Cyber criminals don't sit still. While IT professionals develop defenses for recent attacks, criminals develop new ways to attack. Businesses can't just install security software, train employees, and then relax. It is vital for IT professionals to keep up with cyber security trends to avoid increasingly sophisticated assaults.
Watch for Spear Phishing
Spear phishing is a twist on phishing. This is a highly targeted email that appears to be from a person or company the recipient knows. Spear fishing also tends to target specific people and companies. The purpose of such emails is to persuade someone to give out sensitive information. Because a person may trust the apparent source, giving out account numbers, usernames, and even passwords may not seem dangerous.
The best defense is employee training. No legitimate request ever asks for passwords or other access information. The problem is that many spear-phishing emails do not directly ask for this information, but instead direct the recipient to a site where such information "must" be provided on a form. IT professionals should encourage a campaign to make employees aware of spear phishing.
Get Ready for Ransomware
Ransomware usually gets into computers when someone clicks a link in a phishing email. The link installs software that encrypts important documents.
The FBI's solution? Pay the ransom. The best IT solution is to back up documents. Backup in the cloud is safest because ransomware can't access it. However, backing up documents on a server with a strong firewall can also prevent ransomware from encrypting important data.
Scan for Altered Data
Criminals may not be hacking into companies to steal data. They may simply alter it, and the company often does not find the data change for years. Criminals can profit by charging to fix it or by using the altered data to manipulate markets.
IT professionals can implement data integrity checks and backup data in a separate network or in the cloud.
Limit Wearable Technology Access
Watches, fitness devices, and other wearable technology can provide access points for hackers. Many wearable tech items store emails and personal information, and have direct access to laptops and computers. If important information is stored on any of these devices, hackers can use it to hack into the person's place of employment.
Secure networks by requiring user names and passwords, thus preventing continuous access from remote equipment. This will prevent wearable tech devices from accessing information without credentials.
Find Social Media Data Leaks
Hackers scan social media for accounts that provide too much private information. This can include place of employment, addresses, names of supervisors, and even screen shots of documents. Companies with excellent security can still be hacked because employees shared too much on line.
The IT solution for this is threefold: 1) Provide training to make employees aware of the dangers of posting company information, 2) encrypt documents, and 3) trace attempted attacks to specific social media accounts to remove the information.
Prepare for Malware in the Cloud
Companies that do computing in the cloud will begin to encounter cloud malware. This malware can interrupt computing, compromise data, destroy IT infrastructure, and render apps useless.
Here the solution is the opposite of the usual: back up cloud data on servers or other storage devices on premises at the company or organization.
Monitor Online Payments
Companies that use online payment systems will encounter increased risks of cyber criminals stealing information. Hackers typically will focus on the customer who has less sophisticated security. Customer credentials can be used to access company payment departments.
Savvy IT security departments can place firewalls between customer payment accounts and company payroll and financial data.
Stop Threats from Employee Home Computers
Companies increasingly have improved cyber security. For that reason, hackers attack employee home computers to find vital information, documents, and passwords that can give them access to the business.
Make sure employees only have access to the information they need to do their jobs, not system-wide access. In addition, you can monitor login occurrences from remote computers to identify any attempts to access privileged information. Finally, inform employees about security software they can use at home and encourage them to require a password for their home Wi-Fi access.
Even approved, "safe" sites may be carrying ads placed by hackers. These ads can contain malware. Any interaction with those ads can introduce malware into the user's computer.
The best solution is to prohibit clicking on advertisements on any site, even if it is a site approved by the company. Also, ask employees to report mishaps immediately. If an employee clicks on an advertisement, that employee should report the error quickly.
Cyber threats are never routine, as cyber criminals continue to evolve their methods in an attempt to stay ahead of security systems. The strongest defense is continuous study of the field and awareness of new defenses.