Category: Identity Management

A few years back, many people started creating fake twitter profiles to propagate fake news and to indulge in an other kind of online crimes. Later Twitter, that is now owned by Elon Musk, took stringent steps to curb the rise of fake profiles by issuing a “Verified Blue Tick” mark to all those profiles that were being created by a company, individual, group or a country.

In March this year, the Tesla Chief made it official that all the blue tick owners need to pay a premium to say to the world that they are still holding an authentic account. It started to charge $7 to those who were logging in via a web browser and $11 to those logging from their mobile phone app via iOS or Android app.

From April 20th, 2023 all those who haven’t paid a fee started loosing their Blue Tick from their twitter profiles. This only suggests that their profiles will from now on not display a tiny tick mark beside their profile.

So, is this blue tick vanish a security concern?

Well, if a blue tick is assigned to a profile, it authenticates that the username and image displayed on the profile are true and verified by the social media company. And if it doesn’t have the blue tick verified badge, there is a high possibility that the profile might be fake.

Do you need to pay the premium for the Blue Tick mark displayed?

Well, for normal postings and those who already have followers, there is no need to pay, as everyone who is following you knows who you are what you are up to. But for the new ones who want to break the internet with viral tweets, having a blue tick mark on their profile makes sense as it brings in a bouquet of benefits, apart from just offering an authenticity to the profile.

What about the fake profiles creation?

Precisely speaking, it is not that easy to create a profile these days, as the company has programmed a few of its servers to catch their fake ones and weed them out of the platform within a few hours of the profile creation. For those created by humans, it can still entertain them for a while. But those being created through virtual machines will land up in the trash bin within a time frame of 9-12 hours from creation. As the content monitoring servers of the company always filter profiles that have single email ids, fake email ids and contact numbers, along with images that do not reciprocate.

The post Is Twitter Blue Tick removal a data security concern appeared first on Cybersecurity Insiders.

While the entire world is speaking about gender equality in every work-field, we observe things to be going contrarily in the world of cyber security. According to a research, Men are twice as likely to be targeted by Identity Theft attacks as Women, as the latter seem to be more cautious while making their personal information online.

Study made by Nationwide found that females where more cautious while posting their data online, as 63% admitted that they opted for multiple ways to protect their online accounts, especially, their social media accounts.

However, men did not seem to be amused at protecting their info, as only a few of them showed interest in securing their accounts against identity frauds and other prevailing threats in the cyber field.

Interestingly, more men aged above 35 showed extreme interest in protecting their accounts, while those below the above said age bracket where either unaware of the what could their personal info spill lead to or disinterested on what hackers could do if they had the hands on the information.

Women aged above 23 were found to be posting responsibly on their social media accounts, while men in the said age bracket weren’t worried about the repercussions they would face as soon as they posted personal details such as email addresses, contact numbers, DoBs and full names, over the web.

Ed Fisher, the head of fraud policy, Nationwide said that most of the male groups aged between 18-23 and 24-38 fell prey to identity theft campaigns like order of goods such as cars, mobiles and laptops. While a few suffered bank accounts drain or money scams via loans and credit cards frauds.

NOTE 1- The study was limited to the populace of UK and doesn’t include any facts or stats related to public in other parts of the western world.

NOTE 2- Identity theft or frauds exist in four different ways- medical, criminal, child identity theft and financial fraud.

NOTE 3- Any fraud stated above qualifies to be notified to the law enforcement as it leads to monetary losses.

 

The post Men are more hit by Identity Thefts than Women appeared first on Cybersecurity Insiders.

By Jacob Ideskog, CTO at Curity

The adoption of Open Banking has increased rapidly over recent years and has had a revolutionary impact on financial institutions and on the experience consumers have when interacting with finance products. According to the OBIE 5 million people are now using Open Banking in the UK, as the benefits of the new products and services  begin to be recognized by consumers and businesses alike.

However, the rapid rise of Open Finance has also coincided with concerns about the compliance and security risk that it poses. Curity’s latest report ‘Facilitating the Future of Open Finance’ revealed that over 70% of organizations globally are concerned with security related issues associated with Open Banking. It’s clear that this is a significant hurdle that still needs to be overcome if the adoption of Open Banking is to continue its rise.

