Recently, the Greater Oak Brook Chamber of Commerce held a Cybersecurity Forum to help keep its members updated on how to protect themselves and their organizations. After a comprehensive presentation covering the cyberthreats to businesses by an FBI special agent, our own Rachael Narel moderated a panel about cybersecurity with local industry leaders. Many of the same themes ran throughout. Topics like identity compromise, internet-of-things (IoT) vulnerability, ransomware, business email compromise (BEC), and mobile malware were all discussed in great detail.
The special agent from the FBI highlighted just how important cybersecurity is to businesses in the Chicago area. Illinois is in the top 10 states for both money lost in BEC scams as well as total victims of BEC. And unfortunately, bad actors are continually innovating new ways to threaten your business. Many of these attacks use a combination of technical hacking skills paired with targeted social engineering. One such attack, Payroll Re-Direction, uses spear-phishing to target the company’s HR department and involves re-routing the funds, allocated for paychecks, to a bad actor within the two week pay-cycle.
Another possible vulnerability which many organizations neglect to address is mobile malware. This is an increasingly rich target for bad actors. Most businesses don’t even think about the amount of work that gets done on their employee’s mobile devices. While most phones have some encryption and data silo-ing capabilities, they generally don’t include any anti-virus protection. Even worse, techies will often jailbreak their iPhone to increase its capabilities, opening themselves (and your business) to cyber-attack.
In addition, the proliferation of web connected devices has created a brand new security risk. The internet-of-things gives bad actors new ways to infiltrate your system, as many of the smaller devices don’t have the advanced security controls of a workstation. Gartner expects 8.4 billion IoT-connected devices to be in use worldwide within the year. This is a threat which will only increase as more devices become web connected.
The panel consisted of Dr. Charles Currier, Jan Hertzberg, and Kyle Johnson. They covered similar areas as the special agent but provided a more business-centric perspective. On securing identity, the panel agreed that with all the data breaches today, it’s important to assume your identity has already been compromised and take steps to ensure it is now secured. The accepted method for protecting identity going forward? 2-step verification. Also called Multi-Factor Authentication (MFA), this is a way to validate the identity of the person by using two or more devices to complete the login.
Methods like self-testing your employees for phishing is a great first step in educating your employees about cybersecurity. Both Currier and Johnson spoke about how they focused on improving their organization’s response to phishing tests. They started with 20-30% of people clicking on phishing-email links and ended with a click rate below 5%. Pair this with additional periodic security awareness training, and you are on the right track to maintaining the integrity of your organization.
Cybersecurity should be a constant consideration for any business. The threats to your network and corporate assets are only going to become more complex and harder to detect. The possibility of a security event should be viewed as an inevitability. Start building your defenses now! For help in instituting multi-factor authentication, security awareness training, or mobile device management contact us. Call 630 832 0075 or email firstname.lastname@example.org today. We are happy to help!