From Russian grid hacking to rampant data exposures, this post looks at some common and interesting cybersecurity threats.
Hackers can gain unauthorised access to your IT infrastructure through physically accessing it. How easily could a cleaner secretly place an SD card in your laptop? Do you trust your contractor. How about that guy that came in for interview? There are many ways an intruder could gain physical access to your network without the need for a ninja outfit.
An increasing part of modern working life is working remotely. Where work used to be confined to Monday to Friday 9-5, it is now a 24/7 affair. Employees are accessing work systems from home, on the bus or while having a Starbucks. This means that data can no longer be kept safe behind locked doors. Consider enforcing 2FA on passwords and ensure you have a strict policy on use of weak passwords and working remotely.
Did you ever watch that Snowden movie? Everything you do on social media can be tracked, if you post a status or a photo then a hacker can potentially find your location. Geographical data can be added to social, images, video and apps in the form of metadata. This can be used to inform hackers of your location and routine. How easy is it to lose a confidential usb stick if a hacker knows your routine?
Cross Site Scripting
XSS is a type of vulnerability found in websites or web applications that allow the injection of scripts in the browser url. The following url could be used to obtain confidential information from your database:
This can be prevented through safe web practices such as sanitising input and escaping HTML characters.
Your Email can be used to attack you in many ways. One of the most common is receiving an email that looks legitimate but that actually is from a hacker. I could set up a form on a website that claims to be from your company email address and even with your email signature. If a colleague then downloads an attachment they will be infected by malware.
Poor configuration of server, web or security applications can lead to a false sense of security and complacency. Most organisations have defensive practices in place but this is a continuous process. Having the right technologies in place and properly configured is key to becoming more secure.
One of the most common cybersecurity threats with 181 million attacks in the first 6 months of 2018 and closely related to phishing. This type of attack locks the users computer until a ransom is paid. Schools, hospital and even ports have fallen to ransomware in some of the highest profile cases of 2018.
Defend against cybersecurity threats
A cyber attack can be annoying, expensive and even devastating. One thing that is certain is that it is defendable. Prevention is better than cure so get in touch with your IT team and ask how are we currently defended against XSS or ransomware. They will be happy to talk about how great they are or they will quickly go and investigate.