The cybersecurity sector has the opportunity and means to alleviate fears and be at the forefront of the adoption of this revolutionary technology.

Addressing and Alleviating Security Concerns

A key concern amongst businesses is the extensive involvement of third-party providers that Open Finance requires and the heightened security risks associated with this, as over 65% of organizations view this as a top security concern. Additionally 62% of organizations have concerns with outdated security systems that don’t support securely sharing data.

However such concerns, whilst understandable, don’t recognize the current capabilities of security solutions available such as Multi-Factor Authentication and the implementation of Government regulations such as PSD2 in the EU. Crucial elements of the Open Banking experience are Application Programming Interfaces (APIs). APIs enable  the efficient exchange of data between applications, services, and customers and can be safely used as long as security and access is properly secured. Acting as the backbone for Open Banking, applications built using APIs with correctly secured access allow backend communication between banks and financial institutions without the need to re-enter or re-share login details every time.

With regard to outdated security systems, investment will be crucial in addressing this issue. Reassuringly, 83% of all organizations surveyed do plan to invest more into Open Banking this year than the previous 12 months. This will not only allow them to update their security systems to meet the standards that Open Banking requires, but will also improve the customer experience and reassure potential users.

The foundations of Open Banking are rooted in providing consumers with choice of financial products and  how they control their finances. Therefore providing a service that is interoperable between brokers, banks and third party financial institutions can be used to better the customer experience, so that all parties are equipped with the information that they need is vital. Furthermore, investment into the deployment of modern authentication methods will be a key aspect of addressing consumer hesitancy due to security concerns and ensuring consumer buy in.

Communication will also play a crucial role, both internally and externally. As mentioned previously many concerns of both financial institutions and consumers are either already accounted for by security systems or have solutions that can be immediately implemented. It’s vital to ensure that education around Open Banking is improved to alleviate fears that in some cases are unfounded amongst businesses and consumers alike.

The role of the cybersecurity industry

Whilst there are clear concerns and issues amongst organizations across the globe, there is undeniably significant momentum behind the adoption of Open Banking.  With almost three quarters of organizations surveyed planning to introduce Open Banking in the next 18 months, cybersecurity professionals’ focus should be on ensuring this transition is as smooth as possible.

This momentum and clear intention from businesses to adopt and invest in Open Banking provides the cyber security sector with a significant opportunity to be at the forefront of this banking revolution. It will be vital for the industry to work closely alongside financial institutions to support this change and mitigate risk at every turn.

We can expect the adoption of Open Banking to continue in the short term, but its long term health and adoption is absolutely dependent on the ability of the industry to address the security concerns and hesitancy that exist.

There’s potential for Open Banking to have a revolutionary impact on the way businesses and consumers approach their finances and more and more institutions are set to incorporate it into their business. However, despite the clear benefits associated with Open Finance, this cannot be done at the expense of individuals’ security and protecting their personal and private data. This is why the cybersecurity sector plays such an important role. If the industry doesn’t effectively mitigate risk and alleviate fears, no matter how much enthusiasm and momentum there is behind Open Banking it will not realize its full potential.

The post Security and the Future of Open Finance: How to Improve Adoption Globally appeared first on Cybersecurity Insiders.

By Gal Helemski, Co-Founder and CTO, PlainID

As the world continues to enter into virtual spaces, the use of identity and access management, or IAM, is ultimately a requirement for participating organizations. In particular, the need for smart technology that manages who can access what and when is at high demand within the healthcare industry.

Many healthcare organizations are using their IAM systems to address their ongoing complex compliance requirements, combat persistent cybersecurity threats, and securely share medical records with patients and within the healthcare network. This balancing act often leaves healthcare providers with a series of obstacles during critical circumstances.

While these obstacles aren’t new to healthcare organizations, it doesn’t mean that the IAM systems in place are equipped to solve each issue. A few factors that test the functionality and efficiency of these systems are:

Compliance Complexities and Digital Data

Complexities within the compliance landscape continue to change course due to code updates resulting in new requirements. Healthcare-specific compliance frameworks like HIPAA require healthcare organizations to manage digital data so that it aligns with the newer data privacy laws, like the EU’s General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA). Increasing complexities regarding how medical information and data is applied have placed additional responsibilities on healthcare providers to respond with efficiency.

