4 ways to fight back against the modern cyber attack

March 20, 20185 Minute Read

If you’ve seen “The Most Dangerous Town on the Internet—Where Cybercrime Goes to Hide” and think it has nothing to do with your life, you’re not giving the office security vulnerabilities all around you enough attention. Norton’s short documentary, “The Jester” talks about the evolution of the modern cyber attack and how the theatre of war has moved into cyberspace. Phishing attacks, malware, ransomware, data breaches, and spam dumps are accelerating around the world and posing a serious threat to businesses of all kinds.

The Jester is a famous grey-hat hacktivist who’s been called “the Batman of the internet.” This hacker vigilante is known for waging retaliatory attacks against enemies of North America, including Iran’s president and jihadists, and last year, he made headlines for breaking into Russia’s Foreign Ministry site and leaving a message for Putin. He’s one of many people journalist Heydon Prowse interviews in his quest to better understand the evolution of cybercrime.

In the video, Prowse focuses on bulletproof hosting and travels around the world to uncover the role it plays in facilitating and enabling criminal activity. Hackers need secure places to launch attacks from and store stolen data, like credit card information—which is why they use hosting providers that turn a blind eye to whatever they store. Most of the executives interviewed in the film deny responsibility for the content their companies host, but their denials have huge consequences for executives, employees, and customers alike.

Step carefully—the internet is a minefield

The 2017 Cyberthreat Defense Report from the CyberEdge Group found an alarming 79 percent of networks were breached by a cyber attack last year at least once. Companies ranging from Wendy’s, Bell Canada, and Sony to Ashley Madison and Nissan Canada Finance have fallen victim to high-profile, damaging, and embarrassing attacks they’re still recovering from, and the volume and severity of attacks is accelerating. The stakes can’t really get higher than a politically motivated hack that may have influenced the outcome of Brexit, the Swedish elections, and the US presidential election.

The internet is dangerous, to say the least, but companies must use it to conduct business today. As IBM Chairman, CEO, and President Ginni Rometty put it, cybercrime “is the greatest threat to every company in the world.” The evolution of cybercrime means you must treat digital security as a top priority, regardless of whether you sell cheeseburgers or business analytics software.

In short, the office is a veritable hotbed of places vulnerable to attack. If you want to protect your business against the evolving threat of cybercrime, here are four ways you can start building a better defence around your IT perimeter right away:

1. Pay attention to your printers

Printers are one of the most overlooked security vulnerabilities in the workplace. Hackers often seize on the lack of attention given to printer security relative to other devices and peripherals on the network. To many in IT, printers are “only printers” and labelled as low risk, but modern printers are networked devices, which means they can be targeted by sophisticated malware and accessed via a number of entry points, like a modem or wireless access point.

These are major risks—but not all hope is lost. Today’s advanced printing solutions can provide your business with printers that can defend your network instead of leaving it wide open. For instance, these printers can detect and prevent attacks in real time, and then after the fact, they can immediately begin to self-heal from the attacks automatically. Turning to these types of secure devices that monitor and stop threats almost completely on their own will keep you from having to spend another minute worrying about these cyber risks.

2. Keep your guard up against IoT devices

To cut down on energy consumption and costs, businesses are increasingly turning to IoT devices, such as smart thermostats, meters that save electricity, and sensors that shut off lighting and heating/air-conditioning when no one is in a room. The catch-22: Anything connected to the internet is hackable.

IoT devices are the latest and greatest targets in the world of hacking. It’s up to your IT team to start placing stricter access controls and device settings to better protect these devices from falling into the wrong hands. Don’t let hackers exploit these often overlooked endpoints.

3. Secure all mobile devices

It’s a mobile world out there, but the rise of the remote workforce and BYOD has resulted in additional security vulnerabilities.

How can you fight against such staggering odds? To start, if your business relies on a BYOD policy, build out that policy to be as comprehensive and inclusive as possible—and make sure it’s easy for your users to understand. Beyond that, it may be worth turning to a mobile device management solution to automate certain IT tasks related to device health and security.

4. Combat human error with education

All these points of vulnerability pale in comparison to human error. One shortcut, one absentminded click, and a company can be compromised. Even the most robust security protocols fail if employees are not following best practices or fall prey to scams. That said, it’s up to IT to spread security awareness throughout their organizations—with compelling cybersecurity training. Everyone’s sat through or hosted unbearably boring cybersecurity sessions, but with a little sprinkle of creativity, you can create a training that will truly stick with users, minimizing human error.

Ultimately, technology is just one pillar of good security, with people and processes serving as the other two pillars, and the evolution of cybercrime isn’t slowing down anytime soon. To better protect your business, you need to plug any and all security gaps, starting with the ones listed here, and ensure the entire workforce understands how to avoid the “dangerous towns” on the internet.

Gary Hilson October 31, 2018 4 Minute Read

5 ways to prepare for PIPEDA’s updates

PIPEDA's getting an update, and it looks a whole lot like GDPR. Here are five best practices that will help you stay compliant.

Stephanie Vozza October 29, 2018 4 Minute Read

Brush up on these 4 fundamentals for Cybersecurity Awareness Month

From employee training to shoring up endpoints and passwords, get primed for Cybersecurity Awareness Month with these four security and privacy tips.

Graham Templeton September 26, 2018 4 Minute Read

Prepare for PIPEDA with better device security and data privacy

Complying with PIPEDA's new privacy amendments requires diligence in everything from internal processes to device security.