cyber_security_threats

5 cyber security threats you may not be aware of

Cyber security has never been so relevant as it is in this post-Covid era.
But are you aware of all the threats your business faces every day?

Cybersecurity is on everyone’s lips. And for good reason.

Cyber security threats are getting increasingly more sophisticated – and damaging. As people have their whole lives online, a security breach opens the door to data thefts or confidentiality violations. We’re talking banking info, social security data, tax declarations, or medical records, just to name a few.

These are the 5 key security threats you may not know about.

5 security threats to watch out for in 2022

Apart from the widely known cyber security threats like phishing, malware viruses, or third-party software, there are others that target mostly businesses with devastating consequences.

1.     IoT vulnerabilities

Internet of Things (IoT) devices are used to collect data and communicate it across systems which are, in effect, data providers. This paints a target on their back for attacks where sensitive data is accessed and used to compromise other connected systems. To make matters worse, IoT devices are vulnerable because they lack the necessary built-in security controls to defend against cyber security threats.

That is precisely what happened at St. Jude Medical where transmitter vulnerabilities caused an implantable cardiac to be hacked. Thanks to quick thinking, the team identified and fixed the vulnerabilities. But should hackers have gotten to it first, they could have gotten control of the device potentially harming the patients, for example, by administering incorrect dosages of medicine.

2.     Credential stuffing

Credential stuffing happens when credentials from one data breach are used to access other unrelated services. This is a consequence of the combination of sophisticated bots that can simultaneously attempt several logins from different IP addresses, and customers that reuse their passwords across several platforms.

This is one of the biggest cyber security threats businesses and customers face. It is also why so many businesses are implementing multi-factor authentication, password-less authentication, or user behavior analytics. Social media, email services and email-based services are some of the most common targets.

3.     Man in the middle

A man in the middle (MITM) attack involves a third party intercepting a communication or transaction between two other parties, stealing the information being shared, and then using the stolen data for other purposes.

 

data_breaches_compared

Percentage growth in 2020 data breaches compared to 2019. Source: kroll

 

A MITM attack usually involves using a fake security certificate that appears as a legitimate web service and bypasses browser security settings. For example, when accessing a banking website from an insecure network, such as a public wi-fi network, a hacker could exploit a vulnerability in the system, interrupt the traffic, and steal passwords and other banking data.

4.   Denial of service

A Denial of Service (DoS) attack happens when an attacker disrupts a network’s normal traffic by overloading it, rendering it unable to respond. When such an attack affects simultaneously multiple devices or systems, it is called a distributed denial of service (DDoS) attack. A common DDoS is a DNS attack, where users enter what they think is a trusted address and are redirected to malicious websites because the DNS server is compromised.

DoS and DDoS attacks normally take advantage of the system overload, which makes it more vulnerable to attacks to enter the network or environment.

Ukraine was a recent victim of a mass DDoS attack that took down several government websites in February and affected banks as well. Later it was discovered that a “wiper” malware had been implanted in thousands of machines across Ukraine.

5. Cloud breaching

With many organizations transitioning to cloud-based systems, more and more threats target cloud security. The top cloud vulnerabilities include improper management of RDP (Remote Desktop Protocol), misconfiguration, weak authentication, weaknesses in cloud deployment and shadow IT that give hackers access to assets and sensitive data of companies.

For example, in 2020, cloud service provider Blackbaud got tangled in a huge lawsuit after being hacked and millions of users getting their bank details stolen.

How to protect your business and your customers

The best way to protect your business and your customers’ data from cyber security threats is to prevent data breaches. And preventing data breaches needs commitment from the entire team.

Back up data

Backing up all your business’s digital data is imperative. You should do it regularly and via multiple back-up methods. A good backup system typically includes end-of-week, quarterly and yearly server back-ups, as well as daily backups to a cloud service. To be on the safe side, check and test regularly that you can restore the data from the backups. When using cloud storage, use encryption to transfer and store your data and multi-factor authentication for access.

Secure devices and network

To keep your devices and network secure, the very basics are to make sure software updates to avoid security flaws, to invest in security software with anti-virus, anti-spyware and anti-spam filters. It is also important to set up a firewall on all your portable business devices, and to turn on your spam filters, reducing the amount of spam and phishing emails.

Encrypt sensitive information and communications

To encrypt your business’ stored and sent online data, turn on network encryption through router settings or via a virtual private network (VPN). Encrypting data reduces the risk of theft, destruction or tampering.

Educate and train your staff

To stay compliant and protected, start with your staff. Provide regular training in order to educate them on keeping good passwords and pass-phrases, identifying and avoiding cyber threats, and on what to do when they encounter a cyber security threat and how to report it.

Conduct regular audits

Regular audits to assess the cyber protection of your business will ensure that the system you have in place works well, identifying any weaknesses and responding appropriately. Remember: it is always better to know how your system will react beforehand. Do not wait until you need it, as with a data breach.

(Cyber) Security comes first

We’ve used the word “hacker” often and maybe this paints an image of a single person, human, Mr. Robot-style, behind a computer, trying to hack into your network. Well, the truth is most day-to-day hackers are not persons but bots, sophisticated ones, that can identify and exploit several vulnerabilities at the same time. This makes them so dangerous and effective.

Do you and your business need cyber security advice or guidance on how to avoid or minimize cyber security threats? You are in the right place. At Near Partner we take cyber security seriously, given we work with all kinds of businesses, all over the world. We can help you identify potential security weaknesses and advise you on what kind of solution fits your business’ needs.

Get in touch with us, and let’s find the best cyber security solution for your business. Take a look at our expanding team of incredibly talented developers: they’re all here to help make your vision come true. Meanwhile, check our Project Cost Simulator.

Sérgio Cunha

I have been a developer for longer than I can remember (well... maybe not). Does that sum up everything about me? I love tech, but I’m also a husband and a father, I love to learn new stuff and experiment with life."Hack hard and prosper!" has been my latest motto. Take good care of yourself and the rest will follow…