Consumer Expectations

Consumers expect information regarding their health to be delivered with a certain level of sensitivity and transparency. Privacy concerns can be expected in relation to health data, but consumers are also looking to be handled with the same special care that exists between a healthcare provider and patient. The need for open communication about personal health information is why Gartner recommends healthcare organizations develop “strategies for notification, communication and minimizing the amount of data collected and retained.”

Data’s Lifetime Impact

The impact of valuable data isn’t lost on healthcare organizations, but the challenge they face is how to use data for future use. While leaders in the healthcare space recognize the significance of data as a critical resource, stakeholders can run into issues in accessing and adequately leveraging it. Creating an intentional use for data over a period of time can be challenging due to the difficulty of sharing data securely and efficiently. This is especially true when it comes to sharing patient medical information.

Security Threats

As part of the digital landscape, the healthcare industry isn’t foreign to cyberattacks, especially those caused by ineffective data management and access controls. Health facilities are frequently using massive databases to accommodate health providers and patients. As facilities continue to exchange these databases, there is a growing need for data access controls to provide intuitive authentication methods to give the right personnel access to the right information.

Ultimately, policy-based access control (PBAC) can provide healthcare organizations with the proper solutions to address these issues. Using a dynamic and policy-based access control system creates an environment for healthcare organizations to address each factor from a more holistic perspective.

A holistic approach enables the type of scalable functionality needed for modern healthcare organizations to build success. Policy-based access control streamlines access control for healthcare data, making it easier for healthcare providers to align technical controls with business requirements.

By delivering dynamic authorizations that are controlled by a centralized PBAC, healthcare organizations can establish a solution that delegates governance, management and enforcement of the right controls at the right time. More specifically, through granular access control policies, healthcare providers can share medical information to individual patients while providing the same information with their organization based on certification level.

Overall, the obstacles healthcare organizations and their providers face to deliver effective care will persist. Confusing compliance mandates, proper data research and security threats will always remain, along with the demand for healthcare to become more accessible and digital-friendly. But there are ways to address the fine-grained needs of healthcare organizations while maintaining the necessary security and risk requirements.

While many healthcare organizations using identity and access management systems seem to be a step ahead, they may not be positioned to share vital information across their network. Leading with policy-based access control technology is the best way for the healthcare industry to manage data in the most efficient and secure way. The power of using dynamic authorization enables decision-makers to set meaningful and efficient access controls policies.

The post Addressing the Unique Obstacles in Healthcare Through Policy-Based Access Control appeared first on Cybersecurity Insiders.

ACS Technologies (ACST), a leading provider of church management software and services in the United States, has announced its integration of the Curity Identity Server across its client-facing products.

The integration of the Curity Identity Server to ACST is driven by a desire to provide high-level security to end-users, with Curity enabling seamless identity and access management (IAM) and log-in and providing a number of different multi-factor authentication (MFA) flows to fit business needs. Previously, ACST relied on a home-grown solution that is currently being phased out and replaced by a cloud-native deployment of the Curity Identity Server in AWS.

By utilising the Curity Identity Server, ACST will be able to concentrate on its product development instead of spending time and resources building IAM and MFA infrastructure in-house. The integration of and investment in Curity’s easy-to-use, low-cost product demonstrates ACST’s commitment to end-user security and its dedication to continually improving its product for end-users.

On choosing Curity, Robert Gettys, Chief Product and Technology Officer at ACS Technologies, says, “We wanted to invest in the right security to help us allocate time to meeting the unique needs of churches across the country. Thanks to the excellent capabilities of the Curity Identity Server, we’ll be able to concentrate on developing our core products to serve our ministry partners rather than attempting to build IAM and MFA ourselves. With Curity’s support, we’ll enhance our customer offering and be better positioned than ever to build the Kingdom.”

Curity’s CEO, Travis Spencer, comments, “We’re really excited to be working with ACS Technologies. I’m confident that our product’s extensive features and standards-based approach will enable ACST to achieve their goal of stepping up security for end-users while maintaining ease of use.”

