Pretending you're safe won't actually make you safer
When was the last time you heard about a major hack or serious data breach? They happen all the time, and most companies are woefully unprepared to deal with them. What’s more, many companies aren’t even doing much to prevent data breaches to begin with. Remember a couple of years ago when Target was the subject of a data breach? That was the result of a contractor installing malware on printers. There are lots of types of threats to cybersecurity, but they fall into two categories that often work in tandem: insiders and outsiders.
- 90% of espionage threats capture trade secrets
- 89% of all data breaches in 2015 were motivated by finance or espionage
What is an outsider threat?
Outsider threats are those that come from outside of the organization. They can be from hacktivists, other nation states, white hat hackers, or even your competition. The type of threat will determine the motive- nation states want an economic or military advantage, while white hat hackers want to expose your company’s vulnerabilities so you can set about fixing them. Outsider threats include:
- Hackers at competitions trying to expose vulnerabilities for a prize or reward
- Foreign governments trying to gain access to a defense contractor to learn about the latest military technology in development
- Cybercriminals trying to access financial info for financial gain
What is an insider threat?
Insider threats come from those within an organization, including contractors like the ones who compromised Target. They can be once-loyal employees who have hit hard times or a business partner who wants to take what they can and split. Insider threats include:
- An employee selling information to the competition for financial gain
- A business partner being blackmailed by another organization
- A contractor giving information to your competition out of spite
Insiders and outsiders often work together
Whether an outsider wages a spear phishing attack to compromise your organization’s leadership or your competition sends someone in to pose as a new employee in order to gain access, there is often collaboration between the inside and outside of an organization. This can include:
- Phishing attacks that target a CEO
- Planting an employee or contractor by the competition
- Using malware carried in on a USB drive to compromise systems
How can you prevent these attacks?
Training your employees in good security hygiene is the most important step you can take in securing your company’s data, but that won’t prevent all attacks. Companies should be vigilant about keeping up with the latest trends of cyber attacks so they are aware of where the threats are coming from. Basic security measures include:
- Strong passwords
- Segmented networks
- Encryption of sensitive data
Even if you don’t think there is anything worth stealing from your organization, chances are you are still under attack. Hackers are opportunists, lying in wait for the perfect time to strike. So maybe you haven’t released any info on that new development you will be announcing next spring, but hackers could already be monitoring your activity. An ounce of prevention is worth a pound of cure, as the old saying goes, so why not do a little security checkup anyway?
It’s also important to have a plan in place in case of an attack. Do you have a way to reach customers if they are affected? Do you plan to fix the problem before making an announcement? Having these details hammered out beforehand can really simplify your response in a crisis.
You’ll have to be sure your organization has policies and training in place to prevent data breaches before they get through. This includes:
- Training employees on security hygiene
- Having a policy about BYOD (bring your own device)
- Segment your WiFi network so employees who want to use it for their BYO devices can without compromising the rest of the network
- Use multi-level access authorizations, only allowing those who need it access to the most sensitive information in your organization
- Monitor your network for anything out of the ordinary
- Use encryption to protect the most sensitive data
Information security begins at (your) home (network)
Rather than just installing antivirus software, crossing your fingers, and hoping for the best, take a more proactive approach to securing your company’s data. You may not think there’s a threat, but already someone is trying to get in.
Stock image from Shutterstock.