Mar 06 2019

Cybercrime is big business, and your organization needs to stay ahead of the criminals and hackers who want to steal and sell your sensitive information. Migrating to the cloud can eliminate some cybersecurity issues, but it’s still wise to understand other threats and how you can deal with them.

 

Lack of Proper Authentication and Authorization

Weak logins and passwords are still one of the most common attack vectors for a hacker to get access to your computer systems and business information. Single-factor authentication like a login and password is very easy to compromise and exploit.

Reduce this threat by:

  • Introducing two-factor or multifactor authentication like a one time password, security card, token, or biometric identification.
  • Changing passwords on a regular basis and ensuring a minimum level of complexity.
  • Insisting employees use different passwords for each service and providing password management software.

 

Social Engineering and Phishing Attempts

Social engineering manipulates employees and others by getting them to trust that a bad actor is actually an authorized party who they can share information with. These criminals then use stolen logins, passwords, and credentials to access systems by impersonating an employee.

Reduce this threat by:

  • Implementing additional authentication as described above.
  • Training employees to recognize potential phishing and social engineering scams.
  • Using smart security algorithms to request additional authentication if a login is from an unrecognized location, schedule, or source.

 

Exploitation of Security Vulnerabilities

Despite a vendor or developer’s best efforts, software often contains unintended vulnerabilities. These flaws can be exploited by hackers who use “zero day” and other vulnerabilities to exploit applications.

Reduce this threat by:

  • Implementing a vulnerability scanning tool to identify and report on potential security flaws.
  • Employing a penetration testing team that can probe your network for potential gaps so you can remove them.
  • Introducing a rapid, repeatable, and reliable patching and maintenance process to keep software and environments updated.

 

Malware Installation

Malware comes in many forms including viruses, worms, trojans, and ransomware. It is often unwittingly installed by an employee who runs an executable file which then spreads across your network, infecting and compromising other iT resources.

Reduce this threat by:

  • Forbidding program installation or execution from unknown files.
  • Limiting employees to only installing or opening proven, verified programs and software.
  • Training employees on how to recognize, report, and contain potential malware.
  • Implementing robust antivirus and other malware protection programs.
  • Regularly backing up your business-critical data to allow for recovery after a malware attack.

 

There are plenty of vendor-specific and third-party security tools for cloud-based IT infrastructure and applications. We can help you assess your main cybersecurity threats and advise you on the best technology and approaches to minimize the risk to your business, data, software, and applications.