News

Surprising cybersecurity weak points business owners should look out for

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Cybersecurity has taken on new levels of importance facing redoubled cyber attacks. The post-pandemic digital landscape is fraught with threats. In fact, these attacks peaked in December of 2021 with a slew of Log4j exploits. The popular Java-based logging utility is only one surprising cybersecurity weak point that business owners should look out for, however. 

Additionally, flaws in both human cybersecurity measures and protective technology create vulnerabilities for companies. By exploring these weaknesses in-depth, you can create actionable plans to shore up your digital integrity. 

From increasingly ingenious phishing schemes to breakthroughs in offensive AI, digital threats expose the weakness in our IT frameworks and data systems. Identifying these weaknesses is crucial, as 85% of IT professionals pivot toward passwordless technology. What follows are the cybersecurity vulnerabilities you should address as a business owner. 

Phishing, smishing, and human error

Phishing is one of the most nefarious and impactful forms of cyberattack, typically drawing on fraud and social engineering to infiltrate a system. Although business email compromise (BEC) attacks make up a small portion of all cybercrime, the damages can be the most costly. With over $345 million in estimated losses from these attacks, zero-trust email security systems are a must.

Now, phishing has changed to be more subtle and attackers are able to infiltrate in ways most workers might not expect. “Smishing” or phishing with SMS texts is one example of this. Cybercriminals send out disguised texts with links. When employees open them, they are lured to duplicitous sites where personal information can be obtained or rootkits installed. From here, business accounts are subject to hacking, malware, and theft. 

IBM found that human error contributes at least partially to 95% of all data breaches. With more convincing phishing schemes targeting businesses, these instances of human error will only increase. For business owners, embracing zero-trust authorization measures alongside comprehensive security training and practices will be key to mitigating this vulnerability.

Outdated software

After human error, outdated software can be one of your biggest cybersecurity vulnerabilities. Failing to update a system puts you at greater risk of attack because the older a version of unpatched software, the longer attackers have had to determine that version’s vectors and vulnerabilities. Outdated software comes with outdated security credentials. Wherever consumer, financial, or backend data is concerned, the software you use to manage it presents a vulnerability without consistent updates. 

Take the popular Customer Service Management (CMS) software Drupal 7 and 8, for example. Both these modules are losing (or have already lost) support. Yet, many businesses still rely on them to manage customer data. To mitigate weak points, you need data governance plus up-to-date support. This means switching to Drupal 9 or other headless CMS platforms. 

This is just one example, however. Every software tool and data-driven platform you use in the course of business should be kept up to date to prevent problems. Even cryptocurrency wallets and payments systems can pose a larger threat if out of date.

Cryptocurrency infiltration

Cryptocurrencies, their wallets, and their payment systems are often recommended for their elevated levels of security. However, crypto tech is subject to risk of cyber threat just like any connected technology — decentralized or not. For exampe, cybercriminals can compromise trading platforms and steal private information.

This means that businesses that incorporate cryptocurrency in any form must be aware of its weak points and ideal security practices. Wherever third parties exchange information, there’s a chance a hacker could infiltrate the system. That’s why measures like decentralized digital identity (DDID) solutions are emerging as a means of streamlining data ownership. The user creates their unique identity, which comes with private keys that are checked against the authorization process. 

Explore the vulnerabilities of any cryptocurrency practices you implement, then strengthen your approach with comprehensive authorization tools. Artificial intelligence is a means to achieve this — but AI can be a double-edged sword.

Offensive AI

The power of AI to transform cyber defense has not yet reached its limitations — if indeed it has any. However, cybercriminals are utilizing the power of AI to go on the offensive as well. Tapping into an AI’s ability to learn and improve through data modeling, hackers are finding new success when it comes to picking at systems to find vulnerabilities. Emotet is one such example of a prototype offensive AI that brute forces its way through passwords, leading to breaches in the worst-case scenario and lost productivity through lockouts and resets in the best case. 

These smart attacks can impersonate users, hide in the background, and tailor attacks to specific systems. Conflicting endpoints, partial patch management, and disparate legacy systems all increase the opportunity for offensive AI to slip through. However, systems like the Ivanti Neurons platform are also using AI to bridge these security gaps. 

With AI and deep learning, Ivanti and other security providers are developing systems for IT Service Management (ITSM) that protect data through automated configurations, remediation, and zero-trust control. Though only 8% of businesses have adopted defensive AI like this so far, trends in AI-powered cybersecurity are elevating business protections in meaningful ways. That said, AI on its own is only one layer of the multifaceted defense strategies you should employ.

Catching cybersecurity weak spots

Catching cybersecurity vulnerabilities isn’t easy. It requires an expert awareness of phishing schemes, software status, infiltration points, and offensive tools. These weaknesses threaten the integrity of data systems and can lead to devastating damages for businesses. As a business owner, look out for these threats as you develop a more modern and comprehensive approach to digital security.

Charlie Fletcher is a freelance writer covering tech and business.

DataDecisionMakers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read More From DataDecisionMakers

Source: Read Full Article