Technology adoption creates greater cyber risk

Technology makes life easier and more efficient. But as our reliance grows, so does cyber risk. Understanding and controlling this risk is vital, as is understanding that as our technologies and behaviours develop, the criminals evolve to take advantage. Failure to identify new threats could be catastrophic.

This article will explore how technology is attacked, why today’s cyber solutions might not provide protection tomorrow, and how to keep one step ahead of the bad guys.

How does the adoption of technology increase vulnerability?

Your devices

As we use more technology, we increase our attack surface area. With remote working, bring your own device, remote desktop policy, and mobile phones, we’re no longer safely tucked in behind the office firewall. Cyber criminals are exploiting this increased opportunity to take over your device with techniques like malware, phishing, spyware and even calling you up (vishing).

The Cloud

With the progressive shift towards cloud-based services, data is stored and accessible all over the place. Between SharePoint, OneDrive, Dropbox, email, hosted servers, business management systems and operational technology, the cloud facilitates a huge part of your operations.

There’s a common misconception that working in the cloud makes you safer. This is false. It just means your risk is different. The rush to move data and applications to the cloud means there are multiple front doors which all need to be protected. The increase in digital technology means more access to more data and systems via more routes. Strong authentication and data loss prevention policies become increasingly important.

Automation

Arguably the best thing about modern technology is that so much is automatically done for us, so we don’t have to worry about it. We expect our mobile phones to automatically update, we assume our antivirus is scanning in the background and you might also expect that you would get an alert if someone else logged into your email account. It’s brilliant when it works, but, when these systems are infiltrated, poor configuration means it can (depending on the type of attack) be months before businesses become aware of it. It’s important not to become solely reliant on the automations in place – humans are still needed. Humans can understand the risk associated with the tech and configure alerts to those who need to verify suspicious activities.

Today’s cyber solutions won’t last forever

Cybercrime is worth billions – by 2025 the global cybercrime industry will be worth an estimated $10.5 trillion annually. As businesses try to protect themselves from attack, criminals create new sophisticated techniques to bypass security.

Two common types of attack for businesses are email account takeover (EAT) and ransomware.

With EAT, criminals can access highly confidential information, or divert payments to faked accounts. Multi-factor authentication (MFA) is a vital control against this attack, but it is already being successfully circumvented by the criminals. Their phishing attacks take you to a login page via the criminal’s website which enables them to capture the MFA code as well as your credentials and you have literally logged them into your account.

In a ransomware attack the criminals make your systems unusable unless you pay for a code to unlock them. IT and operational technology can be paralysed, literally bringing your entire business to a standstill. Investment in good backup services is a control against this. But criminals now also steal your business secrets and other confidential data as well as locking it, then threaten to sell it in marketplaces on the dark web unless you pay up. A backup won’t help you here. Ransomware is growing faster than ever.

How to stay one step ahead

In summary, your cybersecurity strategy needs to have layers. The criminals can peel back or work around a layer or two, but the more layers in place, the harder it becomes. Train your staff, add another layer of authentication to every cloud-based account and configure system security alerts, to name just 3 layers. Operate a zero-trust policy, remove unnecessary privileges, and reduce document access where possible.

Our reliance on technology isn’t going away anytime soon and neither are the criminals. Preventing this risk needs some investment.

If you need any help with your cyber risk management, please email bionow@mitigogroup.com or call 0161 833 3623.