Security Threats

MGT510

Security Threats

        Security threats are on the rise and are going to continue to be an issue as technology continues to advance.  Both large and small businesses continue to be targeted for such attacks.  Small businesses think they are less vulnerable to attacks but because of this, they are often attacked frequently.  The attackers learn as much as possible.  By doing so, they gather enough information to view our screen, track our keystrokes, and even turn on our computers.  This all leads to successful attacks.  Targeted attacks were up by 42% in 2012 with 604,826 people having their identities exposes.  Targeted attacks happen through advanced persistent threats, social engineering and indirect attacks, and watering hole attacks.   Attackers continue to adapt and become more innovative against security, so it’s important that businesses remain innovative with their attempts to stop hackers.  

        Web-Attack Toolkits are being created to make it easier to attacks computer because people can buy these and use them.  The most common toolkit is the Blackhole.  As businesses continue to develop new technologies to fight against cyber attacks, these toolkits continue to innovate to find ways to attack.  Attacks have also moved to social media.  Attackers gain access to private information when people do things like sign up for a “free” gift card on Facebook or use fake websites to trick people into giving confidential information like passwords and private items.  

        There are many items that are critical when managing innovation and technology.  They are:

• “Use a full range of protection technology” – This basically means do not have just an antivirus software.  Protect your network and identify behaviors that might be jeopardizing the safety of your information and network to ensure you don’t continue them.  
• “Protect Your Public-facing Websites” - This essentially means protecting all visitors than come across your website.  A company can protect against this by updating their system frequently and scanning their system to identify problems before they happen.  Only let a select group of administrators have access to these servers.
• “Protect Code-signing Certificates” – This means that you need to physical safeguard your assets and technology.  Use cryptographic hardware security modules and security on servers to protect against the loss of any important data.
• “Be Aggressive on Your Software Updating and Review Your Patching Process” – This means constantly update your security system and hardware with patches to protect against these attack.  The attacks can happen from outdated web browsers, apps, etc.  While it can be a nuisance asking you to constantly update these items, it’s very important to safeguard your information and protect against attacks.
• “Think before you click” – This means being smart about what you click on.  If it sounds to good to be true, it probably is.  A company offering a $100 gift card to give you personal information is one of those items that it is too good to be true.  Approach technology with a bit of skepticism when it comes to things like this.  

One of the biggest cyber attacks that will need addressed in the future will be on cloud providers.  I think about my profession and how many of our clients are moving to cloud based accounting systems.  That means they are now storing all their confidential information about their business in the “cloud,” rather than on the desktop server.  Another major threat that is going to happen is mobile devices will be attacked.  It seemed like for a while, everyone I knew had their computers getting viruses and it’s only a matter of time before mobile devices are being heavily attacked.  Social media will also continue to be a major target for attacks.  With the vast age group on social media and the vulnerability of many people, it’s easy to convince these people to do what they shouldn’t to complete a successful attack.   These are all attacks that are going to need addressed in the coming years.