“The future depends on what you do today.” ― Mahatma Gandhi
By Sasha Kranjac
Cyber Security Fear of Today I trust respected cloud vendors. After all, why shouldn’t I? They spend billions on security every year to keep your emails and pictures safe, to keep you loyal and smiling. Oh, and you give them money for that, of course. Have you ever seen how an Amazon or Microsoft datacentre is secured? You could not go in there even with a tank. Your local police office, on the other hand, does not have billions to spend on security and you would not need a tank to go in there. They don’t have your emails or summer vacation pictures, but have access to other things, like social security numbers, passports, and all additional juicy data.
Why would you entrust your data to police and would not to cloud vendors? The biggest problem is not the cloud or some other type of “permanent” storage. The problem lies where the data is used and stored “temporarily”, like mobile devices (smartphones, tablets, laptops). Mobile devices are part of our lives now and not going away any soon. The business-personal edge in mobiles is blurry and slowly fading away. More than 85% of employees use their own smartphones at work while more than 65% of employees use company devices for their personal matters. Accordingly, mobile-related Cyber Crime will continue to rise, becoming a serious risk for users and businesses. Weak and insecure mobile access, device theft or loss and mobile malware are just some of the risks and a flip side of mobile devices’ obvious benefits.
Another serious threat that will grow exponentially is Cyber-Extortionists or Ransomware. The biggest danger is in the evolving variants of ransomware not yet known, soon-to-be or just written and evidently undetectable. Do not be afraid of paying and losing a couple of thousands – be very afraid of not getting your crucial business data back even if you pay. A living, evolving, comprehensive, Cyber Security Business Policy should include a mandatory mobile device management solution and a proper backup solution. Protecting your business resources with multi-factor authentication and rights management solutions might save you from additional headaches. After you have written the Policy, do not let it rest on paper. Make it alive and implement the solutions that will protect and save your data and business. Do not forget that everything is connected: a single device problem can become a company problem in a matter of seconds. However, beware; the real threat is not where you might expect. All Cyber Crime/Security accidents have one common denominator – people.
Cyber Security Fear of Tomorrow
Businesses of all shapes and sizes have always been attractive to cyber crooks – that’s where the money is, right? Big companies have deep and huge pockets, a lot to steal from, making them inviting as primary targets. The other side of the medal shows big companies have big, fat defenses as well, requiring more time, more resources and more competition to “borrow” data or money. Why try to catch one of the ten elephants in a forest, competing with numerous other predators if it is easier and faster to catch ten chickens in a brood of a million? Cyber-attacks on small businesses are on the rise for several reasons, one of which is because their protection is weaker. A single fraud might not bring much, but doing it multiple times brings more loot at the end. No need for years of planning to bring the plan into action.
The other reason is not so obvious but it is even more significant. Small businesses are often a secondary target and serve as a gateway to the attacker’s primary target: bigger companies. Remember the end of the year 2013 when retail giant Target was hit and suffered an enormous data breach? More than 65 million individuals’ personal information was stolen, a breach result of a small business, working as Target’s HVAC contractor. In today’s inevitably meddlesome Cloud era, do not falsely push responsibility to the Cloud provider, ignoring and not accepting responsibility for your own data. Protecting data and behaving responsibly does not stop with the Cloud. Even the most sophisticated firewall or intrusion detection system cannot stop criminals if you don’t deal with the weakest link in the chain.
The protection of the data begins and ends with you – The User.
Call an IT company and they can consult and sell you the latest, state-of-the-art antivirus, intrusion detection/prevention or advanced persistent threat solution. You can listen to their platitudes about computer security for days. Your protection strength becomes proportional to the amount of cash you pour in their pockets. Most often than not, they fail to mention, consult on and sell you adequate education. The biggest concern for the businesses today is their employees. Unfortunately, this chain in the link is quite weak but, fortunately, easily strengthened. Employee education on security, raising awareness about Cyber Crime and consciousness about the threat landscape could bring businesses the biggest return on investment. Proper education throughout the entire company is the key to protect your data. Top-level employees like Senior Managers, Directors, and Executives dictate employee education while rarely educating themselves. Every individual should be educated, from top to bottom.
About The Author
Sasha is Security Specialist, Azure and Windows Internals Consultant and Senior Technical Trainer with almost two decades of experience in the field. He began programming in Assembler, met Windows NT 3.5 and the love exists since then. He has held various jobs and roles: teacher, system administrator, and engineer, IT manager, consultant, and IT trainer. Sasha delivers Microsoft, EC-Council, and bespoke courses worldwide. Among many others, he is a Microsoft Certified Trainer (MCT), Certified EC-Council Instructor (CEI) and is Microsoft MCT Regional Lead.
Sasha can be reached online on Twitter (@SasaKranjac) and at website http://www.sasakranjac.com/