Cybersecurity Network
November 24, 2022Project Management In Managed IT
November 24, 2022As your company grows in size and reputation your chances of being the victim of a cyber attack increases. That is why you need to start thinking of the best ways to go about protecting your business. It is important to know what types of dangers your company is at risk from and how to prevent a cyber attack before it happens. This video will explain some of the main cybersecurity threats and how to safeguard against them.
What Is A Cyber Posture?
A cyber posture, also called a security posture or cybersecurity posture, refers to a company’s ability to assess and protect against cyber threats such as hacking, data theft, or end user error. There are several areas of focus for an organization to begin to improve their cyber posture, including:
Administrative tasks like policies, procedures, documentation, and insurance
End user tasks like training and testing
Assessing the security of mobile devices used by employees
Assessing the security of computers used by employees
Assessing what data is revealed to contractors and third parties
Assessing the security of the networks used by the company
Assessing the security of cloud and on premises applications
It is important to assess your organization’s security processes and attitudes in each department, while also being aware of your organization’s size and industry. Research has shown that departments like customer service, legal, sales, and distribution are more likely to have a poorer awareness of security best practices, while departments like IT, marketing, human resources, and management are more likely to have a greater understanding. It has also been shown that the smaller an organization’s size, the more likely they are to have a poor cyber posture and that some industries are less prepared for a cyber attack such as retail, agriculture, education, and construction. You can read more details of that study here, https://www.securitysystemsnews.com/article/new-study-links-employee-sentiment-to-security-posture.
Cybersecurity has grown vitally important since 2020, as there has been a dramatic increase in cyber attacks since that time. In fact, a 2019 study by RiskIQ reported that cyber attacks cost companies $2.9 million every minute (source). Another recent study by Insight and IDG has shown that 78% of Executives lack confidence in their company’s cybersecurity posture, prompting 91% of companies to increase their 2021 security budgets (source). Below, we will list several types of threats that are common in today’s cyber landscape to increase your awareness of the threats that may target your business.
End User Risks
An end user is a person or organization that consumes or uses the goods or services produced by businesses. In this way, an end user may differ from a customer, since the person or organization that buys a product or service may not be the one that actually uses it.
End users introduce 90% of the risks into IT environments. End users introduce security vulnerabilities every day by falling victim to phishing scams, social engineering ploys, user error, and accidentally leaking confidential information through email and file sharing. For example, you could have just purchased a product that you were very happy with and wanted to post on social media about it. That person then receives an email from who they believe to be the CEO of the company you just happily bought from and would like further information for a survey they are doing or something along those lines, and just like that you’ve become a victim of a phishing attack and put your company at risk along the way.
Keep yourself and your business safe from these types of attacks with employee education on security. It’s fine to click on links when you’re on trusted sites, however, clicking on links that appear in random emails and instant messages isn’t such a smart move.
Another important tip is to train employees to hover over links before clicking on them. Do they lead where they are supposed to lead? A phishing email may claim to be from a legitimate company, but when you click on a link it will take you to a website that looks exactly like the real website, but the URL will be different. For example, the real password reset link for Facebook is https://www.facebook.com/login/identify/?ctx=recover&ars=facebook_login, however, a scammer may create their own similar page, but with a different URL, such as tacebook.com (notice the F has been replaced with a T?). When in doubt, go directly to the source rather than clicking a potentially dangerous link.
Cloud Threat Vectors
The cloud has been around for many years now and is no longer considered an emerging technology, but it’s certainly an area where you want to focus on security. Sometimes, the biggest threats to an organization’s cloud security are internal. Insider threats are usually seen as more hazardous than outsider threats as they can take several months or years to identify.
The attackers are usually individuals with legitimate access to an organization’s cloud systems. Whether they happen intentionally or maliciously, insider threats will cause a lot of harm to your cloud system. Therefore, it is essential to detect, investigate and respond to them as fast as possible.