MicroNet Systems Integrations

Top Cyber Threats of 2019

Top Cyber Threats of 2019

We can plan and pay in order to stop the threat of a cyber attack, but the threat continues to evolve and hits when you least expect it.  

Here are the biggest cyber security threats out there:

  1. People

Anyone who has access to your network or IT system can be a threat.  A cyber attack or data breach can happen due to human error or a lack of security awareness. Employees (and former employees) can be key threats for reasons such as selling stolen data for a profit or committing a cyber attack in revenge.  People who work for vendors can also pose a potential risk for many reasons, particularly being a disgruntled employee.

Solutions include installing firewalls and antivirus, in-house or third-party cyber security experts.  Also, limit employee access to systems that have sensitive information.

  1. Malware

Malware is a dangerous threat. It can be sent in different ways and can come in many different styles. 

Types of Malware

In July 2019, The Center for Internet Security reported the top 10 malware threats:

  1. Emotet
  2. Kovter
  3. ZeuS
  4. NanoCore
  5. Cerber
  6. Gh0st
  7. CoinMiner
  8. Trickbot
  9. WannaCry
  10. Xtrat

Preventing these can be done with antivirus, anti-malware, email spam filters, and endpoint security measures.  Make sure all security updates and patches are up to date. Utilize employee training and limit user access and application privileges.  

  1. Phishing Attacks

Phishing impacts everyone from the small business to the Fortune 500.  In short, phishing is a fraudulent attempt to obtain sensitive information from someone.  

Solutions:

  1. Cyber security awareness training for employees. 
  2. Emphasize the importance of phishing reporting. 
  3. Run random phishing simulations. 
  4. Push HTTPS on your website to create secure, encrypted connections. 
  5. Come up with access management policies. 
  6. Safe email and spam filters. 
  7. Two-factor authentication. 
  8. Email encryption and email signing certificates.

 

  1. Formjacking 

This cyber security threat involves someone taking over forms on websites by exploiting their security weaknesses. It was on the rise in 2018.  Cybercriminals will use lines of malicious JavaScript code on the checkout page forms of business websites to steal customers’ personal information, including their credit card numbers.

  1. Bad Patch Management 

A patch is meant to cover a hole. Patches are offered by manufacturers all the time to address vulnerabilities in their operating systems, software, and other technologies. They’re essential, yet, patching often gets overlooked.

  1. Outdated Hardware & Software

Keeping your hardware and system up to date is key to the success of you or your university’s security.  When using older technologies, it puts you, your business and your customers at risk.  

An easy solution?  As soon as a manufacturer releases an update or a patch, don’t wait.  Apply it as soon as you can.

  1. Internet of Things

IoT or Internet of Things technologies connect and network devices across the globe.  Smart thermostats, video conferences, and smart vending machines are all examples of IoT.  It’s becoming more popular. They make homes and workplaces more intelligent with sensors, software, devices, and networks.  All that convenience can make it vulnerable. IoT securities are among the biggest cyber security threats. In 2018, OWASP (the Open Web Application Security Project) listed the top 10 vulnerabilities.

  1. Weak, Guessable, or Hard-Coded Passwords
  2. Insecure Network Services
  3. Insecure Ecosystem Interfaces
  4. Lack of Secure Update Mechanisms
  5. Use of Insecure or Outdated Components
  6. Insufficient Privacy Protection
  7. Insecure Data Transfer and Storage
  8. Lack of Device Management
  9. Insecure Default Settings
  10. Lack of Physical Hardening

 

  1. Man-In-The-Middle Attacks

Man-in-the-middle (MitM) attacks, otherwise known as eavesdropping attacks, happen when an attacker puts themselves into two-party transactions. An example can be, if you’re having a conversation over the phone with your bank and a third party taps into your phone line, obtains your personal information and gains access to your bank accounts.  It’s done by setting up fake public Wi-Fi networks or installing malware on victims’ computer or networks. It doesn’t matter how it’s done. The overall goal is the same: Gaining access to your business or customer information.

Ways to avoid these attacks:

  1. SSL/TLS encryption protocols
  2. Make sure employees don’t use public Wi-Fi connections
  3. Use virtual private networks (VPNs) on public Wi-Fi instead

 

  1. Poor Digital Certificate 

Expired SSL certificates. Certificate expiries can happen to any website or business. It’s happened to well known and widely used websites and even to dozens of U.S. government websites.

Managing SSL certificates and their corresponding keys manually shouldn’t be a problem. But when you’re managing anywhere from hundreds to hundreds of thousands of certificates and key, it can be virtually impossible to keep up. A PKI certificate management tool can be a lifesaver. An example is Sectigo Certificate Manager (formerly Comodo CA Certificate Manager). It helps you alleviate certificate expiry issues by automating rapid certificate renewals, installations, and revocations. In short, it could make it easier for you to manage.

For peace of mind 365 days a year, take advantage of our Managed Services Plan for just $1.33 per day. We’ll protect you from the keyboard criminals trying to hack into your business network every single day.