The information security threat landscape is constantly evolving, but it’s not getting any less complicated. In 2017, Ponemon Institute research revealed that 1 in 4 businesses in the U.S. suffered a security breach. Threats aren’t equally distributed by business size, 50 percent of small businesses were targeted by hackers and health care organizations were also heavily-targeted by 15 percent of last year’s incidents.

Recent headlines have revealed plenty of scary threats, including ransomware epidemics and the emergence of wiper viruses. While it’s possible 2018 has new super threats in store, it’s likely you’ll face a well-established threat. From social engineering to weak passwords, you may be surprised by today’s most common information security threats.

1. Crimeware-as-a-Service

Some of today’s smartest hackers are selling ready-made crimeware to wanna-be hackers on the dark web by subscription, including malware-as-a-service and ransomware-as-a-service. Last year, 51 percent of security breaches involved malware, which can now be purchased through illegal channels for just several hundred dollars each month. Criminals are getting bolder–one pre-packaged threat called “Philadelphia” was recently advertised openly on YouTube.

2. IoT Vulnerabilities

Experts predict one of the worst trends in 2018 will be security vulnerabilities caused by connected internet of things (IoT) devices. InfoSecurity Magazine’s Tara Seals attributes this to the fact too many “devices are manufactured without security regulations or industry standards.”

If your business isn’t powered by high-tech sensor or beacons, you’re not necessarily in the clear. IoT devices include office technology. Like IP phones, printers, and routers–all of which could represent possible modes of entry into your company’s network. In one survey, 63 percent of companies admitted to a printer-related security breach.

3. New Compliance Requirements

If your company collects data on European Union Citizens, you’ll need to prepare to comply with the General Data Protection Regulation (GDPR) by May or face fines of €20 million–that’s approximately $24.3 million. Many companies will need to adjust processes and systems to meet requirements from the GDPR, PCI, HIPAA, or other legislation.

While compliance isn’t a threat, it plays an important role in discussions of information security. Just 28.6 percent of companies are still compliant a year after assessment, and failing to meet standards can indicate security risks. Compliance can also demand significant IT resources. If your company is struggling to balance compliance and cybercrime risks, you may need security help.

4. Password Theft

A staggering 81 percent of 2017 security incidents involved weak or stolen passwords, which was often combined with tactics like phishing, hacking or malware. One emerging trend is “password aftershock“–when hackers are able to successfully gain entry to a company’s network using username and password combinations stolen from other breaches due to people’s tendency to recycle the same passwords over and over again.

5. Email Risks

Phishing still works–66 percent of installed malware last year was delivered by an email. Hackers are getting savvier and increasingly employing techniques like social engineering to “spoof” malicious emails into appearing like they were sent by a colleague or personal friend.

Email is a critical business communications tool, but it’s also one of the easiest ways for hackers to get inside your network. Information security awareness training and testing are likely a necessity.

Conclusion: Are You Prepared for These Security Threats?

While 2018 could bring next-generation security risks, businesses are wise to take a look back at the most common threat trends that affected half of small businesses in 2017. Planning for the most common risks–like unsecured printers, weak passwords and phishing–could significantly mitigate your chances of suffering a data breach in 2018.

Avoid the costly impact of a security breach remediation with a complimentary assessment of your organization’s IT security. Click here to learn more.


Sources

  • https://securityintelligence.com/know-the-odds-the-cost-of-a-data-breach-in-2017/
  • https://www.cnbc.com/2017/04/05/congress-addresses-cyberwar-on-small-business-14-million-hacked.html
  • http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
  • https://www.darkreading.com/threat-intelligence/the-rising-tide-of-crimeware-as-a-service/d/d-id/1329102?
  • https://nakedsecurity.sophos.com/2017/07/25/ransomware-as-a-service-how-the-bad-guys-marketed-philadelphia/
  • http://quocirca.com/content/print-security-cost-complacency-121
  • https://www.gdpr.associates/what-is-gdpr/understanding-gdpr-fines/
  • http://www.verizonenterprise.com/resources/report/rp_pci-report-2015_en_xg.pdf
  • https://www.bna.com/people-dont-seem-b73014447747/

Bitcoin is all over the news. Seeing as this cryptocurrency surged 150% in value in a single month, a lot of people are now taking a look at blockchain, the technology that allows cryptocurrencies like Bitcoin to exist. While it’s a complicated concept, the basic framework is that blockchain eliminates the need for third-party record keeping through its ability to provide a publicly distributed, immutable ledger that ensures accuracy.