The partnership launched earlier this year will be rolled out across its products and services.

About Curity

Curity is a leading supplier of API-driven identity management, providing unified security for digital services. Curity Identity Server is used for logging in and securing millions of users’ access to web and mobile applications as well as APIs and microservices. Curity Identity Server is built upon open standards and designed for development and operations. We enjoy the trust of large organizations in financial services, telecom, retail, energy, and government services who have chosen Curity for their enterprise-grade API security needs. Visit https://curity.io/.

The post ACS Technologies selects Curity to provide seamless authentication across its end-user products appeared first on Cybersecurity Insiders.

By Gunnar Peterson, CISO, Forter

Earlier this year, cybercriminals infiltrated Okta’s systems, an authentication company thousands of organizations around the world use to manage access to their networks and applications. The threat actor gang, known as Lapsus$, gained access to the laptop of one of Okta’s third-party support engineers for five days, potentially affecting a small number of the company’s customers.

Okta said the access was limited, but this wasn’t even the biggest issue. While cyberattacks are so frequent these days, this incident was different because the bad actors cleverly targeted the very tools that so many customers use to restrict network access.

Blue team defenders are used to protecting our data, applications, and users with access controls and other security mechanisms, which is why attacks like this are especially challenging when they target identity and access control systems – the very thing defenders rely on to keep intruders out. Identity is now much more than a glue layer for distributing access. It is a frontline perimeter for defenders. In fact, Microsoft’s CVP and CISO Bret Arsenault summarized the issue perfectly: “Hackers don’t break in, they log in.”

Identity and authentication mechanisms, like multifactor authentication, are commonly used as a first line of defense. However, the FBI ) and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert warning that this technology on its own is failing against sophisticated, evolving cybercriminal groups and tactics.

According to the alert, the exploitations occur after actors gain access to a victim’s on-premises network and then leverage privileged access to subvert mechanisms that grant access to cloud and on-premises resources. They are also compromising administrator credentials to manage cloud resources. Simply put, our adversaries are dynamic and intelligent, and defenders cannot rely solely on static, list-based access control systems. Our access control protection layers need to be backstopped by monitoring systems that can detect malice and continually improve access control quality.

Access control mediates communications between users and the applications and data. But when attackers turn their focus from the applications and data and instead focus on companies’ identity and access control systems, the job of defending systems gets more fiercely complicated.

To cope with a more targeted malicious environment, access control systems need to adapt to user behavior and types of requests and flows. The protective access control layers must co-evolve with the intelligence gained from the detection layer. And it requires automation to efficiently scale.

Identity and access control systems focus on enforcing authentication and authorization policies. However, detecting malice requires more insight, and technology exists to fill that gap. Identity graphs go beyond the access control matrix to inspect user behavior for tactics like token tampering, forgery, and other tactics, techniques, and procedures (TTPs) that can adversely impact networks with account takeovers and lateral movements. Access to systems should be monitored not only for policy compliance, but also for known malicious behaviors.

Interestingly, a NSA/CISA alert also recommends cloud tenants pay attention to locking down tenant single sign on (SSO) configuration and service principal usage, as well as hardening the systems that run on-premises identity and federation services. Monitoring the use of SSO tokens and the use of service principals in the cloud can help detect the compromise of identity services.

If you have a chance to observe a red team attack on your system, you may notice that your access control system probably functions the same during a legitimate log-in as it does when it’s under attack. It shouldn’t. The access control system should be defended by looking for known attack behaviors and step up its posture to meet these challenges. As attacker tactics dramatically increase in frequency and sophistication, defenders must co-evolve and add ongoing malice detection to our identity and access control stacks.

The post Identity and Access: The Game is the Same – It Just Got Fiercer appeared first on Cybersecurity Insiders.

By Raj Dodhiawala, President, Remediant

Imagine you’re the manager of a hotel. Your position entitles you to a master key to all the hotel rooms, with access to any room, at any point in time. This of course comes with the territory and assigned role, enables ease of operations, and is demonstrative of the inherent trust that is conferred to you as the person in charge.

