Protect Your Company Against Hackerapocalypse
Thursday March 16, 2017 | Filed under:
Guest blog post by ASI Chief Technology Officer Armughan Rafat
In a scant few years, terms like hacker, ransomware and botnets have become as commonplace – and as unsettling – as cybercrime itself. The World Economic Forum estimates the economic cost of cybercrime to be $3 trillion worldwide, with costs expected to double by 2021, so even small companies need to double down on their efforts to protect themselves and their clients.
The increasing importance of cybersecurity to ASI prompted us to expand our global security program and create a new online “sheriff” – Seth Kusiak, a 16-year veteran of the promotional products industry we’ve recently promoted to VP of infrastructure and security services.
Remember, data breaches and other online security problems can arise any number of ways, from nefarious overseas hackers, computer viruses and poor security to accidental publication and lost or stolen devices.
To help you and your employees better understand what companies worldwide are facing in this new era of cyber defense and cybercrime, I’ve prepared a short Q&A, along with some tips on protecting your home and office computers:
Q: What does cybersecurity mean to ASI?
A: Security’s always been integral to ASI’s information services team, but we’re strengthening our commitment to a security-focused and application-delivery platform. Our expanded focus includes implementation and oversight of an expanded global security program addressing compliance and insurance, governance, information security policies, incident response, threat modeling, risk analysis and security awareness.
Q: How have threats evolved in recent years?
A: Surprisingly, threat actors use the same techniques they used 15-20 years ago. But technologies continue to evolve and there are many more internet-connected devices than ever before, from computers and mobile phones to consumer electronics like “smart” appliances, which can be easily hacked thanks to lax security. Second, the rise of Bitcoin has made it possible for criminals to get paid more reliably and with little risk. Third, threat actors from various foreign countries pursue U.S.-based victims because it’s easy money and there are few criminal consequences.
Q: How does ASI distinguish between different types of cyberattacks?
A: Security-conscious organizations like ASI go through a process known as “Threat Modeling” to identify threats, objectives and vulnerabilities that apply to our systems, network and apps. We prioritize and define countermeasures to prevent or mitigate identified threats. As you might imagine, this is a very tedious process that’s ever-evolving and ever-changing. A threat that may be innocuous today may evolve into one that causes us to drop everything to address it. Our threats are very different from those in financial, government or healthcare.
Currently, ASI’s most prominent security threat is social engineering – the art of manipulating people to give up confidential financial, personal or company information to attackers who will use it to their own benefit.
Q: How will cybersecurity – and threats – evolve in the next few years?
A: To be honest, we haven’t yet hit a low point in regards to security-related incidents, as frightening as that sounds. Things will get worse before they get better (but they will get better). This year, companies throughout the world can expect more large-scale data breaches, significant increases in ransomware infections, more critical software vulnerabilities and widespread internet outages due to cyber-attacks. Looking beyond, we’ll likely see more sophisticated social engineering attacks driven by artificial intelligence (AI) and machine learning (ML). We’ll also see more businesses impacted. Just recently, Verizon’s $4.8 billion acquisition of Yahoo was put on hold due to Yahoo’s massive data breach.
On the positive side, technology companies are starting to get it and are focusing on improving the security of their products and services. The security community is very active in pushing for better security and privacy by calling out vendors for poor security, which is having a positive impact.
Q: How can I guard against cyber threats?
A:
- Think before you click. Carefully review emails before responding or clicking links.
- Don’t reuse passwords across multiple sites or applications. When a data breach takes place, criminals attempt to use the stolen passwords to access other sites.
- Enable two/multi-factor authentication on your accounts, including banks, social media and any other account that offers it.
- Don’t install software from unknown sources, especially stolen/pirated software.
- Be careful when giving permission to apps to access your accounts. For example, by generating a “What kind of cat are you” Facebook post, you may inadvertently give those apps permission to access your profile information or even the ability to post to your accounts.
- Keep your software updated with security patches.
If you’re interested in more information on what’s ahead, I suggest reading a Wired magazine article on the biggest security threats facing us in 2017 – and keeping watch for emails from ASI about the cybersecurity webinar we’ll be offering in coming months.
My last piece of advice is a variation on an old newspaper adage about confirming information from sources: Even if your own mother emails you, check it out before you click it. Be vigilant and be safe.