While blockchain is clearly making its mark on the financial industry, this new technology is poised to disrupt the way we do business in nearly every field. Here are five industries that will soon see the effects of blockchain:

1. Healthcare

Medical records are some of the most personal and sensitive pieces of information about us. Hospitals often lack the data infrastructure to both securely store these records and share them effectively with necessary providers. Startups and established healthcare companies are working to implement blockchain medical record keeping to ensure integrity and trust in the system.

2. Food Safety

With blockchain, transactions are permanently recorded in a ledger that everyone can access. This means near instantaneous tracking of the supply chain of anything recorded in the blockchain. In the event of an E. coli outbreak, food safety personnel can determine the source of the contamination almost immediately and work to get dangerous food off the shelf that much faster. Not only can that save money, it can potentially save lives.

3. Banking

The reason that Bitcoin has had such success lies in the fact that it has removed the intermediary once needed for financial transactions. With blockchain, banks are no longer necessary for verifying that someone has the money they claim to have. Distributed ledgers will soon come to challenge banks as the sole record keepers of the financial world, opening up the door to new financial tools altogether.

4. Real Estate

Real estate is a multi-trillion dollar industry. However, a lot of that money is tied into the paperwork involved in deeds, records, contracts and plats. While in-person interactions have traditionally handled those types of documents, the ability to put things like title transfer into blockchain will reduce costs dramatically and make fraud much more difficult.

5. Legal

Traditionally, contracts passed back and forth between parties for the purpose of making changes, where others then reviewed and made their own changes. With an immutable record, the once time-intensive process of contract creating, signing and even enforcement can be reduced dramatically, saving time and money. Intellectual property, deed management and public records all stand to see changes with blockchain technology, signaling a bout of disruptions on the horizon for the legal industry.

The blockchain is the technology behind Bitcoin, Ethereum, Litecoin and other cryptocurrencies. While these are the most well-known uses of the blockchain, its benefits mean it has far-reaching implications for finance and data security beyond the cryptocurrency industry.

The blockchain is a distributed database (a database which is stored on many different devices). This means that recorded transactions are verified by hundreds or even thousands of different actors (also called nodes). The number of nodes makes blockchain far more secure than a simple database stored on just one device: you can’t just change one copy to commit fraud – you have to change thousands.

How does it work?

Blockchain Tracks and Verifies Transactions Using Blocks and Keys

The distributed database holds a list of transactions, which are called blocks. These blocks stack up in a chronologically-linked chain; each one is time-stamped and references the block before it. These blocks exist in a strict order which cannot be changed.

The blocks and the transactions they hold are public, and anyone with a copy of the database can see them. It is impossible to make a change to an old block without the nodes noticing, flagging and rejecting the change.

When a transaction is made, it is verified using two keys: one private, one public. The private key is known only to the account holder and is used as a signature to confirm who the transaction has come from. The public key, which everyone has, can be used to decrypt and authenticate the transaction, but cannot be used to create a transaction; this prevents a user from creating false transactions.

What Are The Advantages and Disadvantages of Blockchain Technology?

Because of the way it works, blockchain has several key benefits:

An Unchangeable Database – The data held on a blockchain cannot be changed. Every transaction, once logged and accepted, is held on the chain and kept there forever. This makes it highly transparent and makes auditing transactions easy.

Reduced Costs – Transactions are verified by the nodes holding the blockchain, which means that traditional middlemen (such as banks) aren’t needed. Banks are investing heavily in the blockchain because if they ignore it, they might find themselves not needed.

Users Are Empowered – The blockchain allows users to have full control over their transactions and data. For example, the blockchain could enable individuals to have control over who accesses their medical records.
As with any system, there are also disadvantages:

Verification Bottlenecks – The cryptographic system used to sign and check transactions is complex, and requires a lot of computing power. This means there is a limit to how fast transactions can be processed.

More Work – When a transaction occurs it must be processed by every single node that holds a copy of the database (which could be thousands). This is a lot of extra computational work compared to a traditional database, where the transaction is processed just once.

What Can Blockchain Be Used For?

Blockchain can be used anywhere where a transparent, unhackable database would be useful, and businesses and governments are testing a wide variety of use cases. There is a high level of hype and excitement, but in this case, it might actually be justified – blockchain really does have the potential to revolutionize many industries.

For example, blockchain could be used to prevent voter fraud by being used as the platform for an unhackable vote-counting system which would both securely check voter’s identities and prevent changes from being made by a third party.

Another use case is as a means of authenticating ownership of a unique item, such as a piece of art. The art piece would be paired with a digital token, which could then be bought or sold. Even if the art piece was physically stolen, the original owner would still hold the ownership digitally. Any attempt at selling it on would fail because anyone would be able to look up the true owner.

As more digital technologies are released into the mainstream, it is becoming increasingly complex to do business, and more specifically to manage the data that new technologies generate. In the security realm, it is no longer a case of safeguarding your physical premises and assets; you need to ensure your digital assets are secure too.

