As our world becomes increasingly connected, hackers take aim at the enterprise.
Equifax, Deloitte and Target are three names that represent what has become a growing trend among enterprises—embarrassing and potentially crippling cyber attacks as the result of incomprehensibly simple mistakes. Major media outlets have seized upon the opportunity to discuss these attacks ad nauseam, but have provided little helpful information to a frightened and confused public looking for answers.
The general public however, isn’t alone in searching for answers. Executives globally, are trying to wrap their heads around how an organization like Deloitte, that prides itself on helping other companies avoid cybersecurity threats, or Equifax, responsible for securing the information of millions of people, can be susceptible to threats that could have easily been thwarted.
The underlying cause of this year’s cyberattacks is more than skin deep and points to a general ignorance, misunderstanding, or arrogance in the enterprise world when it comes to today’s threats—as simple as they may be.
“As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
—Steve Martino, Vice President and Chief Information Security Officer, Cisco
Keep reading to learn about 5 of today’s biggest enterprise-level cyberthreats and how you should address them.
CEO email spoofing
It’s widely known that employees are one of the biggest threats to enterprise cybersecurity, but insider threats aren’t limited to young or malicious workers—the C-Suite is susceptible too. CEO spoofing is a similar tactic to phishing with a subtle difference; targets are tricked via email as opposed to a link. In CEO spoofing, cybercriminals compromise company email accounts and impersonate executives, in an attempt to fool other executives or employees into authorizing false wire transfers, or revealing confidential information. Ask Fifth Third Bank how easy it is to fall prey to this style of attack.
The key to avoiding these embarrassing and costly events is simple. Slow down, stay alert, verify every business transaction, and be sure that you and your team are up-to-date on the latest threat tactics.
IoT vulnerabilities
The proliferation of Internet connected devices has created opportunities for the enterprise but is not without its challenges and risks. IoT represents a major hurdle for enterprise cybersecurity programs as cybercriminals rise to the challenge of hacking connected devices. Medical devices, manufacturing sensors, and virtual assistants are among the most attractive targets to hackers. Many of these emerging technologies have been deployed with little thought put into how to protect them.
To secure enterprise IoT, connected devices and sensors must be managed and monitored, networks should be segmented, and like anything else in cybersecurity, you and your team must remain vigilant and educated.
Cisco is always working to address IoT and related security issues. Based on Cisco’s Digital Network Architecture, the networking giant’s Network Intuitive helps to resolve many of today's issues related to IoT security. By employing an automated intent-based infrastructure, this intuitive network has security built-in, with the ability to discover dangers and automate responses to keep enterprises protected from advanced threats.
“As IoT continues to grow, vendors will favor usability over security and IT security practitioners remain unsure of the correct amount of acceptable risk. Companies should assign business ownership of IoT security, focus on vulnerable or unpatchable IoT devices, and increase IoT-focused budget.”—Gartner
Advanced persistent threats
Advanced Persistent Threats represent a growing problem for enterprises, particularly in the financial and manufacturing sectors. In an APT attack, an unauthorized individual gains access to an organization's network and remains undetected for a substantial timeframe, allowing them to steal large amounts of information.
Implementing a basic cyber-defense strategy and monitoring outbound network traffic for anomalies will help administrators protect against this style of attack. You should also have a vulnerability management system in-place, keep security patches up-to-date (read more about patched software below), and test the security posture of your IT infrastructure frequently.
Ransomware
Ransomware attacks have increased over the last year and represent a very real threat to enterprise cybersecurity. Hackers have been able to penetrate enterprise security defenses by using simple tactics to entice unsuspecting employees via phishing scams or other means.
Like so much related to cyber-defense, the best way to protect your organization from ransomware is to educate and train your employees. Don’t click on unfamiliar links or emails and always back up your data and information—if you are impacted by an attack, you can avoid paying the ransom if you’ve got everything backed up.
Unpatched software
Attackers are looking for the easiest point-of-entry and unpatched software is an open door. While you’re busy implementing top-priority security tools across the organization, hackers are quietly exploiting your software vulnerabilities. In 2016, it was revealed that an SAP system vulnerability was left unpatched in the enterprise for 6 years, leaving more than 500 organizations exposed.
There is no excuse for leaving your organization vulnerable with unpatched software. Conduct frequent security assessments and always work with your cybersecurity teams to ensure there are no holes in your organization's cyber-defense.
As our world becomes increasingly connected, the threat posed to enterprises by cybercriminals continues to grow. Corporate IT systems are more vulnerable than ever and despite every decision maker's best intentions, more than a few members of the C-Suite have been impacted by an attack.
At Lighthouse, we can ensure the safety of your organization with best-in-class cybersecurity solutions. Get in touch to learn more.