10 Ways To Play IT Safe
State-sponsored and individual bad actors will escalate supply chain cybersecurity risks. Here are 10 threats and trends to look out for across business, governmental, and personal arenas:
1. Software updates—the new Trojan Horse.
Criminals use the normal software update process to get companies to infect all their clients, which then affects everyone down their software supply chain.
2. Installing spies on your phone.
When Russia wanted intelligence on NATO alliance plans in the Baltic region, it turned to a new kind of secret agent: the soldiers' own smartphones. Troops from the United States and other NATO countries found evidence of a Russian IP address accessing their personal phones.
3. Two things are certain: death and tax scams.
The 2018 tax season will see more fraudulent returns than ever—driven largely by the Equifax breach affecting 145.5 million people, SpiderOak predicts. While Chinese hackers remain the prime suspects in the Equifax case, taxes are a favorite target of another state: Russia. On the eve of Constitution Day 2017 in the Ukraine—during which the country celebrates its independence from the Soviet Union—accountants in the former SSR were hit with a massive cyberattack, the largest in Ukraine's history. The virus infected the software that businesses are required to use to file tax returns, causing havoc for both the companies and the governmental computers to which they are connected.
4. One hack, many votes.
"If you can plug it in, you can hack it, and this puts the 2018 elections at risk," says Skinner. "The move to prevent election meddling is far behind where it needs to be, and there are vulnerabilities everywhere—from the storage of voter rolls to easily hackable electronic voting machines."
5. PsyOps on your Facebook feed.
Recent congressional testimony from Facebook, Google, and Twitter revealed the extent of Russia's influence campaign on social media during the last presidential election cycle. More than 126 million of its users were served Russian propaganda, Facebook finally admitted, after months of downplaying the extent of the threat. "The volume of fake news stories was clearly too large for the companies to handle, even with the extensive use of third-party contractors hired specifically to address this threat," says Skinner. "If even tech companies with huge resources are having trouble controlling the spread of fake news and accounts, most other technology and media companies will be even more at risk."
6. Criminals are patient.
Once criminals steal the data they need, including Social Security numbers, birthdates, and other personal details, they can sit on it for months or years until people let down their guard and turn off their credit freezes.
7. Passwords are failing.
"Human nature wants to simplify, so we use weak passwords and the same password for multiple sites," Skinner says. But, major cybersecurity breaches are pushing companies to adopt much more complex protocols around digital security. "Companies are realizing that passwords alone aren't going to cut it," he adds. "There has to be a one-two punch of both authentication and encryption to secure your data."
8. Compliance gets your security up to date, about 10 years too late.
"Hackers are forward thinking and creative, staying far ahead of current security protocols," Skinner says. "All it takes is one employee who isn't trained in how to safeguard a computer and log-ins. The smart hacker takes advantage of this weak link, enters through that employee's credentials, and then has access to your whole system. Checking the boxes on compliance doesn't begin to secure systems and data the way they need to be."
9. Too many people have the master key.
In the majority of companies, employees have far too much access to information that they don't even need. And given the interconnected systems companies have with their vendors, and then their vendors' vendors, they don't even know how far out their connected system stretches. "This opens companies up to so many risks that they don't even know about," Skinner notes.
10. Breach fatigue.
We are becoming desensitized to hacks and leaks. "Even upper management can deprioritize security when trying to get out a release or an update before an important sales deadline, and CEOs and boards need to make sure that no corners are cut that can put the company at greater risk," Skinner says. "Ultimately, cybersecurity is going to be only as strong as the top of the house makes it."