apple and Intel have been contacted and are releasing updates to fix the issues.
However, these updates are only effective in protecting users and preventing breaches to businesses if they are properly installed and tested. With many unaware of the potential vulnerabilities and not setup with automatic updates on their devices, many are left unknowingly exposed to these and a growing number of new threats to come.
At Infonaligy we keep businesses in the know and protected from attack – learn how.
Meet with Strategic Security Operations Specialist, Steve Waters in Our Upcoming August Lunch & Learn Sessions
Next month we will be kicking off four more sessions in our CFO’s & Cyber Security Event in both Dallas and Plano. Hear real-world knowledge from veteran and Infonaligy CISO Steve Waters and his cyber security skills utilized in Afghanistan and Kuwait wartime operations. Join the discussion on the CFO’s role in cyber security and learn about the critical steps financial executives can take towards protecting and minimizing the losses in their organization.
Events take place August 29th and August 30th, with morning and afternoon sessions and complimentary refreshments included for attendees.