Cyber News Roundup: Boardrooms Finally Waking Up to Cybersecurity, Mitigating Ransomware, Securing Websites

“Boardrooms have a reputation for not paying much attention to cybersecurity, but it could be that executives are finally keen to take more interest in securing the systems and networks their businesses rely on,” writes ZDNet’s Danny Palmer. In his article, Just in time? Bosses are finally waking up to the cybersecurity threat, Palmer highlights the latest cybersecurity discussions from the National Cyber Security Centre’s (NCSC) Cyber UK conference, including the disconnect between knowing what needs to happen and actually budgeting for and implementing a cybersecurity strategy. “Often the challenge is the culture and the resources; the will to say, ‘This is the thing that we have to do and we’re going to endure the pain to get there,'” says Rob Joyce, director of cybersecurity at the National Security Agency (NSA).

Today’s Cybersecurity Challenges

Analytics Insight’s Madhurjya Chowdhury outlines the latest cybersecurity challenges facing industries:

1. Getting Used to a Remote Workforce. Due to a distributed workplace environment, the quantity and scope of cybersecurity concerns for remote employees grow. Remote workers who use their home networks are more likely to be victims of security vulnerabilities.
2. Emerging 5G Applications. 5G will improve the speed and reactivity of wireless technology, and the new technology has a promising future. Nevertheless, new technologies introduce new dangers that must be addressed, including potential cyber threats.
3. Cryptocurrency and Blockchain Attacks. The blockchain and cryptocurrency industries are rapidly expanding and gaining more attention. Cybersecurity precautions need to be taken to guard against security breaches, identity theft, as well as other potential risks.
4. Internet of Things (IoT) Attacks. While linked gadgets are known for their efficiency and intelligence, they provide more opportunities for cybercriminals to exploit networks. As the world grows more linked, businesses can remain ahead of the game by establishing a sustainable cybersecurity architecture and a specialized IT staff.
5. Phishing Scams. Even though more people are becoming digitally educated, phishing remains a global concern and employee cybersecurity education is critical. Businesses can protect their workers by instituting access control policies, including their remote workforce.

Ransomware Attacks on SMBs on the Rise and How to Mitigate

What makes small to medium-sized businesses (SMBs) a rich target for ransomware? Attackers know that SMBs have smaller business continuity cushions and often lack contingency plans, according to Ori Arbel, chief technology officer for Cyrebro, in his Security Magazine article. Arbel states that ransomware attacks against SMBs have increased 150% in the past two years and were hit with 31,000 daily attacks on average at the end of 2021.

Not only does being offline potentially cause customer frustration and loss of sales, but the costs to SMBs can be significant. The average cost of a cyberattack on a small business is $25,612, according to Arbel.

Jerry Hsieh, senior director, security and compliance at Splashtop offers up why ransomware groups now have their sights set on SMBs:

• They don’t necessarily have internal security support and know-how.
• They often use out-of-date and/or unpatched software.          
• They haven’t considered themselves at risk since most of the attention is on the big, high-profile businesses and organizations.

Hsieh outlines four defensive steps SMBs security leaders can take to  affordably mitigate ransomware risk, in his article in Security Magazine:

1. Establish endpoint security 
2. Train employees 
3. Outsource security services to service providers
4. Encrypt 

Tips for Organizations to Secure Websites from Hacks

The publication AndroidGuys offers up tips for organizations to better secure their websites since hackers can sneak into business systems to steal business information.

• Use the Right Platform. While there are many systems and platforms to build your website. focus on the ones with the best security options. If you are using website builders, look for the most secure website builder that you can find.
• Use SSL Certification. Make use of the SSL certification on your website that uses an encrypted SSL protocol to transfer user information from your website to the database. This ensures that the information is not read in transit and that certain protocols are being implemented to keep the data from being hacked. Using the right HTTPS protocol will ensure that you can protect data from hackers.
• Tighten Up Access Control. The easiest way for a hacker to get into your website system is through a username and password that are predictable and easy to guess. When you tighten up the access control of your website, you ensure that hackers have a tough time breaking into your website.
• Keep Your Platform Software Updated. If you are using platforms like WordPress, keep your version updated for the highest level of protection. If you have firewalls and other third-party security systems, update those as well to ensure that your website is secured against the latest malware and spyware threats.
• Avoid File Upload Options. Avoid allowing users to upload files. This way you can ensure that no files are being uploaded to your system and you can keep track of the existing files that you have on your website system.
• Use Web S ecurity Tools. Today, there are many additional tools you can add to your website that can analyze and monitor the health of your website. This will help with tracking and ensuring your website is free from spyware, malware, and viruses.

Cyber Oregon sponsor blog post of interest: McAfee: WFH Unprotected: How Organizations Can Keep their Employees and Their Business Safer