It is no news that 2018 was plagued with a cyber attack and identity theft which impacted organizations of all types, from small to large, corporates to Governments, around the globe. Every industry was marred with cyber attacks. A cyber attack is a malicious and deliberate endeavor by anyone, either an individual or an organization, to breach someone’s information system. More often than not, the attacker may very well perhaps seek some benefit from interrupting its victim’s network.
In India, over 1.1 billion records were breached last year in the Aadhaar issue where citizen’s personal data including name, number, photo, email id, address were compromised. Anyone could take a printout of anyone’s Aadhaar card by paying a token Rs.300. Another notable cyberattack incident was highlighted on a social media platform, Facebook, where over 2.2billion users were impacted worldwide. As per the World Economic Forum’s 14th edition of “Global Risks Report 2019”, cyber attacks and data fraud were listed in the top five list. The entire world is on the verge of facing massive cyber-attacks and everyone needs to be prepared more than ever before. Constant vigilance, awareness, keeping a tab on technological advances are a key to combat such malicious threats and will help organizations protect sensitive personal and company data.
Human Error
Research has highlighted that the majority of the attacks in the IT sector stems from human error, rather than any malicious intent. Human error has now become a leading cause of cyber attacks. There are times when sensitive documents are sent to unintended recipients, resulting in leakage of sensitive information. Right from hiring employees, organizations and businesses should focus on preparing a training plan for its new employees who are not up to date on cybersecurity basics. Employee education should be a priority which will end up saving millions of dollars in the near future.
Vulnerabilities in the surrounding
The Dark Web is a hacker’s favorite playground and an organization’s battlefield, where hackers can exploit personal information. Certain sensitive information can be retrieved in a lot of ways. With incidents of theft and security issues skyrocketing, organizations are increasingly becoming desensitized. A study suggests that about 90% of security incidents target common software defects. More often than not, a majority of the companies focus on detecting the fraud. The average time is taken to detect one 5-6months, and in the meantime, the damage has already been done. It’s of utmost importance to empower the security experts within the organization, maintain all the software updates in the network users to ensure round the clock protection.
Phishing Attacks
According to a survey, most companies lack essential safeguards against phishing threats on the internet and most of them do not really understand its prevalence and risk of this threat. Since most of the phishing attacks are more about emails, but today’s era is plagued with such threats delivered via social media, pop-ups, plug-ins, ads, chat application, applications, etc. By taking small initiatives and remaining vigilant can help combat such threats. One must always check the URL and the spelling carefully in the email links before clicking on it. Keep an eye for URL directs where one can be sent subtly to an identical website, which will lead to loss of data. It is recommended not to post personal details on social media. The company’s IT department should inspect and analyze the web traffic and block sites which seem ‘fishy’.
Personal Devices at work
With changing times, work culture has changed dramatically. The popularity of Bring Your Own Device (BYOD) culture has further compounded the problem of cyber attacks. Over 80% of employees use their personal device for official purposes. And to combat the threat, iron-clad security should be the priority. Global organizations have experienced data breach due to the mobile security issue, mainly due to an application’s vulnerability. What happens is, employees, access confidential documents from their personal devices which makes it absolutely easy for hackers to have an undue advantage. IT professionals should look beyond the network firewall to raise an alarm when required.
Although it is a challenge to stay ahead of such events, adopting security measures is of utmost importance. Cybersecurity is to be seen as a risk management issue and not merely as a technical issue.