The threats to your data are real. According to the latest data breach statistics, 3543 data records are lost and stolen every minute. For businesses that collect and store personal data from their customers, there are even more risks to consider. Data such as social security numbers, credit card details and bank account information can prove invaluable to criminals, and they will stop at nothing to get their hands on this information. If they succeed in their mission, your customers could bring about liability proceedings, putting your reputation and your business in serious jeopardy.

Protecting It All With Data Breach Insurance

Data breach insurance, otherwise known as cyber liability insurance, is designed to protect against data security risks and the damage that can be associated with them, be it to your finances or your stature. Your level of cover will depend on the policy you have in place, but most products offer identity protection solutions, legal fees, public relations solutions and liability. If your business ever falls victim to a data breach, it is vital that you restore the public’s confidence as quickly as possible. Data breach insurance helps you to do that.

What Types of Data Breach Insurance Are Available?

Cyber risks usually fall into two categories; first-party exposure and third party exposure. First party exposure covers those risks that affect a business first-hand, while third-party exposure covers risks that could affect the data of third parties such as customers, clients or employees.

First party exposure insurance can protect against the following:

  • Loss or damage to digital assets – this includes the loss or damage of software or data.
  • Non-physical business interruption – if your business network suffers any interruption or service failure, this insurance will cover associated expenses incurred while investigating the interruption.
  • Cyber extortion – if your organization falls victim to cyber extortion, where you receive threats from criminals to steal or damage data or restrict your network, your insurance company will handle the demand. This may involve payment of the extortion monies or criminal proceedings that bring the perpetrators to justice.
  • Reputational damage – this level of insurance helps to protect you from damage to your reputation following a reported data protection breach. Depending on the level of cover, your organization could be paid for loss of income, loss of customers and the cost of PR exercises to repair your reputation.

Third-party exposure insurance typically protects against the following:

  • Security and privacy liability – if a data security breach results in the theft or loss of third-party data, either client or customer, this insurance will cover defense and investigation costs as well as any civil damages you incur.
  • Privacy regulation defense – if your organization is investigated by a regulator following any data breach, this insurance will cover your defense and investigation costs in addition to any fines where applicable.
  • Customer care expenses – if you have a regulatory requirement to notify third parties about any data breach, this can often run into millions of dollars. This insurance will cover your notification expenses subject to the limit on your policy.

Don’t Leave Your Business or Your Data Exposed

Data breach insurance is designed to protect your data as well as privacy and network exposures. Whether it is a sensitive customer, employee or client data, there are increasing requirements for this data to be secure. By investing in comprehensive data breach insurance that is tailored to your business you can go on protecting what matters and give your customers total peace of mind.

In preparation for Cyber Monday, cyber villains have crafted a virtual onslaught of social engineering scams, and malicious, spoofed websites in order to dupe the droves of people expected to spend nearly $4 billion online this year.

It’s important to know the warning signs. Here’s your guide to safe online shopping on Cyber Monday and beyond.

1. Go directly to a store’s website instead of using search engines to look for deals.

2. Close ALL pop-ups and other digital ads–do not even acknowledge them.
Many pop-ups could contain fake coupons and redirect you to malicious sites.

3. Watch out for social media scams, especially on Facebook.
Cybercriminals are using fake or compromised Facebook accounts in order to post links to deals that don’t actually exist.

4. Do NOT open any Cyber Monday emails with attachments.
Emails with attachments, especially zip files, are likely to contain malware.

5. Make sure you’re on a secure connection.
Look for the padlock icon to the left of the URL in your web browser when you go to check out.

6. Do not use debit cards to shop online.
Cybercriminals will have direct access to your bank account when using a debit card. Using a credit card instead gives you the protection of the bank’s fraud program.

7. Avoid using public wifi to shop.
Try to avoid using coffee shops’ or restaurants’ wireless Internet connection as they may be monitored by cybercriminals looking for easy access to a poorly protected computer. Use personal hot-spots or your protected home or office connections instead.

8. Watch out for malicious QR codes.
QR codes are small, pixelated codes meant to be scanned by a smartphone’s camera. They often contain coupons, links to websites, or other product marketing materials. Some hackers have started creating codes that link to phishing or malware sites.

9. Don’t give up any extra personal information.
If a site starts asking for out-of-the-ordinary personal data, like Social Security numbers or password security questions, go no further and end the session.

10. Tighten up security before you shop on Cyber Monday.
Make sure all software on your computer is up-to-date, including your OS, browser, and other apps. Most importantly, your anti-virus and anti-malware software.

We would like to take this opportunity to wish you and your family a safe and happy Thanksgiving!

<< previous posts || next posts >>