Download PDF version Contact company

Cybersecurity involves a variety of risks and vulnerabilities to the enterprise, from distributed denial of service (DDoS) attacks to phishing to USB drives. Companies may also be at risk from use of interactive kiosks, or even from cyberattacks against traveling executives.

Preventing phishing and cyberattacks

The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO

Phishing is a fraudulent attempt to gain sensitive information such as user names, passwords or credit card details by disguising as a trustworthy entity in an electronic communication. These are among the most dominant forms of social engineering attacks.

To avoid phishing attacks, NTT Security has expanded their suite of phishing attack simulation services using special social engineering techniques to check whether senior executives pose a security risk. The 'Management Hack' service is designed for C-level executives, such as CEO, CFO or event CIO. These executives are more likely to have unrestricted access to highly confidential company data, which makes them a valuable target.

Simulated, personalised social engineering attacks are carried out, with the individuals involved unaware they are being targeted. NTT then analyses how executives respond, identities weaknesses, and recommends appropriate measures such as awareness training.

Phishing is a fraudulent attempt to gain sensitive information of users by disguising as a trustworthy entity in an electronic communication
Cybersecurity helps deter phishing and DDoS attacks

ADT Cybersecurity partners with Cofense phishing defense solutions to offer phishing detection and response. Cofense Triage is a phishing-specific automated incident response platform that works as part of ADT Cybersecurity managed services. The system focuses on thwarting phishing attacks before they can cause damage by moving detection of such attacks up the kill chain.

Data breaches caused by cyberattacks on networks are plaguing businesses of all sizes. The median time of compromise to discovery is 80 days, with the average cost of data breach costing organizations $3.62 million.

Managing endpoint security

There is a need for cybersecurity to extend beyond the firewall

Another cybersecurity vulnerability for companies is the unauthorised use of USB ports. There is a need for cybersecurity to extend beyond the firewall, which requires restricting access to a system’s USB ports as a means of managing 'endpoint security.' However, blocking all USB ports can restrict productivity, and employees are not as efficient as they should be.

A solution is the use of more encrypted USB drives to combine the productivity advantages of allowing USB access while protecting the information on the drives. Kingston Technology offers hardware-based encrypted USB drives that uses AES 256-bit encryption in XTS mode to ensure that if anyone finds a USB drive, they cannot access the information.

Illustrating the value of encrypted drives was an incident when a USB drive from Heathrow Airport was found on a London street. It contained confidential information about accessing restricted areas at the airport and security measures used to protect the Queen.

Data security and interactive kiosks

Another possible cybersecurity vulnerability is use of interactive kiosks, which are computer terminals that feature specialised hardware and software that provide access to information and applications. Kiosks are typically placed in high foot-traffic environments such as retail stores, hospitals, banks, hotels, airports, courthouses, libraries and railway stations.

A kiosk is particularly attractive to attackers because they know the security might not be as tight as it should be. Making kiosks more secure could be the difference between you being breached and remaining safe.

Interactive kiosks, which are computer terminals that feature specialised hardware and software, provide access to information
A kiosk is attractive to attackers because they know the security is not very tight

Executives who travel are another vulnerability to be considered. The international cybersecurity landscape has grown increasingly dynamic, with threats posed by government authorities (in some countries), terrorists, insurgents, and criminals, requiring travelers to be proactive and vigilant. U.S. citizens, particularly executives of U.S.-based technology companies, must be aware that they are considered high-value targets for nation-state intelligence services and criminally-motivated bad actors.Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption

WiFi and wireless connectivity

There has been a shift from 'thrill hacking,' to an increase of 'hacking as a business' (through credential compromise and ransomware), to an increase in 'hacking for harm' - with the rise of 'nuke ware' and ransomware without a clear financial motivation. Traveling executives should avoid using public Wi-Fi services—unless they use private VPN service for encryption. They should also increase the privacy setting on technical devices and disable location identifiers.

Other precautions include creating a new (unlinked) email for internet correspondence and use of temporary (i.e., burner) phones to protect data and contacts. Travelers should also consider purchasing international MyFi devices to decrease the risk of getting Personal Identification Information (PII) or Protected Healthcare Information (PHI) stolen.

Download PDF version Download PDF version

Author profile

Larry Anderson Editor, SecurityInformed.com & SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Global regulations of AI: the role and impact on the physical security industry
Global regulations of AI: the role and impact on the physical security industry

The artificial intelligence revolution in physical security has arrived, transforming how we protect people, assets, and infrastructure. From smart buildings that automatically ad...

How does security innovation impact the skillsets operators need?
How does security innovation impact the skillsets operators need?

Technology automates tasks, streamlines processes, and improves efficiency in various fields, including physical security. But the success of today’s latest technologies depe...

How can manufacturers and integrators mitigate the risks of port forwarding?
How can manufacturers and integrators mitigate the risks of port forwarding?

Port forwarding is a networking technique that allows incoming traffic on a specific port number to be redirected to a particular device or application on a local network. Open por...

Quick poll
What's the primary benefit of integrating access control with video surveillance?