Cybersecurity involves a variety of risks and vulnerabilities to the enterprise, from distributed denial of service (DDoS) attacks to phishing to USB drives. Companies may also be at risk from use of interactive kiosks, or even from cyberattacks against traveling executives.
Preventing phishing and cyberattacks
The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO
Phishing is a fraudulent attempt to gain sensitive information such as user names, passwords or credit card details by disguising as a trustworthy entity in an electronic communication. These are among the most dominant forms of social engineering attacks.
To avoid phishing attacks, NTT Security has expanded their suite of phishing attack simulation services using special social engineering techniques to check whether senior executives pose a security risk. The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO. These executives are more likely to have unrestricted access to highly confidential company data, which makes them a valuable target.
Simulated, personalised social engineering attacks are carried out, with the individuals involved unaware they are being targeted. NTT then analyses how executives respond, identities weaknesses, and recommends appropriate measures such as awareness training.
| Cybersecurity helps deter phishing and DDoS attacks |
ADT Cybersecurity partners with Cofense phishing defense solutions to offer phishing detection and response. Cofense Triage is a phishing-specific automated incident response platform that works as part of ADT Cybersecurity managed services. The system focuses on thwarting phishing attacks before they can cause damage by moving detection of such attacks up the kill chain.
Data breaches caused by cyberattacks on networks are plaguing businesses of all sizes. The median time of compromise to discovery is 80 days, with the average cost of data breach costing organizations $3.62 million.
Managing endpoint security
There is a need for cybersecurity to extend beyond the firewall
Another cybersecurity vulnerability for companies is the unauthorised use of USB ports. There is a need for cybersecurity to extend beyond the firewall, which requires restricting access to a system’s USB ports as a means of managing 'endpoint security.' However, blocking all USB ports can restrict productivity, and employees are not as efficient as they should be.
A solution is the use of more encrypted USB drives to combine the productivity advantages of allowing USB access while protecting the information on the drives. Kingston Technology offers hardware-based encrypted USB drives that uses AES 256-bit encryption in XTS mode to ensure that if anyone finds a USB drive, they cannot access the information.
Illustrating the value of encrypted drives was an incident when a USB drive from Heathrow Airport was found on a London street. It contained confidential information about accessing restricted areas at the airport and security measures used to protect the Queen.
Data security and interactive kiosks
Another possible cybersecurity vulnerability is use of interactive kiosks, which are computer terminals that feature specialised hardware and software that provide access to information and applications. Kiosks are typically placed in high foot-traffic environments such as retail stores, hospitals, banks, hotels, airports, courthouses, libraries and railway stations.
A kiosk is particularly attractive to attackers because they know the security might not be as tight as it should be. Making kiosks more secure could be the difference between you being breached and remaining safe.
| A kiosk is attractive to attackers because they know the security is not very tight |
Executives who travel are another vulnerability to be considered. The international cybersecurity landscape has grown increasingly dynamic, with threats posed by government authorities (in some countries), terrorists, insurgents, and criminals, requiring travelers to be proactive and vigilant. U.S. citizens, particularly executives of U.S.-based technology companies, must be aware that they are considered high-value targets for nation-state intelligence services and criminally-motivated bad actors.Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption
WiFi and wireless connectivity
There has been a shift from 'thrill hacking,' to an increase of 'hacking as a business' (through credential compromise and ransomware), to an increase in 'hacking for harm' - with the rise of 'nuke ware' and ransomware without a clear financial motivation. Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption. They should also increase the privacy setting on technical devices and disable location identifiers.
Other precautions include creating a new (unlinked) email for internet correspondence and use of temporary (i.e., burner) phones to protect data and contacts. Travelers should also consider purchasing international MyFi devices to decrease the risk of getting Personal Identification Information (PII) or Protected Healthcare Information (PHI) stolen.