Slasher flicks. Supernatural encounters. Halloween baking challenges. There’s enough spookiness on TV leading up to Halloween to keep you from sleeping for a week. But they don’t even come close to the real-world damage that can be inflicted by a single hacker who gains access to your company’s network.
In addition to being the creepiest, scariest month of the year, October also happens to be National Cybersecurity Month. We hope these terrifying tales of sinister cybersecurity threats are enough to motivate you to ramp up your security efforts.
Falling for Phantom Phishers
Here’s a chilling statistic – more than nine in 10 data breaches can be traced back to phishing emails. These phantom threats lurk in the depths of emails in the form of malicious links and harmful attachments.
Phishing emails are cleverly costumed as legitimate communication from financial institutions, the IRS, software providers, or even your boss. They request private information, such as bank account numbers, social security numbers, customer data, and login credentials.
Although phishing scams have existed almost as long as email, attackers have become more sinister and sophisticated, using social engineering and realistic graphics and content to trick users. Phishing could involve an offer of a financial award, a threat of punishment for failing to engage, or a claim that someone you know needs help.
The emergence of the cloud has led to an emergence of attacks that target cloud-based productivity apps such as Microsoft Office 365 and G Suite. For example, the massive Gmail data breach of 2017 was caused by a phishing attack that exploited a vulnerability in Google’s OAuth protocol. Emails that appeared legitimate requested permission to access the Gmail accounts of users.
The key to avoid falling for phantom phishers is to create a culture in which security is a shared responsibility by everyone in the organization, not just IT staff. This begins with ongoing security awareness training that includes engaging videos and interactive content.
Houses Haunted by Technology
If you hear voices or things that go bump in the night, there’s a good chance it’s not a ghost. But it could very well be a hacker haunting. Artificial intelligence (AI)-enabled smart devices in the home, from smart thermostats to voice assistants to video cameras, are being targeted by criminals. The apps used to control these devices, and the devices themselves, can be hacked.
Warning: this is downright creepy.
A Wisconsin family was terrorized by a hacker who would increase the thermostat to 90 degrees and actually spoke to the family through their security camera. Early versions of smart devices weren’t built with baked-in security, making them vulnerable to hacking. However, even cameras on the latest laptops can be hacked by criminals who then spy on you and threaten to release the footage if you don’t pay up. Fortunately, there are a number of ways to determine if your camera has been hacked.
Amazon pays thousands of employees to listen to voice recordings from Amazon Echo devices. Amazon claims these reviews are intended to deliver more accurate results to its customers. Most voice assistants have privacy controls, but they typically listen and record by default, and most users don’t bother to change the settings.
Here are helpful tips to help you make your home a digital safe haven by protecting your networks, devices, and online activity.
A Grim Reality
More and more small and medium businesses (SMBs) have been victimized by hackers in recent years. Although the sensitive data held by smaller companies might not be as valuable as a large enterprise’s data, SMBs offer the path of least resistance for these vampires because cybersecurity defenses are typically weak. In fact, the National Cyber Security Alliance reports that 70 percent of attacks now target SMBs.
Even scarier, according to insurance carrier Hiscox, digital incidents now cost small businesses $200,000 on average, and 60% going out of business within six months of being victimized. “The frequency with which these attacks are happening is also increasing, with more than half of all small businesses having suffered a breach within the last year and 4 in 10 having experienced multiple incidents”, reveals Hiscox. The Ponemon Institute 2019 Cost of a Data Breach Report states the average cost of a compromised data record is $150, the average breach involves 25,575 records, and the average total cost is a staggering $3.92 million. This could very well be the death blow for the average SMB.
It’s not an exaggeration to say a hacker is like the grim reaper who snuck inside and leaves you for dead since most digital threats go un-detected for an average of 101 days!!
To avoid falling prey to predators of the cyber underworld, SMBs need to beef up security defenses. Implement and test a routine backup process. Automate security software updates and patching. Use two-factor authentication and strong passwords to make it more difficult for hackers to access your network with stolen credentials. Use a high-quality endpoint protection solution to secure your devices.
Lastly, recognize that humans are often the first and weakest line of defense. Train your employees to spot and report threats and use technology responsibly.
Ultimately, security is a choice. Don’t let your organization to be as vulnerable as teenage camp counselors being stalked by a hulking hacker in a hockey mask. Start taking steps today to make your organization less susceptible to attack.
Take the treat, not the trick….Happy Halloween!