The ever-growing threat of cyber attack
Cyber security has been a focus since the dawn of the internet, especially so since the dot-com boom in the late 90s, but never has cyber crime been so prevalent as it is today. We depend so heavily on the internet and technology in both our professional and personal lives and cyber criminals are exploiting our dependence more and more each year.
Cyber criminals are getting more sophisticated by the day, and whilst there’s no way to predict the exact cost cyber crime will cause to businesses and individuals, the projected cost of global cybercrime by 2025 is £8.6 trillion – greater than the GDP of Kosovo, and that of 59 other countries!
So what are the top cyber security issues you should be looking out for going into 2024? And how can you avoid your company’s finances becoming a part of this statistic?
Criminals prey on a lack of user training and awareness
You are the weakest link, goodbye! Whilst we’re not singling you out individually, the user is generally considered the weakest link when it comes to cyber crime; a lack of user training and awareness is a common determining factor when looking at the elements of an effective cyber attack.
Many social engineering attacks utilise phishing to gain the information they want, very often via email. Email is a common attack vector because businesses depend on it every single day, which criminals are well aware of.
When checking your emails, always keep your wits about you, and if you see something that looks malicious, think twice and verify the request before acting hastily. Criminals want your unthinking obedience to their request and often we are so busy in our professional lives that we forget to slow down and think things through; criminals catch us out when we are just going through the motions.
Security awareness training asks users to do just that – slow down. It’s crucial to recognise the signs of being scammed, how to notice when people are trying to phish for your data and when an email comes from a well-disguised source. Regular training teaches your staff the fundamentals, helps it become second nature and keeps your staff informed of recent changes and developments.
Security always comes at the cost of convenience, but we should all be operating with a security first mindset.
The pandemic forced a large percentage of us to start working from home almost overnight. Whilst we’re now mostly out the other side of the pandemic, remote and hybrid working is here to stay. But working from home poses risks that you might not have considered or have overlooked…
First and foremost, it’s unlikely that your home office is set up in the same way your company office is. That probably means no dedicated firewalls, less secure routers and a tendency to opt for convenience over security when there’s nobody watching you. When the sudden shift to remote working occurred, a lot of businesses didn’t take all of the necessary security precautions, to ensure processes could keep running smoothly – many of these companies still won’t have taken the necessary precautions for those continuing to work from home. Whilst they may not have experienced any issues thus far, it’s infinitely better (and cheaper) to take a preventative approach than a reactionary one.
Work today is about anytime, anywhere, any device. This means using personal devices to complete some professional tasks outside of the office is very much the norm. Whether it’s using public WiFi on a train or in a coffee shop, using your phone as your MFA device or to use Teams and Outlook, or having poor home network security, it’s near impossible to avoid the blurred line between personal and professional. Recently, a Scottish MP blamed an £11,000 data roaming charge on his sons watching football whilst on holiday, all on his parliamentary iPad containing confidential information. Not only was he unaware of the charges, it seems he was also unaware of the countless risks!
Because you cannot avoid these blurred lines, you must do more to manage them. Greater productivity has a greater cost of security. If you neglect your security responsibilities, your business might end up with a damaging surprise more costly than £11,000 of unexpected work expenses.
Above the cloud, below the surface
Another cyber security risk likely to affect your business is vulnerabilities in the cloud. Whilst this doesn’t relate to a sudden downpour, it can certainly lead to a rainy day for your business. The cloud has been around for a long time, but our move to the home office has caused a sharp uptick in businesses moving to a cloud environment for a better remote experience. However, this rapid adoption of the cloud has meant some businesses have left themselves vulnerable to attack.
Verizon found that over 90% of 29,000 breaches in their 2021 Data Breach Investigations report were caused by web app breaches (software such as Microsoft’s Office 365), highlighting the need to set your cloud environment up correctly and ensure it’s adequately protected with technical defences and user training.
A system that many businesses have adopted recently is ‘Zero Trust’. Don’t trust anybody and allow your staff only the minimum access they need. In practice, this means: locking all passwords away, making SharePoint files accessible only to a chosen few, never allowing users to ‘stay signed in’ or have their password remembered, requiring MFA prompts frequently, and more. This doesn’t mean you don’t trust your users, it just means you’re operating with a security first mindset. Even if a hacker gets into your system, they are then presented with many more hurdles to vault, locking them out of the rest of your network and giving you more time to catch and investigate the breach.
Keep your friends close; keep your iPhone closer.
It’s difficult to imagine an environment harder to apply Zero Trust to than the mobile phone. For a start, everything is designed to encourage sharing and ease of use. It seems so easy and natural to login to sites with work credentials and habitually tap “remember password”. Or copy and paste that email or file somewhere else, perhaps amongst your personal files. Or forward that confidential email to the wrong contact as you are walking to your meeting. Or lose the device and your secure login on a night out when your guard is lowered.
A friend of mine thought she lost her phone one night, only to be woken up the next day by her dad banging on the door, worried about why she was sending disturbing messages to him. But she wasn’t – a thief was. She hadn’t lost her phone, it had been stolen, and her passcode along with it. Imagine if those messages had gone to her boss, or even her clients?
Applying Zero Trust, making security manageable and separating the professional and the personal are becoming ever more complex. See our recent writing about mobile phone fraud and the dangers for individuals and organisations for an example, and learn how you can start to share responsibility.
Protecting yourself from cyber crime
To protect from cyber security threats that will likely face your business in 2024, you need to stay ahead of them by putting defences in place now or strengthening your existing cyber security. Lock down your passwords, protect your devices – particularly those skirting the blurred lines, make sure all of your systems are configured correctly, encourage a security first mindset in your staff and train them to be more vigilant in the face of cyber crime.
If you need help with any of the issues raised in this article and want to get ahead of 2024's biggest cyber security threats, get in touch now.