There’s been a continued increase in cyberthreats since the pandemic began. Not only has the threat volume increased, but the threats are also becoming more sophisticated.
“Executives really need to pay attention to cybersecurity,” says Jim Altman, Middle Market Pennsylvania Regional Executive at Huntington Bank. “Too many are playing the odds that they’re unlikely to be attacked. But unfortunately, with the increasing threats, those odds are against them.”
Smart Business spoke with Altman about the cyberthreat environment and strategies that can help insulate companies from them.
How have cyberthreats evolved?
Bad actors are now prioritizing scams that enable them to monetize a breach as fast as they can, such as through payment-related scams that lead to money, preferably in the form of cryptocurrency, getting to them as quickly as possible.
But speed isn’t always a characteristic. For instance, these criminals are increasingly stalking targets, monitoring a business after they penetrate the company’s email server, reading emails and searching for the right opportunity to capitalize on their position.
Ransomware threats to businesses big and small have also increased. These threats have evolved from just taking a company’s data hostage and demanding payment to release it, to exfiltrating emails and blackmailing companies with hush money and name-and-shame scams.
While frequency and sophistication are improving, they’re still getting in through the same vulnerabilities. They’re exploiting poor passwords, unpatched systems, and holes in companies’ remote desktop protocol and server message block, both of which can be successfully attacked when not removed or at least configured securely.
How has remote work affected cybersecurity?
Having a remote workforce has broadened companies’ attack surface — all the potential vulnerabilities across a company’s entire public-facing network — to now include the homes of their employees. Those home networks have weak spots, which is why it’s important that companies account for those weaknesses as they plan their cybersecurity.
Much of that is basic: keeping strong passwords and ensuring employees regularly patch their home devices. However, one of the challenges in this area for companies is knowing what they can dictate to employees regarding their home cybersecurity and what they can’t, as well as whether they should or shouldn’t scan their employees’ networks. So many companies are emphasizing user awareness and education to ensure employees are aware of the types of scams that are out there, what they might look like, how they work and how to not fall victim. Employees, whether at home or in the office, are a company’s first line of defense against many of these threats. So, it’s wise to spend time and effort making sure users of the system are aware and educated on the threats and the ways to neutralize or mitigate them.
How can companies learn about their vulnerabilities?
Companies should start off with an assessment of their IT infrastructure to determine their dependency on certain technologies — point-of-sale systems, smartphones, etc. — to discover which of them are business-critical, then put together a plan on how best to secure those. It’s always vitally important to identify and protect sensitive personal information, such as bank account and health information.
Once the systems and information are identified, companies should test their resiliency to attackshrough tabletop exercises that are as real as they can be. Follow that up with an independent security audit that includes a vulnerability scan and attack-surface mapping.
Companies should also look closely at what information is publicly posted about key people within the company, such as on social media or their own website. It can be used by attackers in phishing expeditions.
It also may make sense to consider cyber liability insurance. These policies are not cookie cutter, so work with a professional who can find a plan that offers the needed coverage.
These cyberthreats are a multi-billion-dollar problem. No business is too small to be attacked, so every company needs to protect itself.
Insights Banking & Finance is brought to you by Huntington Bank