But let’s say a pipe bursts in Room 10, and an external maintenance worker is required to address the issue. That worker is also given a key to that one room and is granted “permission” to enter at a designated time confirmed between both parties. All other rooms would remain off-limits or inaccessible, and it would be understood that you’d need to facilitate access to adjacent rooms above or below, or besides Room 10.

But what if an unidentified and unauthorized person, one with malicious intent, got a hold of that key card and could open the door to Room 10 whenever they wanted? Or, in an even worse circumstance, in the shuffle between rooms and access during this contingency, the person got hold of the master key and could easily and stealthily move from room to room without notice? Needless to say, this could put the well-being of hotel-goers at serious risk, could result in stolen items or damaged property, and would ultimately impact the reputation of the hotel.

This is unfortunately the current reality of enterprise cyberattacks today. With compromised credentials, organizations of all sizes and across all industries are under constant siege, struggling to address their attack surface due to privilege sprawl. Whether gaining footholds from vulnerable software or users, the playbook is fairly consistent: establish a beachhead on a vulnerable system, elevate privileges, then compromise additional privileged users to move laterally and access or hold at ransom what’s valuable. Exploiting privilege sprawl—or the always-on, always-available administrative access to servers, workstations, and laptops—through lateral movement is at the heart of 82% of ransomware attacks today.

While one account might serve as an initial entry point, attackers seldom accomplish their goal with access to a singular system in mind. Instead, they’ll quickly pivot from one end-user (with access to one computer), to whole IT staff with 24 x 7 x 365 privileged access on many or all computers and network-connected devices in just the blink of an eye. Given that 74% of compromised organizations have admitted the attack involved access to a privileged account, it behooves IT leaders to look at this issue more closely than they currently are.

So, how then, can companies prevent a privileged access breach before it occurs?

Wrapping arms around privileged access sprawl and attack surfaces   

Privilege sprawl occurs when privileges, or special rights to a system, have been granted to too many people within an organization. Whether due to lax procedures, a lack of consistent oversight, or the fear of causing disruption to established processes, privileged access sprawl often grows in the dark of companies and quietly amasses to significant proportions. Compounded by the fact that administrators are assigned constant access, this privilege sprawl is a large attack surface that threat actors drool over. When privilege sprawl gets out of hand, an organization’s attack surface grows because of it, and — should one admin credential become compromised by an attacker or misused by an insider — they can easily use lateral movement to find or locate sensitive data to steal or to hold at ransom.

It’s therefore imperative today that companies take stock of their privileged attack surface – especially those lying dormant but available to attackers. By identifying where there is excess standing privilege and effectively eliminating it, companies can gain control over the crux of the issue that leads cause such damaging breaches.

Eliminating 24 x 7 x 365 privileged access and taking a Just-in-Time approach  

As noted, while slightly more convenient for admins and users to access systems at any point, standing privilege can be more damaging to companies than it’s worth — simultaneously giving the same convenient access to attackers holding the compromised credentials. These malicious actors can unlock any door and move through most if not all other doors. Equally importantly, this undermines other safeguards and negates any defenses in place for detecting your attackers.

Instead of standing privileged access, a “Just-in-Time” approach, bolstered by multi-factor authentication (MFA), selectively elevates privileges to the specific system that requires attention, exactly when the administration is needed, and for just the right amount of time necessary to complete the task for that particular administrator. This cuts off the opportunity for lateral movement without any friction for legitimate administrators.

By limiting both the specific account that requires admin access and granting such access for a limited time to the specific system, organizations can greatly reduce the risk of cyberattacks and the lateral movement that may occur – even if the attacker has a toehold in their environment. Transforming standing privilege into Zero Standing Privilege – the underpinning of the Just-in-Time approach – companies can more effectively deter cyber thieves from using lateral movement to move from system to system, minimize the window of opportunity to steal admin credentials, and ultimately mitigate the ability to wreak complete havoc across their network.

As enterprises continue to grapple with privileged access attacks and lateral movement, and as threat actors grow increasingly sophisticated, things like a Zero Trust strategy have become the ideal beacon of hope. But for companies to be truly successful, they must master Zero Standing Privilege and Just-In-Time access first. Only then will they reduce growing attack surfaces, strengthen their posture against lateral movement attacks, and build the proper foundation to implement Zero Trust.

