29 Apr Threats to Information Security: What to be aware of in 2019
The information security sector is known for its rapid pace of change. It seems that with every passing day, a new or increasingly sophisticated threat is emerging, ready to make short work of enterprise breaches and data compromise. In this type of landscape, it’s imperative for IT admins and company stakeholders to keep up with the latest trends and to inform their data security posture accordingly.
This year is no different, and there have already been some noteworthy information security issues coming to light that business and security leaders should be aware of:
Ransomware comes to the IoT
By now, ransomware is nothing new. All types of organizations and individual users have unfortunately fallen victim to this scheme over the years, having their files and important data locked away from them until they pay up in untraceable digital currency for the decryption key.
Ransomware attacks have enabled cybercriminals to rake it literally billions each year, typically targeting entire databases belonging to businesses or individual users.
Now, however, it appears that attackers have a new target set: Internet of Things devices. Gartner predicted that by next year, more than 20 billion IoT devices will be connected to home and corporate networks. This creates quite the potential attack surface for hackers.
Often, these attacks hinge on the fact that many users don’t bother to reset default IoT device passwords, making it easy for malicious actors to breach the device and deliver ransomware. Other times, as CPO Magazine contributor Gilad David Maayan noted, it’s a basic lack of securitythat enables attacks on these endpoints. In this way, it’s important not to overlook IoT devices within security considerations, and to ensure that these endpoints are outfitted with anti-ransomware protection.
Phishing continues, and grows more advanced
Here’s another trend that many enterprise leaders may already be familiar with: phishing. In these attacks, hackers typically carry out a bit of research to get to know their target – which could include a business executive or employee, a politician, celebrity, or other high profile individual – and then craft a specific message just for them. This message is actually bait, and encourages the recipient to click on an attachment or link which then delivers malware or otherwise serves as the springboard for breach and attack.
The University of San Diego reported that hackers are now leveraging machine learning to take care of the heavy lifting of crafting a phishing message. This means that phishing attacks will include more specific and more convincing content, and could drive up the success rate of these types of attacks.
While phishing is difficult to guard against, education and awareness goes a long way here. Users, including company heads and employees, should be aware that these schemes are taking place, and should be trained not to open suspicious messages from unknown senders and not to click on any unfamiliar attachments or links.
Ransomware and phishing will continue to be trending attack strategies this year, but this only scratches the surface of the many different approaches attackers are using to put enterprise information security at risk. To find out more about safeguarding your organization’s data, systems and IT assets, connect with the experts at Pinnacle today.