<img src="https://secure.leadforensics.com/71120.png" style="display:none;">

Kalki Blog

Header_about.png

Biggest Cyber Security Threats of 2016

Posted by Stacy Willis on Dec 18, 2015 11:01:32 AM

my-world-1183831.jpgAre you prepared for 2016? Find out the biggest threats facing individuals and businesses from cybersecurity professionals. As security consultants we see the problems that face businesses every day and as educators we want to help individuals improve their cyber practices and protect themselves!

The Human Factor

We've talked about this one plenty of times before: while technology may be the medium over which cyber security attacks are carried out, they heavily rely on humans to make mistakes in order to be successful. The biggest threat here is lack of education on both a personal and professional level. Individuals should know how to protect their own identity and companies need to educate their staff to protect their business.

How to combat the threat:

  • Educate yourself: our blog regularly publishes information to help you protect yourself, subscribe to updates (on the right of this screen) to stay on top of new threats and get tips. For example, check out our Facebook Security Guide or Email Security Tips to educate yourself on some of the basics.
  • Educate your staff: if you're looking to protect your business, one of the most important steps is educating your staff. A chain is only as strong as it's weakest link and each employee is a potential weak link. All the technology in the world won't protect you if your employees are willing to give out sensitive information or credentials.

Zero Day Attacks

Zero Day Attacks are the type of cyber security attacks that happen once a flaw or vulnerability is exposed in an application or device. Let's use an example to illustrate: Windows typically releases updates once per month. On the day they release these updates, Microsoft releases a security bulletin explaining what is being fixed - essentially telling anyone who wants to know what the flaws are with the previous version of Windows. This information is designed to help potential victims say safe by alerting them to problems. Unfortunately, at the same time, this information provides an easy-to-follow roadmap for attackers to target anyone who has the old version with the flaw. This is why it is so very important to update applications and devices when ASAP and why we have our free service to help. These attacks are called "zero day" because you essentially have zero days from the day of notification to fix the problem.

How to combat the threat:

Ransomware

The best known ransomware is the famous Cryptolocker virus. Essentially what ransomware does is get into your system and translate a bunch of your files into a format that you can't read (most commonly through encryption). This essentially renders your files unusable to you. The attacker will then send a "ransom note" requiring that you pay in order to have your files back.

How to combat the threat:

Destructive Malware

Malware as a category of cyber security attacks is pretty broad. Destructive malware has a specific goal of destroying things. This means destroying files on your computer or, in the case of a business, stopping work from being done.

How to combat the threat:

  • Same as above - Ransomware is just one type of malware. Avoidance practices and procedures work across all types, so reuse the tips above.

Malicious Insiders

This entry is specific to threats faced by businesses rather than individuals and attacks of this type come from within the company. A malicious insider is an employee who is explicitly trying to steal or release sensitive information. This commonly happens in the period between when the employee decides to leave and when they actually leave (in cases where leaving is voluntary). Another issue that often arises is with employees who have already left the company but still know credentials to access company information.

How to combat the threat:

  • Make sure you have processes in place for removing access once an employee leaves the company.
  • Get your information security policies written, your employees educated about them and make sure they are aware of the consequences facing malicious insiders.

ATM Attacks

There are a few ways ATMs are targeted for fraud, but the end goal is always the same - to steal the information that allows access to your bank account. Some attackers use small cameras to record images of card numbers and videos pin numbers as people enter them. ATM skimmers are devices designed to look just like the slot where you dip your card at the ATM and are used to record card numbers and information. Attackers will physically alter the ATM so you will dip your card in their skimmer rather than the real ATM reader.

How to combat the threat:

  • The easiest way for individuals to protect themselves is simply to cover the keypad with your other hand when you enter your PIN. Also, if the keyboard of the ATM looks different than normal, do not use that ATM. If you think your card or PIN has been compromised, call your bank and change it immediately. Make sure to check your bank statements regularly and look for any strange activity and in case of unusual patterns of transactions, inform your bank immediately.
  • Banks and credit unions should implement fraud monitoring technology to catch problems with accounts and ATMs before the damage caused is too great.

3rd Parties or Vendors

This is another threat specific to businesses rather than individuals. This is how the famous Target breach happened. The attackers came in through a smaller vendor that worked with Target. The breach highlighted the need for all businesses to have Vendor Risk Management processes in place. These processes help your business do the due diligence on vendors before selecting and then stay on top of their information security practices as you work with them.

How to combat the threat:

Incident Response Resources

This is another risk that is specific to the business world. We are in the age of "it's not a matter of if, it's when" you're going to get hit by a cyber incident. Getting prepared to respond is the first step in being able to successfully respond. The biggest risk here is having the resources in-house with the technical knowledge and experience to respond to these kind of events. Having someone on staff full time with that knowledge may not be feasible - especially if they aren't needed much when there's not an incident currently happening. So how can businesses be ready to respond without breaking the bank by having experienced, expensive resources on the bench waiting.

How to combat the threat:

  • Use an outsourced expert. Outsourcing CISO duties can provide the risk management and technical expertise a business needs to respond to incidents at a fraction of the cost of hiring in-house staff. Outsourced professionals are there when you need them so you're not paying for full-time resources year round. You get all of the expertise at significantly reduced cost.
New Call-to-action