If there is one constant in IT, it is that cyber-threats are ever-changing. From malware and ransomware to some of the most sophisticated social engineering ploys we’ve ever seen, the next year is shaping up to be a battle that keeps every IT professional on edge. Here are the key dangers – and how to address them:
1. Phishing
The Australian National University (ANU) recently released its report into a major security breach in 2018. While they stopped short of naming China as the culprit, ANU Chancellor Brian Schmidt described the raid as a carefully targeted ‘diamond heist’ by a hacker at ‘the very top of their game and at the cutting edge.’ The email that provided entry didn’t even have to be opened, just viewed in a preview, for the attack to be carried out.
We certainly work with some excellent technologies to reduce suspicious emails ever reaching inboxes, and to thwart attackers if they get that far – but the reality is that hackers are getting smarter and more targeted – meaning that organisations must up their game in order to stay safe.
2. People
The best plan in the world is limited unless it features education of all staff. When we train businesses, we recommend everyone take part – because your defence is only as strong as its weakest link. We are seeing many attacks that reach the target thanks to one person innocently clicking a link or opening a file from a seemingly trusted source that a little training would have told them was not legitimate.
3. Outdated equipment
Modern devices are designed for modern threats, but anything a few years old could cost you far more than you save by putting off replacement. Many successful breaches exploit an old laptop to get inside the business. And don’t forget about printers – because hackers certainly won’t. Old, networked printers are a familiar path to entry.
Check the credentials of vendors when replacing equipment. Leading the way is HP, who packed into the latest EliteBook laptops more security features than you can shake a stick at, from fingerprint authentication to preventing exploitation of the start-up process below the operating system. They’ve added biometric security to their printers, too, along with malware defence systems. It is no longer safe to just go for the cheapest model – in today’s security climate, that may well be a false economy.
4. Passwords
Amazingly, even in our era of headlines about cyber-attacks, passwords featuring ‘123456’ or the name of a favourite football team are common. Even ‘strong’ passwords can be cracked, so it is important to use every tool at your disposal to make life harder for cyber-criminals. Password managers remove the burden of remembering many passwords. Two-factor authentication is relatively easy to put in place, with many cloud apps offering a free SMS authentication option. Importantly, these two methods are easy for your users to work with, making them a winning strategy.
5. Software Updates
Reputable software companies are very quick to offer security patches and advanced features to keep pace with known vulnerabilities – but these updates won’t help if it takes a while to get around to performing updates. We know everyone is busy, and dealing with mobile staff can make it tricky, but this is an essential. Many businesses without the luxury of large, round-the-clock IT teams, are turning to managed services and Device-as-a-Service (DaaS) options, secure in the knowledge that it is someone else’s job to act immediately when an update or patch becomes available. In the case of laptops, this can usually be done remotely so that you are not dependent on staff to make it into the office.
These five key risks are not the only security considerations, and while they will drastically decrease your risk, we always recommend talking to our security specialists to get a full run-down of your organisation’s unique risk environment.
Time to prepare for 2020’s IT security challenges? Chat to Area9’s friendly team to gauge your organisation's unique risk environment, and how Area9 and HP can help secure it.
Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.