Seven existential threats to your organisations cyber defences in 2019

Hackers are getting smarter, meaning that businesses need to get smarter with cyber defences. Jumio's Labhesh Patel outlines seven threats Seven existential threats to your organisations cyber defences in 2019 image

2018 has been a  tumultuous year for data breaches.  Marriott’s data breach affecting 500 million Starwood guests, illustrates the point. Hackers are evolving at a rapid pace and businesses need to begin adapting cyber defences to mitigate risk.

Thanks to a barrage of advertising by LifeLock and Experian, most consumers are painfully aware of identity theft. Unfortunately, for businesses, the list of cyber threats is long, varied, and ultimately isn’t going away in the foreseeable future. With that somber prelude, here are seven threats to cyber defences business owners and their cybersecurity teams need to pay attention to in 2019:

1. The Daily Data Breach. Let’s face it, we don’t even raise an eyebrow anymore when we hear that another business has been breached. Your initial thought may be “I’m glad I’m not on the management or security team for that organisation.” But, those breaches impact your business too. All those breached records end up on the dark web, where other cyber-baddies use that information to assume new identities that can unleash fraud on your organisation. A recent report published by cybersecurity firm Shape Security showed that 80 to 90% of the people that log into a retailer’s e-commerce site are hackers using stolen data.

Data breaches compromised 4.5 billion records in the first half of 2018

According to the latest figures from the Gemalto Breach Level Index, 4.5 billion records were compromised in just the first six months of this year.

2. Insider Attack. Enterprise security teams usually underestimate the risk to cyber defences that an insider poses to the organisation. According to The Ponemon Institute, the average cost of insider threats per year is more than $8 million. High-profile insider attacks such the attacks at Tesla and Coca-Cola are on the rise. Nuance was hit by an insider attack where the patient records of 45,000 individuals were leaked by an insider.

5 steps to protect your business from insider data theft

Most data leaks arise from insiders doing things they shouldn’t.

3. The Manufactured Identity. Synthetic fraud is on the rise and it’s particularly difficult to detect and defend against. It usually starts when the fraudster secures an unused Social Security number — typically that of a minor — and then goes about creating a fictitious identity using various pieces of real and fabricated information, such as a name, birthdate and an address controlled by the thief. The cyber thief can go through a series of steps and tactics (such as “piggybacking” or credit boosting) that can sometimes take months, but end up creating a highly credible manufactured identity that can wreak all kinds of havoc with cyber defences when used to create bank accounts or defraud e-commerce sites.

4. The 97 per cent. Only about 3% of malware tries to exploit an exclusively technical flaw with cyber defences. The other 97 per cent targets users through social engineering. Social engineering is a method of deceiving people into giving you their information or exploiting their weakness, or laziness, to find that information. It is believed to be the most frequently used method to get into a corporation’s network these days. Train your people to understand and recognise social engineering attacks. You can even hire companies to launch a mock phishing attack and see who clicks on the naughty links.

Phishing attacks — can AI help people provide a fix?

AI isn’t quite like having a cyber security expert on your shoulder, but it could be the next best thing, Paul Chapman, co-founder of Cybershield, told us.

5. The Increased Risk of Two-Factor Authentication. The viability of SMS-based two-factor authentication (where a 4- or 6-digit code is sent to your smartphone to help authenticate your identity and grant access to your account) is increasingly being challenged. Firstly, hackers can intercept the SMS messages through malware placed on your smartphone and initiate man-in-the-middle attacks. The technology is also susceptible to SIM swap attacks that enable fraudsters who have access to one other personal piece of information — like your Social Security number — to call your carrier and move your number to a new SIM card. Adding more risky fuel to 2FA’s fire is a recent, massive hack of Voxox’s database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

6. The Death of KBA. What street did you grow up on? What’s your mother’s maiden name? If you’ve ever been asked one of these questions while logging into a website or resetting a password, you’ve been subject to a form of knowledge-based authentication (KBA). KBA is still (inexplicably) one of the most common means of identity verification. Unfortunately, thanks to large scale data breaches and the dark web, most of the answers to those supposed secret questions are now known by fraudsters, making it easy to sidestep this type of authentication — rendering it useless.

7. The Continued Phishing Threat. More than 90 percent of malware is delivered via email so it’s no surprise that email continues to be criminals’ go-to method for distributing malware. According to the most recent statistics from the FBI’s Internet Crime Complaint Center, the most costly form of cybercrime stems from a complex type of fraud known as the “Business Email Compromise” or BEC scam. A typical BEC scam involves phony emails in which the attacker spoofs a message from an executive at a company or a real estate escrow firm and tricks someone into wiring funds to the fraudsters.

Phishing attacks — can AI help people provide a fix?

AI isn’t quite like having a cyber security expert on your shoulder, but it could be the next best thing, Paul Chapman, co-founder of Cybershield, told us.

Despite all these threats, it’s not all doom and gloom. Artificial intelligence is increasingly being used to spot and neutralize some of these emerging threats to consumers’ digital identities. In fact, 30 percent of enterprises with more than 5,000 employees are currently using AI-powered security solutions and this number is expected to grow to more than 60% by 2020. As AI becomes more advanced, large enterprises have begun to use AI-powered security and identity verification solutions to help protect their business from today’s growing cyber threats.

Written by Labhesh Patel, is CTO & Chief Scientist at Jumio

The Women in IT Awards Series is the technology world’s most prominent and influential diversity program. On 28 March 2019, the awards will come to New York for the second time, taking place at the Cipriani on 42nd St. Nominations are now open for these prestigious awards. Click here to nominate yourself, a colleague or peer!

Latest news

divider
Events
Data Leadership Summit: 12 months on – how GDPR influenced business

Data Leadership Summit: 12 months on – how GDPR influenced business

23 May 2019 / Reflecting on the past 12 months in a panel discussion this morning, Neil Currie, head [...]

divider
Digital Transformation
Digital transformation remains impossible without solving the WAN problem

Digital transformation remains impossible without solving the WAN problem

23 May 2019 / For the last few years, digital transformation has become a major rallying cry for organisations [...]

divider
Case Studies
Fitbit: from start-up to global health phenomenon

Fitbit: from start-up to global health phenomenon

22 May 2019 / Fitbit was founded 12 years ago by Eric Friedman, the current CTO and James Park, [...]

divider
Business Skills
AI and machine learning driving skills revolution in business intelligence

AI and machine learning driving skills revolution in business intelligence

22 May 2019 / An explosion in the growth of emerging technologies such as AI and machine learning is [...]

divider
Data Analytics & Data Science
Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

22 May 2019 / We run the “UK’s digital network business” says Jason Teoh, when he spoke to Information [...]

divider
Data Analytics & Data Science
New report highlights issues around productivity in data science and analytics

New report highlights issues around productivity in data science and analytics

22 May 2019 / Tens of millions of data workers face productivity woes as complexity grows in data science [...]

divider
EMEA
Technology could help UK add 140 billion to GDP

Technology could help UK add 140 billion to GDP

22 May 2019 / Technology in the UK could help boost productivity. The Cisco Productivity Index has found that [...]

divider
DevOps
DevOps and SecOps: how to close the gap between them?

DevOps and SecOps: how to close the gap between them?

22 May 2019 / The International Organisation for Standardisation has published an Open Systems Interconnection reference model for the [...]

divider
The City & Wall Street
Torii secures $3.5m from seed round to bolster SaaS management

Torii secures $3.5m from seed round to bolster SaaS management

21 May 2019 / Torii enables organisations to stay on top of their SaaS use by improving visibility and [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest