By Adnan Olia, Chief Operating Officer and Co-owner of Intradyn
It’s no secret that cybersecurity attacks and cyber warfares are real challenges and threats to the safety of individuals, businesses, organizations — and especially the government. Personal and professional data, including passwords, credit card, and bank account information, and Social Security numbers can be vulnerable. Plus, it can take months — even years — to recover from cyberattacks and cases of identity theft. According to CNBC, cyberattacks cost businesses of all sizes an average of $200,000, and “60% go out of business within six months of being victimized.”
A professor of business technology predicted in a recent Forbes article that cyberattacks will be more prevalent in 2020 “because it’s the cheapest, easiest, fastest, and most effective form of warfare we’ve ever seen, and because cyberwarfare defenses are more vulnerable than they’ve ever been.”
But what is cyber warfare, exactly? The RAND Corporation defines the term as “the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.”
There are many types of attacks and warfare, including phishing, ransomware, and mobile- and cloud-based attacks. We’ll outline some of the most common and offer solutions to help you take the necessary precautions and steps toward securing your data and private information.
What Are the Different Types of Threats?
The U.S. Securities and Exchange Commission defines phishing as “the use of fraudulent emails and copy-cat websites to trick you into revealing valuable personal information — such as account numbers for banking, securities, mortgage, or credit accounts, your Social Security numbers, and the login IDs and passwords you use when accessing online financial services providers.”
The goal, of course, is to use your personal information to steal your money and/or your identity. Phishing also targets short message service (text messages) — and there’s also the possibility of “spearfishing by video,” which allows hackers to “leverage new tools such as ‘deep fake’ technology to look and sound like a trusted person (e.g., a Facetime with an attacker posing as a CEO).”
An article about 2020 cybersecurity predictions from SC Media predicts that “company microtargeting with industry-specific tools will rise.” It’s more important than ever that organizations have the proper controls in place to educate their employees and detect these kinds of threats.
The Department of Homeland Security defines ransomware as “a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.”
According to a recent Forbes article, business ransomware attacks were on the rise in the first quarter of 2019, and the trend is expected to continue in 2020 because “as the FBI softens its stance on businesses paying ransoms, the number of ‘successful’ ransomware attacks (i.e. those in which the ransom is paid) will double, with total losses of all reported attacks increased significantly.”
The Pew Research Center estimates that more than 5 billion people around the globe have mobile devices (over half of which are smartphones), and according to HubSpot, 52% of web traffic around the world is mobile.
With so much widespread cell phone ownership and use, it’s no wonder that hackers are threatening mobile devices. According to Lookout, “traditional secure email gateways block potential phishing emails and malicious URLs, which works for protecting corporate email from account takeover attacks, but neglects mobile attack vectors, including personal email, social networking, and other mobile-centric messaging platforms such as secure messaging apps and SMS/MMS.”
It’s also worth noting that with every new piece of technology (such as the latest smartphone model) comes security challenges. For example, the debut of 5G means new problems with malware aiming to take advantage of the security features, according to AVG.
According to Threatpost, “as more corporate infrastructure moves to the cloud, so will the focus of criminals.” This means that while conducting an attack will be more of a challenge, attacks may become more sophisticated and more common.
Businesses and organizations are also more confident when it comes to the cloud. But confidence doesn’t always translate to tighter security measures. According to Forbes, “60% of organizations don’t understand the shared responsibility model when it comes to who secures workloads in the cloud. This will create a false sense of security in cloud security providers by their customers, as the latter are responsible for securing privileged access to their cloud administration accounts and workloads.”
Artificial Intelligence and Voice Phishing
As technology becomes more advanced, so do the types of cyberattacks. For example, “deepfake technology” can be used to exploit people in scams. According to MSNBC, the term deepfake refers to instances where creators have produced digital content by manipulating images, voices, images — and even create fake videos that look real. In one instance, according to Forbes, a CEO gave up $243,000 due to a deepfake scam.
An article about 2020 cybersecurity predictions in SC Magazine asserts that “voice phishing will become the new phishing bait.” In other words, it’s now easier than ever for scammers to sound like someone else. High-level people such as executives and politicians are expected to face heightened risk with advanced deepfake technology. Those scammers can then leave voicemails (or speak directly with callers) asking for donations or for personal information.
How to Protect Yourself: Solutions & Tips
There are many ways to protect yourself — and your business or organization — from cyberattacks and cyberwarfare. The Department of Homeland Security (DHS) is a good place to start and provides the following tips:
- Maintain up-to-date software and operating systems
- Ensure that your passwords are strong
- Remain vigilant and watch out for suspicious activity
- Do not click on links or open emails if you’re unsure
- Do not provide personal information
- Use secure internet connections
- Back up your folders and files
- Protect your home and/or business network
Protecting your email is especially important. Investing in a good email archiving solution can also help you mitigate a potential attack by offering backup and disaster recovery options.
It’s also important to be aware of the types of email messages you’re receiving. Poor spelling and grammar, mismatched URLs, messages asking for personal information, and notes where you didn’t initiate the action are just some examples of signs of a possible phishing attack.
Even though DHS recommends using two methods of verification, many other resources recommend multi-factor authentication. This means that a computer (or mobile device) will only grant you access after you present at least two pieces of “evidence” that only you would know or have access to.
“Evidence” includes information such as passwords and PIN numbers or physical characteristics such as (fingerprint, voice recognition, etc.) The authentication could also be a physical item, such as a security token.
Many organizations are also adopting Disaster Recovery-as-a-Service (DRaaS), which is “defined as providing a remotely hosted disaster recovery service to protect a business’s data and applications,” according to Carbonite.
With the sheer volume and variety of cyberattacks and warfare targeting individuals and organizations, it’s more important than ever to take the appropriate precautions to insure that personal information and data remain secure and safe.
About the Author
Adnan Olia, Chief Operating Officer and Co-owner of Intradyn