[BreachExchange] Organizations Should Fear These 4 Cybersecurity Risks
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jun 28 21:02:16 EDT 2018
https://hackercombat.com/discussing-cyber-security-
risks-and-how-to-address-them/
For any organization looking to make a successful digital transformation,
cybersecurity must be a top priority—hard stop. Damages and data loss
related to cybercrime has now escalated to never-before-seen proportions,
and reports suggest the harmful effects of cybercrime will soon incur an
annual cost of around $6 trillion by 2021.
As a result, it has become increasingly important for organizations to take
sufficient steps in protecting their systems and the data they hold,
including their organizational as well as personal customer data.
Businesses of all size must maintain a keen awareness of how cybersecurity
is changing, how it can be applied, and most importantly how it can be
compromised if they hope to come out on top.
Let’s take a look at some of today’s most major cybersecurity risks and
think about ways to address them:
Risk One: No clear and comprehensive cybersecurity policy…
This is serious and not to be taken lightly. The absence of a cybersecurity
policy can have dire consequences for businesses and their clients. Without
the proper protocols and defensive measures in place, the entire
organization essentially becomes vulnerable to every variety of
cyberattack, even those that are not particularly well crafted. Remember,
cybercriminals are always on the lookout for organizations who exhibit
these vulnerabilities so they can target them without much effort. As a
result, organizations today must have a clear and comprehensive
cybersecuritypolicy in place, which has been implemented, maintained,
tested, and reviewed according to best practices.
Here are some practical ways to minimize risk:
Increase awareness among employees about cybersecurity threats and attacks.
Ensure proper threat response mechanisms are in place and understand how to
handle them.
Install firewalls, anti-malware solutions, and any other necessary security
software.
Maintain proper password management and restricted access to critical files
and folders.
Always identify all cybersecurity risks as promptly as possible and tackle
them immediately.
Be careful when remotely accessing data, understand the inherent risks
involved, and take precautions.
Implement a plan for secure data destruction of computer hardware.
Ensure there are no security lapses in core areas like the cloud, critical
infrastructure, application, networks, and the like.
Risk Two: No security of IoT devices…
IoT devices are everywhere. From homes to major corporations, IoT connects
people to their networks and offers convenience in most areas. However,
securing IoT devices is critical to organizational security. If this effort
is neglected, it’s highly likely a hacker will find entrance into
organizational networks using the vulnerable ports of these IoT devices.
For that reason, unsecured IoT poses a massive risk for anyone. Here’s how
it can be effectively tackled:
When buying any IoT device, always make sure it comes with robust, built-in
security features and has basic security features, including
password-changing features and regular security upgrades.
Change admin password immediately after purchasing and set a strong, unique
password.
Strengthen IoT security by closing up any loopholes that might lead to an
active threat.
Always turn off the IoT device when it’s not being used!
Risk Three: No weapon against cryptojacking…
The secret installation of cryptocurrency-mining malware onto systems or
networks using the existing password and the host computer’s CPU power—a
process now fondly known as “cryptojacking”—poses one of the biggest
cybersecurity risks of the modern age. These attacks not only seek to
generate cryptocurrency without authorization, they also affect an
organizations productivity level and overall operability. And
unfortunately, experts also suggest cryptojacking attacks on organizations
will likely become even more popular in the near future. But there are some
effective methods of protection:
Always be on the lookout for signs of cryptojacking, like slow system
performance.
Use network-monitoring solutions with AI power to detect cryptojacking
attacks by analyzing system/network data.
Continually monitor the web server for any kind of file changes.
Risk Four: No patch management to handle organizational threats…
Everyone knows that patch management is critical to a strong security
posture. But for it to be truly effective, it has to be fully complete and
without holes or neglected areas. For this reason, implementing automated
patch management, that handles the overall monitoring of the system without
manual input, is a great idea. This option keeps businesses updated on
threats, attacks, or vulnerabilities and offers the most current software
patches available. The automation supports all OSs, all software, and all
vendors, making it an invaluable solution for everyone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180628/ef0c72fc/attachment.html>
More information about the BreachExchange
mailing list