The past few years have been nothing if not tumultuous for businesses of all shapes and sizes, which has only exacerbated the shifting terrain we’d expect to see in a business’ cybersecurity needs and threats. Let’s take a few moments to examine what 2022’s cybersecurity landscape is likely to look like, considering what we’ve seen recently.
Artificial intelligence, also known as AI, is already used in certain industries, like cybersecurity and automation, but hackers have quickly found out that they too can leverage AI to their advantage. With cybercrime on the rise, it’s expected that AI will play a role in the cybersecurity landscape to come. Let’s take a closer look at some of these trends.
We know that cybersecurity isn’t the most interesting topic in the world, especially for a small business owner, this doesn’t diminish its importance. If you fail to adequately protect your business, even a low-profile SMB can fall victim to a cyber threat. It’s your job as the business owner and thought leader to make sure this doesn’t happen.
When it comes to network security, businesses need all the edges they can get, especially since cybersecurity as an industry is one which is rapidly adjusting and responding to various threats, as well as their responses to those security measures. One way in which security researchers have attempted to subvert this security rat race is through artificial intelligence measures, a trend that promises to change the way businesses protect themselves for the better.
In a zero trust network, you trust nobody, no matter how long they have been around or how invested they are in your organization’s future. Everyone’s identity on your network must be verified, a concept that has been quite helpful in limiting data breaches. Today, we are going to discuss the National Institute of Standards and Technology’s definition of zero trust and what they recommend to businesses wishing to implement it.
Authentication is one of the most important topics on the table for discussion this year, particularly in regards to how the need for secure data access has been increased considerably during the COVID-19 crisis. How can you make sure that your data is being accessed in a safe and secure manner while also verifying the identity of whoever accesses it? Voice-based authentication might be one option.
“Security Theater” Coined by cybersecurity technologist Bruce Schneier in the early 2000s, “security theater” describes any security efforts that make one seem more secure but do very little to enhance security in the practical sense despite the costs associated with them. The concept is reliant upon the notion that security exists in two forms: the emotional feeling of being secure, and the quantifiable mathematical and scientific improvements that one can make to their protections. For an example, let’s look to a personal anecdote that Schneier shared in a 2007 blog article. In this article, Schneier shared an observation from his visit to the maternity ward after a friend’s child had just been born. The infant had been outfitted with an RFID tag bracelet, the purpose of which being cited as a preventative measure against infant theft. However, at the time that Schneier visited the ward, infant abduction was remarkably rare. This led Schneier to hypothesize that the bangles weren’t adopted as an actual security measure, but instead as a performance of security theater. By “protecting” an infant against “abduction,” the new parents could spend a few moments away from their baby without too much worry. Let’s review the hospital anecdote. While they certainly weren’t free, the tags that were used to “track” the infants were available at an extraordinarily low cost. As a result, making the investment to mitigate an incredibly unlikely issue was considered more acceptable, because it improved the experience of the parents. Schneier also cites an even more recognizable example: the tamper-resistant packaging that was introduced on over-the-counter medications in the 1980s. Poisonings were getting a lot of attention in the press at the time, and despite the statistical likelihood of an actual incident being so low and the tamper-resistant packaging not being all that tamper resistant, the impression it made was thoroughly positive. This is because, in both cases, the performance of security theater helped to make the perceived threat level more in line with the actual threat level. Of course, while the benefits that security theater can offer are very real, so are the costs of putting on such a show. Is Security Theater Worth the Price of Admission? I want you to consider a very real potential outcome of these kinds of displays: what if the piece of security theater you invest your money in is actually making your real security measures less effective? Consider what happened to Target in 2013. The company was hacked when their security teams overlooked the warning signs of a breach as they were buried in a deluge of other notifications. Let’s dive deeper into the threat of “overacting” in your security theater, starting with the situation that Target created. Too Many Alerts I want you to consider what happens when your company chat is a flurry of activities that ultimately don’t involve you. Eventually, you tune out the notifications to try and stay productive, right? The same thing happens with your security notifications if there are far too many of them that ultimately mean nothing. As a result, you and your team will gradually stop paying attention to them, allowing the actual threats to come in. Recruiting an MSP to assist you can help sort out these notifications, with the real threats attended to and interruptions minimized. Too […]
