While you sip your latte and snigger at the latest Oatmeal comic about cats and workplace antics, take a look around you: Andrew from accounting may be the source of your next cyber security leak. Cindy from sales may be informing a competitor. Jason the janitor may be a cyber criminal. Without knowing where to look, you could look everywhere, what are you even looking for? With an estimated cost of up to $575 billion worldwide, cybercrime is a growing market.
The Biggest Targets in Cyber Security
While many attacks, such as common phishing schemes, may have no particular target, certain industries have higher rates of attack than others. If your organization is in one of the following fields (or interacts directly with any of these industries), you may experience higher than average rates of attack:
• Banking— digital money is actual money, in today’s business operations. Plus, the financial sector potentially possesses valuable data such as customer records.
• Government— from government agencies to contracts, government targets are a hot property for fraud but also hactivists looking to make a statement.
• Healthcare— the financial transactions in healthcare, social security numbers, health records, and so on all have a price on the cyber black market, making health care a frequent target.
• Retail— from the attacks on Target and Michael’s stores, to skimming devices at restaurants, the “headline makers” of cyber security are often retail in nature. Your transactions are another man’s treasure, in the cyberverse.
In addition to the data of value described above, corporate targets include product espionage, trade advantage and just general HR data for identity theft, all serving nefarious purposes on the cyber black market.
How They Will Hit You
Ransomeware has become the biggest cybersecurity threat in about the last year. Your digital data has value to you more than any other organization, and cyber criminals play upon that when they hack you and hold your data hostage.
Other common threats include (in descending order of frequency):
• outsider attack
• user error
• service provider failure
• physical security (such as loss or theft of equipment)
• misuse of mobile devices
• insider sabotage
• cloud apps for service usage
• data explosion or data-related vulnerability
• activist groups
Did you catch how many on that list come from the inside? While most “insider attacks” are unintentional, such as downloading malware or misusing a mobile device, when you combine such threats with insider sabotage you get an alarming fact: more than half of all attacks are perpetrated from the inside of an organization.
Combating Internal Threat
Some organizations seek to create a “zero risk” environment. In fact, such a thing is a thing is a myth or a fallacy. Just as there is some risk of accident when you drive a car, and some risk of choking when you eat food, there is some inherent risk to business operations. Still, you can minimize risk with defensive driving and effective chewing: and you can minimize cyber threats through maximizing the basics of cyber security intelligence.
Educate, educate, educate. “An ounce of prevention is worth a pound of cure.” You conduct fire drills. No matter how you say it, effective employee education can save you millions. Just as DropBox discovered when an employee’s reuse of a LinkedIn password created a new breach, employees may not automatically know what basic security measures could save PR, time, money and more.
You can educate employees about common threats and even test them with simulated scenarios, like an internal white hat hacking tutorial.
Focus on Prevention
While you won’t necessarily send your entire team to IT camp, you can incorporate a few basics:
1. Teach your employees about common cyber security threats, and what data has black market value, so they know where to exercise caution.
2. Insist upon unique, regularly changed passwords.
3. Grant compartmentalized access: no single user name and password, not even for IT or execs, should have access to your entire system.
4. Teach your team about careful clicking: downloads, attachments, and unusual requests should all be queried.
5. Don’t allow outside devices on your network without appropriate security measures.
6. Incorporate analytics: employees have predictable behavior; with a little help from simple analytics tools, you can quickly spot any “oddities” such as indicators of intentional system misuse/sabotage.
With prevention in place, and a support team when you need it, you can go back to your Oatmeal comic and safely laugh with your compadres.