Raj Dodhiawala has over 30 years of experience in enterprise software and cybersecurity, primarily focused on bringing disruptive enterprise products to new markets. Currently serving as President of Remediant, he is bringing focus, agility and collaboration across sales, marketing, finance and operations and leading the company through its next phase of growth.

The post “Just in time:” How companies prevent privileged access cyber attacks appeared first on Cybersecurity Insiders.

By: Julie Smith, executive director, Identity Defined Security Alliance 

According to the latest Verizon Data Breach Investigations Report, 61% of all breaches were a result of stolen credentials. It’s no wonder why nearly all (97%) respondents in a recent Identity Defined Security Alliance (IDSA) survey responded that they will make identity security investments in the next two years.

Founded by the IDSA and National Cybersecurity Alliance (NCA) in 2021, Identity Management Day, is an annual reminder about the dangers of casually or improperly securing and managing digital identities.

In honor of the day coming up on April 12, I spoke to the below industry experts on how both individuals and organizations can strengthen identity management all year round.

“When InfoSec people refer to the CIA of cybersecurity, they’re usually talking about the Confidentiality, Integrity, and Availability of the data we work to protect and not the three-letter government entity. These three tenets of security are fundamentally dependent on trusting the identity of the user accessing the data; without surety of identity, how do you build trust about who can or cannot access what, where, when and how? In our remote workforce world, assuring the identity of BYOD users has presented a challenge to many SMB organizations. This demand has led to impressive growth and accessibility of trusted identity management solutions that enable us to work together, even when we’re apart.” – Nelson Moulton, Security and Network Operations Director at PacificEast

“Small businesses often struggle to develop and implement a plan for securing their identities due to a lack of time and resources. A strategy for securing digital identities may involve identification of the need; planning, developing, testing and implementing the response; and finally, monitoring and maintaining the procedures and any software used. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.

However, securing identities can be tackled one project at a time. Setting up multi-factor authentication, using password managers, creating processes for identity data management, and scheduling automatic updates are all a great place to start.” – John Reade, Information Systems Director at Quanterion Solutions Incorporated

“According to the National Cybersecurity Alliance and CyBSafe study, “Oh Behave!” 53% of employees don’t think it is their responsibility to protect company online information. When you think about it, this is because the tech industry has always said “we control access” and “we control the technology,” but that isn’t necessarily true. Employees who use the information each day control that information. We believe in giving employees the critical thinking skills and tools to protect customer and company information.” – CyberWyoming

“Whether you follow a zero-trust framework or not, identities are a critical control point for all organizations due to their ubiquitous use in our digital world. For many organizations, every day is identity management day–considering the amount of unprecedented attrition in the workforce coupled with persistent identity-based attacks– there is no better time to spotlight how critical identity-security has become globally.” – Carla Roncato, Founder of Authora Research

“We all know that companies are going to get attacked. The question is, what are you doing when somebody gets in your network to protect your data and not just your identity? Knowing identities is half the battle when it comes to mitigating risk.” -Adil Khan, CEO, SafePaaS

“Identity security is not just about ticking a checkbox to satisfy your compliance, it is part of your business. You can’t run a business without giving access to your employees or contractors. Identity security is not a one-time project, it is a journey. A journey that includes a series of initiatives that are incorporated with strategy, capabilities, vision, people, process and technology to continuously address the ever-changing identity landscape in the business.” – Jason Lim, Founder and CEO, Cydentiq Sdn Bhd

The post Celebrate Identity Management Day by Taking Identity Security Seriously appeared first on Cybersecurity Insiders.

By: Lisa Plaggemier, interim director, NCA, National Cybersecurity Alliance

There is a common misconception that small businesses aren’t targeted by cybercriminals. They surmise, “I don’t have anything of value compared to a big business.” While cyberthreats are often associated with billion-dollar organizations, small and medium-sized businesses (SMBs) are at equal risk, and usually, at an even greater disadvantage.

Consider the Colonial Pipeline incident. Despite having less than 1,000 employees, the cyberattack on the company caused large-scale panic across the U.S. and disrupted operations for days. The Oldsmar Water Treatment plant in Florida also employed only a dozen people when an adversary attempted to alter chemical levels in the water. Had a team member not caught the disturbance, people’s health and safety would have been at risk.