Over the last three or four years, we’ve seen some of the world’s biggest data breaches. Yahoo, Marriott-Starwood, and Equifax were the highest profile attacks, with a combined 3.5 billion accounts hijacked for those events on their own. To put that in perspective, you could take any two human beings on the planet, and there would be a pretty good chance that one of them was a victim of a data breach over the last three years. Security breaches like this have increased by over 67% since 2014, and the trend is still climbing. What’s at Stake? We’re Basically All Hacked Now? It’s actually almost a good thing that these massively high-profile data breaches are happening. Hear me out: It brings this type of crime to the public eye – Most Americans know about the Equifax breach. Awareness is a huge step in the right direction. There is so much data in these breaches that it is practically impossible for cybercriminals to use it all – If 500 million credit card numbers are stolen, the chances of one in particular being used goes down substantially. We’re not looking at data breaches in a positive light, but I firmly believe that the last few years has been the lesson the world needed, and it is a lesson a lot of organizations are taking very seriously. Policies and laws are hitting the books, and compliance regulations are being mandated within certain industries. Organizations of all sizes are taking data security seriously. What Does This Mean for Smaller Businesses? Of course, when we talk about data breaches, we always reference the big ones like Yahoo, Target, Sony, eBay, etc. Or we talk about the municipal attacks, where large cities like Albany, NY and Baltimore, MD were targeted, along with smaller towns like Wilmer, TX and Lake City, FL being held at ransom. We don’t hear about the 40-person company that goes under because of a cyberattack, because it affects fewer people. The problem is that small businesses are a major target. In fact, according to a survey by Verizon, 43% of breach victims were small businesses. Smaller businesses are easier targets because they usually don’t pay as close attention to their security. It’s Time to Take Cybersecurity Seriously There are things you can do. If you want to start getting serious about your organization’s cybersecurity, there is no time like the present. Call our knowledgeable IT professionals at SRS Networks today at (831) 758-3636 to get started taking the steps you need to keep your company’s data and infrastructure secure.
We’ve tried to keep a detailed record of this year’s largest data breaches. These are the major breaches that have happened this fall. September 9/5 Providence Health Plan – 122,000 members have had their personal information leaked as an unauthorized party accessed the company’s servers. Plan member names, addresses, email addresses, dates of birth, Social Security numbers, member ID numbers, and subscriber numbers were involved in the leak. Facebook – An unprotected server with over 419 million records was discovered, giving outside entities access to Facebook’s user ID and phone number. In some cases, user’s names, genders, and locations were also leaked. 9/16 Dealer Leader, LLC. – The personal information of 198 million prospective car buyers was left exposed. The exposed information included names, email addresses, phone numbers, addresses, and IPs. 9/27 DoorDash – The food delivery app announced that 4.9 million customers had their personal information breached through a third-party. The information included the names, delivery addresses, phone numbers, hashed passwords, order history, and the last four numbers of each’s credit card numbers. Additionally, over 100,000 delivery drivers had their driver’s license information leaked. 9/30 Zynga – The mobile game maker, Zynga, has announced that 218 million players of their popular mobile games Words With Friends and Draw Something, had their information accessed by a hacker. Player names, email addresses, login IDs, phone numbers, Facebook IDs and more were exposed. October 10/17 Methodist Hospitals of Indiana – After a couple of employees fell victim to an email phishing scam, the personal information of 68,000 patients were accessed by hackers. The information leaked included names, addresses, dates of birth, Social Security, driver’s licenses, and more. 10/21 Autoclerk – An open database was discovered by a cybersecurity vendor belonging to Autoclerk, a hotel property management software developer. The exposed data included names, dates of birth, home addresses, phone numbers, dates of travel, travel costs, room numbers, and some masked credit card details of hundreds of thousands of guests. 10/22 Kalispell Regional Healthcare – Over 130,000 personal, insurance, and financial records were exposed in a hacking attack. This included patient names, Social Security numbers, addresses, medical record numbers, dates of birth, medical history and treatment information, name of treating physicians and more. 10/26 Adobe – The account information for over 7.5 million users of Adobe’s Creative Cloud were exposed from an unprotected online database. Data that was exposed included email addresses, usernames, location, Adobe product licenses, account creation dates, and payment statuses. 10/27 Network Solutions – The world’s oldest domain name provider has exposed in a hack. Millions of individual’s data that include names, addresses, phone numbers, email addresses, and service information. November 11/9 Texas Health Resources – The Texas-based health care provider reported a data breach where 82,000 patient records were exposed. Included in the breach were names, addresses, email information, health information, and more. 11/16 Magic the Gathering – The popular online version of the card game Magic the Gathering has reported that an unsecured website database has exposed 452,000 player records that include names, usernames, and more. 11/18 State of Louisiana – The State of Louisiana has been a victim of a ransomware attack that took down many state agencies’ servers. Although no data is said to be lost, the state’s crucial computing infrastructure was down for several days […]