Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises.
Related: Deploying employees as human sensors
Recent research from our team revealed that while consumers are being exposed to these kinds of attacks (31 percent of respondents reported they received these types of messages multiple times a day), they continue to disregard cyber safety guidelines.
This neglect is not only a threat to personal data, but also a threat to corporate security. As we continue to live a majority of our lives online, there are many ways that both consumers and enterprises can better protect themselves against hackers.
According to our survey, the majority of consumers (77 percent) are confident they can identify, and report suspected malicious cyber activity despite general apathy toward proactively securing their devices and personal data.
This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). When it comes to protecting themselves and their devices, few are practicing the basics:
oOnly 21 percent use email security software
oOnly 33 percent consistently use two-factor authentication (2FA)
oOnly 28 percent don’t use repeated passwordsoOnly 20 percent use a password manager
The gap between confidence in oneself when it comes to cybersecurity hygiene and actual implementation of protection against cybersecurity threats leaves much room for bad actors to execute successful malware and ransomware attacks.
The hybrid workforce is here to stay, along with the blurring of work and home. Most people have work email, files, messages and more on personal devices, and use corporate devices to shop or stream content (our research says 56 percent of consumers engage in personal activity on a work device). This, combined with expanding attack surfaces due to the infinite number of networks being used by employees, has created the perfect storm.
Bad actors today enact Highly Evasive Adaptive Threat (HEAT) attacks with more frequency and success. Enterprises are scrambling to find better and more effective ways to secure their data and decrease the number of breaches occurring.
But since many employees are apathetic toward implementing security practices and prevention methods, it becomes a more and more daunting task for cyber professionals.
While cyber experts cannot save everyone from ransomware or other forms of threats, there are plenty of preventative ways for both consumers and enterprises to try and stop attacks before they occur.
Both consumers and enterprises can better protect themselves by:
oUsing strong passwords (random combinations of letters and numbers are best) and storing them securely in a password manager
oNot using repeated passwords
oReporting suspicious communications
oInstalling security software and ensuring all your devices are running the latest software
oBacking up = files to a cloud or offline location regularly
oNot responding to, clicking on links or opening/downloading attachments from any number or email you don’t know (we promise your CEO isn’t really texting you about how your bonus will be paid via gift card you can download by clicking on that weird looking link)
What needs to get done
For corporations, additional steps that should be taken include:
oHaving cloud security that spans web and email to prevent ransomware and other attacks
oSetting up systems to require 2FA for all employees
oEnsuring employees review security protocols as part of training and development
oEnforcing strong password requirements for email and other applications
Bad actors are not going away anytime soon, and we can predict that in 2023, we’ll see even more threats and attacks than in years past. Still, there are many ways that consumers and enterprises can protect their data and educate one another on the very real threat that these invisible enemies are. The more awareness raised about cybercrime and malicious activity, the more we can do to try and prevent attacks from occurring before it’s too late.
About the essayist: Mark Guntrip is senior director of cybersecurity strategy at Menlo Security, a Mountain View, Calif.-based web security vendor that provides secure, cloud-based internet isolation.
Source: Read More