October is Cybersecurity Awareness month and this year’s theme is “Do Your Part to #BeCyberSmart”. Both individuals and organizations can help in protecting their part of cyberspace. Here are five security trends to watch out for:
Cybersecurity Trends for Home Users and Consumers:
1. Attacks against smart home products are increasing
We will see more discovered vulnerabilities in, and attacks against “smart home” products, such as smart speakers, security systems, and cameras. Any time we see widespread deployment of technology that is in the relatively early stages of maturity, we expect that attackers will pay attention and work to discover ways to circumvent security functions of these devices. In the last few months we’ve seen lasers used to surreptitiously command smart speakers, attackers remotely compromise smart home devices, and the inadvertent disclosure of PII from smart camera owners by the camera’s vendor. Expect attackers to look for, find, and exploit ways to control, obtain sensitive data from, and disrupt these devices.
What you can do today:
Make sure you’ve hardened your smart home devices. Change factory passwords after you install them, restrict the activities they can perform without identity validation, and regularly review the “connected apps” they use.
2. An influx of noise on social media
Because of the 2020 presidential election, we expect that social influence operations will substantially escalate from foreign states that have an interest in our country’s politics. This will include social media “news” posts, activity programmatically generated by computer-controlled (or “bot”) accounts, and an uptick in spam e-mail and robocalls to your phone. There’s also the possibility that attackers will target our voting machines. Stanford University’s Cyber Policy Center published an excellent paper on the risks and some countermeasures and controls to ensure our elections are conducted with integrity and security.
What you can do today:
Be cautious with blindly trusting any material you read from your browser or smartphone. Make sure you’re getting your news from vetted sources that are known to publish content of substance based on careful investigation and thorough research. Contact your state and local boards of elections and tell them you expect the voting process to be secure, transparent, and free from any interference, and ask what is being done to ensure this happens.
Cybersecurity Trends for Businesses:
3. Ransomware incidents will continue to shift from opportunistic to targeted attacks
Opportunistic attacks—those that aren’t focused on a specific individual or organization, but instead sent broadly to the public Internet—are certainly still going to happen, but we are seeing more and more ransomware incidents that are deliberate in nature, with a focused effort on a specific organization (say, the City of Baltimore or New Orleans). Attackers will build phishing and social engineering campaigns designed to exploit human weaknesses, as well as find exposed infrastructure with technical weaknesses and misconfiguration that will allow them a presence on the network. They will use this presence to install ransomware on key systems, attempting to impact the organization’s operations sufficiently to encourage payment.
4. Business e-mail compromise attacks will continue
We also expect to see “business e-mail compromise” attacks continue, as attackers conduct similar focused campaigns to obtain access to trusted e-mail accounts, and use that access to trick employees into providing cash, gift cards, funds transfers, or financial information. It is by far the most common successful “cyber” attack we see in our customer environments, one that’s trivial for an attacker to perform with commoditized tools and methodologies, and susceptible users at nearly every business.
What you can do today:
Begin a comprehensive security awareness training effort, intended to teach users to spot and report these attacks. Inform every employee that their managers and leadership aren’t going to ask them to take pictures of gift cards and text them back, so those requests can be safely ignored! Review your security controls posture to ensure you have sufficient defense against these threats.
5. Improvements in attacker capability
Attackers will focus research efforts on credential theft, bypass of so-called “next-generation” endpoint protection solutions, and defeating multi-factor authentication. We can expect to see new standalone tools, shared code, and malware kits that leverage these advances.
What you can do today:
Ensure your risk management efforts include staying current with modern threats, including those that compromise the effectiveness of the controls you’ve deployed. Continue to monitor the threat landscape, the output from vendors that provide these solutions, and at least annually review your control set to ensure it aligns with the risks you’ve identified.
Simply, for both home users and enterprise users, if your organization allows you to patch manually, do it! It’s a great idea to keep your personal machines and work equipment up to date with the latest patching and recommended configurations. For Microsoft Windows, you can check for security updates regularly from the 2nd Tuesday of every month (some critical out-of-band patches may be available between cycles). Click Here to learn more.
For company-controlled equipment, it’s a good idea to push your infrastructure and security team to allow remote patching over the internet and not just over VPN.
Conclusion:
Hopefully, this information has helped you understand some of the new challenges we are facing in 2020 with many new technologies and working remotely. This is a great experiment to question our teams to make sure we are collaborating not only for business topics, but also for cybersecurity topics for both our families and co-workers.
Do you have any questions about cybersecurity? You can reach out to our experts at 777-6027. Click Here to learn more about CBTS and Hawaiian Telcom Business Services.
# # #