Technology threats that may damage your business in 2021: This is a story of how hackers would use the chaos and confusion as your business opens after the pandemic to bring down your business. As the world slowly and in phases limps back to work, employees would want to get back to work as usual quickly. And that is where there is an opportunity for hackers to exploit your business, your data and quickly bring you down.
In this article I will put across these 5 clear and present technology threats.
1. Attacks against remote workers
Many organisations have chosen a hybrid model henceforth to work. Staff do come to office when possible and for the other days they choose to work from home. There are hundreds of attacks that target these employees when they are at home and not as well protected as when they were in the office. The objective of the hackers is to get access to their machines and then when they return to office, to get access to your network and hence your business.
Let me bring to your attention the 3 most obvious methods used by hackers.
- Staff gets emails sent to them pretending to be from IT department asking them to reset their passwords.
- Staff or others have installed applications on the office laptop during the pandemic that may compromise security. These may be from e-learning or games or even compromised websites visited.
- Vendors and IT support may have installed remote control software with easy passwords that allow hackers to take control and monitor their laptop and then access the business network when they connect to the Wi-Fi at office.
Weak passwords should definitely be considered among the most commonly ignored technology threats.
These attacks though sound quite random are many a times created after much study and target organisations. The use of social media and e-commerce are used to find targets and amounts lost can be huge.
Hackers have used methods to transfer amounts from accounts deposited to local city accounts and move it to a chain of international banks making finding the culprit or your bank difficult to trace and book.
Typical attack methods: Phishing, Spear phishing.
2. Double Ransomware Extortion – Twice the pain
Ransomware remains a strong contender for disruption in businesses and among the most painful technology threats too. Double Extortion means stealing proprietary or embarrassing data and after that encrypting current data in your organisation making it inaccessible. One of these will surely cause your businesses to buckle down and pay up or if not, then lose time and money to set you back a few years.
Ransomware has been a bane of organisations bringing them down to their knees. And as businesses struggle to get up and running, it is especially important that they build defences to help them address this not just through employees but also through operational procedures that look for vulnerabilities in working behaviour of employees.
Ransomware can come in through malicious ads, click bait, downloading infected files or harmful attachments that seem to have come from legit sources. Ransomware comes in three phases, the first is the hacker gets access to the network and then scans it for important and confidential data. Later scans for other credentials that it would use to get more data to be used later.
In 2021 the hackers have moved from individuals to target MSP (Managed Service Providers) and organisations to get as many victims as they can.
Since there are 3 phases in a ransomware attack, setting up a qualified security team may detect the attack early before more damage is done. A preserve and respond operation could save the company from considerable damage.
One other SNAFU, I have seen is that the backup or Disaster recovery information is also on the same network. This would be disastrous as it would surely be infected thus making the attack successful and leaving no choice for the organisation to agree to lose data, that may not be possible to enter back manually. The time lost and the cost of rebuilding would be a severe setback.
3. Business E-mail compromise
Business e-mail compromise though begins with access to your organisation’s mail system, it leverages a long-drawn study that imitates the important stake holders to defraud the company.
The 5 most frequently used Business E-mail compromises are:
- CEO Fraud: The attackers impersonate the CEO or a senior executive of a company and typically emails an individual within the finance department, requesting funds to be transferred to an account that is not a regular account and makes a strong and valid case for urgent transfer.
- Account Compromise: An employee’s email account is hacked and is used to request payments to vendors. Once the payments are made it may take time as reconciliation may be scheduled once a month. By that time, it is too late to stop the transaction.
- False Invoice Scheme: Attackers commonly target foreign suppliers through this tactic. The scammer acts as if they are the supplier and request fund transfers to fraudulent accounts. The nature of mail and the transaction value of a smaller amount usually leads to a successful transfer and hence immediate loss to the company.
- Attorney Impersonation: This is when an attacker impersonates a lawyer or legal representative. Lower-level employees are commonly targeted through these types of attacks where one would not have the knowledge to question the validity of the request.
