Cybersecurity has been identified as the dominant trend shaping the physical security industry. Last year saw a record high number of digital security incidents. There are also new ways of attacking and phishing, some of which are really sophisticated.
The most serious and common type of threats noted was phishing , i.e. sending specially constructed messages by criminals, e.g. via company e-mail, SMS or one of the messengers, intended to persuade the user to, for example, enter key data, open a dangerous attachment or click on a special a crafted link that installs malware.
There are more and more attempts to extort data or money on the Internet, often using professionally prepared fake payment gateways, often in combination with credible-looking e-mails or text messages, informing, for example, about the need to pay a small fee. The number of data frauds through fake websites pretending to be online stores is also growing.
More Focus towards Employee Education
As in the case of ransomware, criminals are more and more willing to change the methods they use, including the so-called phishing – consciously choosing and thoroughly knowing the targets of your attacks. That is why the techniques of impersonating another organization or institution by criminals are becoming more and more sophisticated and refined. As a result, their reach is much smaller, but it is compensated by higher efficiency in defrauding employees of a specific company or market sector.
All phishing attacks share the use of social engineering, so it is worth emphasizing once again that defending against them is largely not based on the use of appropriate software, but on employee education.
Corporate security systems can be cumbersome – hence attempts to circumvent them. Digital tools officially used in the company may also have their limitations – hence the Shadow IT phenomenon. But we must also remember another general reason why employees of many companies ignore various types of digital dangers. They are simply not aware of the level of threats and, at the same time, the scale of negative consequences to which they expose the company.
Use of Shadow IT
Shadow IT is a phenomenon closely related to how employees circumvent the corporate security system. This is how situations where employees prefer to perform the tasks entrusted to them using their own applications or technological solutions are defined. And also own devices, including smartphones, which may be worrying, for example in the light of information from Check Point Research.
If it is impossible to fight it by introducing even more restrictive safety rules – because the effect will be counterproductive – then maybe it is better to use it? This solution, while it seems a bit crazy and more complicated, actually has at least a few very important advantages.
The first benefit is obvious – allowing a certain amount of freedom within Shadow IT is risky, but it also creates opportunities for controlling this phenomenon in the company.
Forcibly securing will fail
People who care about cybersecurity in the company are constantly training – or at least they should – in the field of attack techniques used by criminals and methods of adequate defence. It is similar to a series of duels between two masters of fencing, focused solely on constantly developing new types of strikes and counter strikes.
In terms of cybersecurity issues, such attention to “irrelevant trifles” may be putting IT specialists into the role of ordinary employees of the company. An attempt to look at security issues from their point of view. And then you will see:
- slower operation of computers, tablets and smartphones;
- difficult access to files or necessary data;
- complex and time-consuming identity verification systems;
- complex, incomprehensible system of different levels of access to data;
- problems with printing, copying, transferring to external media or sending certain documents;
- tiresome restrictions when working remotely.
If any of these issues also apply to employees in our company, then we have a problem. Too much concern for the company’s cybersecurity can – paradoxically – reduce it.
New cyber threats and new hope
In addition to the “classics”, such as data theft or attacks using the ransomware techniques, specialists dealing with corporate cybersecurity must take into account new, more modern threats. These include the already mentioned Shadow IT phenomena, but also covert use of infected computers to “mine” cryptocurrencies and manipulations using deepfake technology. The latter, often referred to as vishing (voice+phishing), involve replacing the voice and even the appearance of high-ranking company employees.
Artificial intelligence may be a remedy for all cyber problems. The market for AI-based solutions used to provide companies with digital security is growing extremely dynamically.