Six Top Information Security Risks to Be Aware of in 2019

Six Top Information Security Risks to Be Aware of in 2019

While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

  • May 22, 2019

The global shift towards advanced forms of technology and higher levels of connectivity has created a gap in cybersecurity. While companies and individuals embrace innovation, cybercriminals make use of the new backdoors to improve the scope of their hacking.

1. Data Theft via Third-Party Vendors

Cloud computing has become a global trend. According to LogicMonitor Cloud Vision 2020, 83 percent of company workloads will be in the cloud. As more companies migrate their digital assets to the cloud, more data is entrusted to third-party cloud providers (CSP). While most CSPs provide adequate security controls, open-source components remain a critical threat.

According to a 2019 SNYK report of the state of open source security, there has been a 88% growth in application vulnerabilities during the past couple of years. The most alarming finding was the discovery that 70% of open source maintainers lack the skills to secure their cloud. Thus, despite the rising adoption of open source components by enterprises and SMBs alike, many cloud environments often marinate in vulnerabilities before someone catches on. By then, it’s too late—the data was already stolen and possibly sold in the Dark Web.

Possible mitigation method—companies that adopt cloud computing will benefit from creating a cloud migration strategy. As you create your strategy, you can research possible CSPs and ensure that they provide their clients with comprehensive security controls. Implementing automated monitoring solutions can help promote secure cloud adoption in-house.

2. Loss of Data Due to Shadow IT

Shadow IT refers to information technology systems used within the organization without the knowledge of the IT department. Shadow IT compromises the information of the organization. Shadow IT systems aren’t backed up by the organization and may cause loss of data.

Loss of data has implications on business continuity and the mental health of the employees. When people lose information, they go through the five stages of grief—denial, anger, bargaining, depression, acceptance. It can be heart-breaking to lose the valuable information you worked on. Such a mental state can impact productivity.

Possible mitigation method—the best protection against shadow IT is prevention. Organizations can create data loss prevention (DLP) policies to help educate employees in proper use of company resources. The policies clarify what systems can or can’t be used and for what purposes. Thus, prohibiting the use of shadow IT systems. Organizations may also implement DLP solutions such as DLP software that automate the identification, monitoring, and management of data breaches.

3. Poor Security Policies Compromise Trade Secrets

In a world in which connectivity has become an integral force of national, cultural, organizational, and individual continuity, security policies act as the guiding line that draws a protective circle around business secrets. According to Statista, there are approximately 2.5 billion smartphone users in the world. In the US, 77 percent of the population owns smartphones.

Information security policies help organizations to protect trade secrets. Allowing personnel and collaborators to access the digital resources of the organization via smartphones can promote productivity and business continuity. However, poor policies such as a single factor password may be used by hackers as an entry point to steal the data. Additionally, a stolen smartphone may compromise any sensitive information stored on the device. Often, when trade secrets get exposed, the reputation of the organization gets damaged.

Possible mitigation method—as in the case of shadow IT, prevention of improper use of company resources is often the best defense against losing trade secrets. Creating policies that maintain a standard use of information resources help employees play an active part in protecting the information and the IT infrastructure of the organization.

4. Data Heists Led by Insider Threats

In 2018, 25 percent of known data breaches were caused by social engineering, which is a technique that uses human psychology to trick individuals into divulging authorization information such as passwords. A social engineer may impersonate IT personnel and trick an employee into revealing their password. Other social engineers may use intimidation, blackmail, violence, or kidnapping to extract the information.

On the other side of the social engineering coin lies the intentional insider work. These are employees that deliberately breach the data of the organization, without being coerced into doing the deed. Often, these are disgruntled ex-employees. A survey of 1,000 employees found that one in five stole sensitive and confidential company information.

Possible mitigation method—implementing User Behavior Analytics (UBA) tools to flag unusual user behavior. UBA monitors and analyses many network events generated daily by the company users to identify malicious behavior such as lateral movement and compromised credentials. UBA helps determine whether the threat comes from the inside of the organization or from outside activity.

5. Phishing Schemes Lead to Business Email Compromise (BEC)

A phishing scheme uses media channels such as email, telephone or text messaging to send legitimate-looking messages with the intention to trick individuals into revealing sensitive information such as credit card details and passwords. Phishing schemes often result in identity theft and financial loss.

Phishing schemes can be used to launch a Business Email Compromise (BEC) attack. BEC scams target email accounts of executives or finance employees involved with wire transfer payments through various methods such as phishing attacks. The cybercriminal uses the information to initiate fraudulent transfers on behalf of the organization.

Possible mitigation methodeducating employees in methods of cybercrime and appropriate protective measures have been proven helpful in reducing information security risks. Additionally, organizations can also implement security controls such as dual authentication, encryption, and visual cues. Artificial Intelligence (AI) filtering provide advanced filtering techniques for catch BEC criminals such as geolocation tools for senders identification.

6. Fraud Enabled by Compromised Blockchain

Since its introduction in 2008, blockchain technology has seen a steep rise in popularity. Originally used for cryptocurrency, blockchain applications can now be found in many industries and systems. A notable blockchain application is a software program called smart contracts, which facilitate a safe digital exchange without the intervention of a third-party.

The idea behind smart contracts, and blockchain in general, is to enable safe digital exchange via transparency, thus getting rid of middlemen such as banks and brokers. However, current attempts of applications of smart contracts to the protection of intellectual property haven’t been successful. Bugs and errors in smart contracts leave systems open to attacks. A breach in the blockchain technology may lead to unauthorized alteration of a smart contract.

Possible mitigation method—use strong authentication to secure the terms of a contract and store encryption keys in a hardware root of trust. Additionally, blockchain security tools and solutions can help apply a variety of security controls the fit the security needs of the organization.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3