- Data Theft: These types of attacks typically target HR employees to obtain personal or sensitive information about individuals within the company such as CEOs and executives. This data can then be leveraged for future attacks such as CEO Fraud.
It has evolved now to WhatsApp messages and Phone calls for shorter cons.
Employees are sent WhatsApp messages pretending to be from the CEO, asking for money transfers. But the e-mail fraud is one of the most financially damaging online crimes.
The earlier BEC was a more thoughtful attack where after getting access to the entire domain’s mail the hacker would analyse the users responsible for payments and then trick them into making payment to what seemed either a senior management account or a vendor payment.
Now smaller amounts can be got out using social media accounts impersonating friends and colleagues.
The BEC fraud can only be circumvented with a zero-trust policy implemented across the organisation and strict operational policies.
4. Technology overlook – Commonly ignored technology threats!
With lack of understanding of information security among businesses, one of the biggest threats is that there is no dedicated Security team in an IT department to design, control and monitor all aspects of data protection in the organisation. Accidental sharing, weak passwords for senior management have allowed hacker easy access to corporate networks.
Up to 28% of Enterprise Data Security Incidents Come from Inside.
There are 3 areas that are common in business across the board.
- Insider Malice: Though all employees are hired with great trust and faith, over the years it may be that some may not be happy with the work or the company policies. Any simple data breach left intentionally can threaten the company’s reputation. Another suspect in this case is poor operating procedures when the employee onboards or exits the organisation. Rights and access are a shared responsibility among department heads, Human resources, and IT.
- Poor Password Policy: There is a misunderstanding that deploying strong password policies can mitigate the risk. There are many ways that a poor password policy can affect an organisation. The risk is not just easy password. Complex passwords are written down in plain sight by employees who may not understand the risk. Employees share their passwords with IT departments for chores without hesitation. Many such lacunas have led to incidents that have impacted the organisation.
- Lack of 2 factor authentication: Though some organisations have started the process of implementing 2 factor authentications, there is still a pressure from some quarters to disable it. Others have not even started doing so and find it a chore.
With a freeze on IT staff, security though a concern has been assigned to either System administration staff or software development team as an added responsibility or worse to HR or Accounts. The lack of cyber security skills leads usually to further weakening of security in the organisation, making them easy targets.
Data protection and cyber security are not understood as different aspects of information security and usually a VAPT or a device procurement seems to be an easy fix that usually makes things worse as it brings in a false sense of security.
Lack of instrumentation or monitoring of critical systems even after a comprehensive audit or assessment also would lead to the breach and increased resources needed for remediation.
5. Ignoring Operational Technologies
An immensely powerful technology landscape that directly or indirectly controls all our activities is Operational technology that are used by industries that provide essential services.
Power, Transportation, Building management.
Just a quick primer OT encompasses, ICS (Industrial Control systems and SCADA (Supervisory Control and data Acquisition) Systems. These are system used in industrial operations like power grids, alarms, Building management systems, refineries, and other similar industries.
With the introduction of IoT and IIoT (industrial Internet of things) the perimeter has expanded and so have the vulnerabilities and other technology threats.
All industrial equipment that are smart and though have been intelligent enough, it is now that they are far more connected than ever before. The Internet now has access to all equipment and processes in large industrial firms. Many companies are still not aware of the threats that cyberattacks pose to their OT assets. Standard measures for cybersecurity are usually not designed for operational technology.
Getting IT and OT to work together could bring down costs and create a framework that allows comprehensive monitoring of the OT landscape. With the best of security appliances and intent, your business is just one click away from giving hackers access to your network and bringing in waste of time and resources.
One of the most important aspects is educating the users and ensuring that they report any oversights, mistakes, and perceived threats. User should be encouraged to call out threats and they should be relayed across the organisations for learnings.
Investing in regular third-party audits, getting a compliance mandate based on international standards and a dedicated role for IT security is now essential if you do not want any rude surprises.
Here is another blog that you’d like to read: Top 5 Cyber Security Threats to look out for in 2021.