In the past month Microsoft has announced that hacking incidents with the Window’s Operating system has been drastically reduced. In the past this was a considered a normality. Due to Microsoft’s monthly to sometimes weekly security updates, system firewalls being turned on by default has allowed the Windows OS to be more secure than ever.
Because of this, IT security threats have become more sophisticated. Along with stricter regulatory mandates by state and federal agencies, the need to be aware of the changing IT security needs is as important as ever. In 2019, these are some things to keep an eye on.
A well-crafted business email and malicious URLs can cause even the wariest user to fall victim. Last year in 2018, USA today reported that online phishing attacks had risen by 297%. Itay Kozuch, director of threat research of IntSights, showed that attackers utilizing Facebook and SnapChat are discovering new avenues to lure in unsuspecting victims.
Usually phishing attacks involve some sort of warning or request for information. If you think the message is real, do not click any link in the email. Instead, go to the site manually. The messages received are nothing like in the past. They continue to grow in sophistication and are being launched highly localized, geo-targeted and personalized.
Managed and Unmanaged Devices
Depending on the business network infrastructure, the network perimeter has vanished. Third-platform technologies such as mobile, cloud, and social media have brought about new avenues of attack by hackers. Instead of having to work their way past highly fortified firewalls malicious attackers can just find a poorly protected or managed endpoint device.
IoT (Internet of Things) devices are some of the most vulnerable with many of the devices setup to be always online with no real security. A lot of these devices use credentials that were never changed. Something as simple as a Raspberry Pie not being properly updated could leave a giant back door open in an otherwise secure network.
2018 had significant jump in risks created from endpoint devices with 64% of organizations suffering from zero-day attacks according to the State of Endpoint Security Risk Report. Endpoint security is succumbing to more attacks than what it’s blocking due to the number of days security patches are taking to be applied.
No matter what an IT manager does, the last line of defense for any agencies network defense is the users. User awareness training is something that must be utilized to help empower users with a greater sense of ownership when it comes to IT security.
Incidents that typically cause security breaches are users logging into unsecure public networks, using work place equipment for personal use, downloading of unapproved software and sharing of credentials. As well falling prey to phishing attacks can compromise the IT security of any agency.
For any business to gain the advantage in 2019, they must build cultures of security governance and constantly monitor user access rights and device permissions for possible irregularities.