As the way we use connected technologies evolves, the threats facing our personal data evolve, too. In 2018, connected device users at home and in the workplace face threats that are becoming more sophisticated, as cybercriminals turn their focus away from big tickets like banks, intellectual property, and huge corporations and focus more on individual users. New developments in cybercrime could see these criminals get more organized, to attack supply chains, exploit security issues in the Internet of Things (IoT)-enabled devices, and even sell their tools and services to less skilled, aspiring criminals.
Crime Syndicates Changing the Cybercrime Landscape
You’ve heard of Software-as-a-service (SaaS). Well, now it’s time for Crime-as-a-Service (CaaS). Last year, CaaS providers proliferated, setting the stage to build huge cybercrime syndicates on a par with the organized crime syndicates of the Mafia era. These organizations have hundreds of employees and intricate hierarchies, just like legitimate large corporations. They also form partnerships with one another and collaborate to bring new illegal products, seek new markets, and peddle their illicit wares globally.
So, what is CaaS? These organizations put together technologically advanced toolkits, service packages, and other products they can then sell to less-experienced or less-tech-savvy criminals. This means would-be cybercriminals no longer need advanced tech skills in order to execute phishing scams, spoof phone numbers, cripple a business with a distributed denial-of-service (DDoS) attack or release customized malware.
How can you protect yourself from cybercriminals who may purchase service packages or toolkits from CaaS organizations? Since the threats vary from malware to phishing scams and more, the best way to protect yourself is to take a multi-faceted approach to Internet security. Assume you’ll face malware, a DDoS attack, phishing scams, phone scams, and software exploits at some point. Buy the best internet protection your company can afford. Educate your employees on cybersecurity best practices, and reinforce that knowledge with regular, updated training sessions. Establish clear and rigid policies against giving out private information on the phone. Take steps to protect your company’s most valuable and sensitive information from criminals and insider threats.
IoT Devices More Vulnerable Than You May Know
From Amazon delivery drones to robot vacuums to smart home devices and security cameras that upload footage directly to the cloud, IoT-enabled devices are revolutionizing the way we do business. But these devices may be vulnerable to cyberattacks.
That’s because connected devices often aren’t protected by anti-malware apps, and often they don’t receive the same rigorous schedule of software updates that PCs, tablets, and even smartphones do. If your business uses smartphones, tablets, POS terminals, smart TVs, or connected security cameras, these devices could be leaving the door wide open for criminals to collect sensitive data of every stripe.
One way you can protect yourself is to limit who has access to these devices, and what’s done with the devices. If your POS terminal is a computer with access to the internet, don’t let employees surf Facebook or answer personal emails on that terminal — in fact, don’t let them do anything except conduct transactions. Implement different levels of access for different levels of users, if you can. Just as you might want to give your kids the ability to get online while blocking pornographic websites, you may want to give your employees access to some company info, but not all of it.
Criminals Could Attack the Supply Chain
When you share sensitive information with suppliers, you lose control of it, and that could leave you vulnerable to attackers who strike the supply chain. You can’t really know where your information is going or what’s happening to it at every stage of the supply chain. And, to some extent, you have to trust that suppliers will practice best security practices and, furthermore, that you’ll get lucky enough not to face a supply chain attack.
That’s exactly why you should assume that your business will face cyber threats at some point. By locking down your data within your organization, training your employees on best practices, and using anti-malware apps and other internet protection, you can be ready when cybercriminals come calling. You may not be able to stop cyberattacks, but by taking steps to protect yourself, you can thwart criminals and minimize the damage to your company.