One slip on a phishing email, one weak password, one orphaned account or a misconfigured privilege could wreak havoc — even for an SMB.

Common Cyberthreats Facing SMBs

As a result, SMBs need to keep their guard up because the reality is that every business is a potential target for cybercriminals. According to Forbes, the cyberthreats that SMBs most commonly face are “ransomware, misconfigurations and unpatched systems, credential stuffing and social engineering.”

Ransomware, simply put, means cybercriminals lock your data and hold it captive for a ransom payment. Imagine you open your laptop and your screen goes dark, only to find out that a criminal has encrypted and/or stolen your data and is threatening to leak your personal information if you don’t pay. From a business perspective, not only does this put your business’ data at risk of exposure, it also causes business disruption and lost revenue for the time it takes to address the incident, not to mention the agonizing decision to pay or not to pay. Paying ransom is no guarantee that the criminals will release your data back to you, and paying only perpetuates the problem.  The best prevention is to back up your data so that you can recover quickly.

Misconfigurations are also an easy target for attackers because they are highly detectable. The most common misconfigurations are unpatched systems and cybercriminals can take advantage of those security weaknesses to get access to systems and data.

Another common cyberthreat is credential stuffing, which is when an attacker uses stolen credentials to gain access to systems, employing bots to automate and scale the process. It’s a tactic that relies on the fact that users frequently re-use passwords across multiple systems and accounts. It’s a bad habit that makes it easier for cybercriminals to successfully access accounts without multi-factor authentication.

Lastly, social engineering is a common cyberthreat that SMBs can fall victim to, and it is usually employed to directly target individuals based on their role or access to systems, data and money. This happens when a person unknowingly releases confidential information, frequently obtained by an email phishing attack. Individuals are tricked into giving up their credentials, downloading malware or transferring funds.

Best Practices

There are a few simple best practices to follow, but the most important thing to do is to do something. Doing nothing, hoping for the best or assuming you won’t be a target are all risky business. Doing the below simple things will go a long way in making your business more secure:

  • Make a habit of properly configuring security settings for new accounts. Every time you sign up for something new and create an account for an app or set up a new device, it is crucial that you configure your privacy and security settings. Routinely delete old apps, or accounts that you no longer use. Attackers can use default login information from any device that is connected to the internet, so managing your company’s privacy settings is a key factor in protecting against cyberattacks.

  • Most data breaches start with a phishing email. Phishing messages can be delivered via text, phone or email.  The messages often come from illegitimate email addresses and often have a sense of urgency. Phishing can entice you to click on a link or open an attachment that installs malware on your device. Before clicking on links or opening attachments, it’s a good idea to check with the sender to make sure they are legitimate.

  • Multi-factor authentication is a must, not only on your financial accounts, but also on social media accounts and email. It can also help ensure that your accounts are secure through authentication tools, such as a code sent to your cell phone.

  • Have a company policy that employees must use long, complex and unique passwords. Because it’s nearly impossible to remember them all, use a password manager for your business. When you are duplicating passwords or using common passwords, you are falling right into the hacker’s trap.

  • Software updates can also eliminate new or ‘zero-day’ security flaws, so it is very important to keep your software up-to-date in order to reduce risk of infection from ransomware and malware.

The size of your company does not indicate your level of risk of cyber attack. The first step is to take action to protect your business. Implementing some simple cybersecurity best practices will make it difficult for criminals to victimize your company. And incidentally, many of these best practices are free or low cost.  Basic cybersecurity doesn’t have to be expensive for your business, but doing nothing and dealing with a security incident can be very expensive.

Taking place on the second Tuesday of April, Identity Management Day is an annual event designed  to help spread awareness about the importance of managing and securing digital identities. For organizations – both large and small – who want to build better cybersecurity defenses, it’s the ideal time to focus on making life much harder for today’s sophisticated cyber adversaries.

The post Just Because You’re Small, Doesn’t Mean You’re Safe – Why SMBs are lucrative targets for cyber adversaries appeared first on Cybersecurity Insiders.