With the holidays in the rear view mirror and a New Year ready to unfold, it’s time for businesses to shake off the feasts, festivities and the sometimes over-indulgent merriment to focus on the now most pressing task at hand – creating a prosperous New Year. And in today’s digital world, cyber security has a bigger part to play than ever. According to an article published by NBC News earlier this week on December 30th, it looks like hackers are planning to build on their unparalleled 2014 successes too, with their forecast of “5 Threats to Watch in 2015” bearing that out. Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, has been helping businesses of all sizes and stripes face the ever evolving cyber-threat landscape for over 20 years, and to him, “January is absolutely the best time for a business to see where they were, were they are, and where they need to go to get a firm grip on the overall security of their digital assets going forward.”
Put 2014 safely to bed
“The holidays are typically the most unusual time of the year for many businesses, and hackers thrive on chaos and irregularity,” says Caruso. “Employees are talking time off for the holidays, co-workers are taking up some of the slack by doing things they are not typically tasked with, people are doing some work or checking business mail from home, and it all magnifies the potential for a successful cyber attack. Business owners and IT security staff have to take all of it into consideration, especially with mobile devices, cloud computing and remote access so common and accessible today. A personalized spear phishing mail from Aunt Mildred in the guise of a holiday greeting, whose name they gleaned from a social media post the employee made, makes sense so it gets opened, the link gets followed or the attachment gets opened, and now that employee’s home computer is compromised. With spyware now installed on their system and an attacker accessing their data, keylogging passwords they’re using for their at-home-for-the-holidays-access, and even cross-infecting their tablet or smartphone when they get synchronized, the door cracks open for access to the corporate network. So vulnerability assessments and penetration testing to start the year off will ensure the network gets thoroughly scanned so threats can be identified and eradicated quickly and effectively, giving a business a clean slate to start with, without any kind of dangerous hangover from 2014.”
Keep a good start going
“Hackers are a diverse bunch, from lone wolves, to nation-state cyber warriors and organized cybercrime rings. But one thing they all have in common is they are more than willing to let it ride on a winning horse until it quits paying off. So expect the favorites, phishing and spear phishing, RATs (Remote Access Trojans), ramsomware, watering hole attacks and other third-party compromises, to keep getting ridden hard in 2015,” warns Caruso. "But expect them to be even better and harder to spot, backed with better technology, better research, better grammar, and better graphics, not to mention better lists to hunt thanks to the unprecedented breaches of the last year which saw hundreds of millions of valid emails and credentials get compromised. So the commitment every business has to be willing to make if they want to survive and thrive on the digital frontier is a commitment to regularity. Assessments and testing are not a one-and-done propositions, they need to be performed regularly to ensure continued security. Some attackers have access to networks for years before they are discovered, but getting things professionally checked out once a quarter, or even semi-annually on the outside, will help root out intruders, identify malware, improve awareness against the newest threats and solidify an effective emergency response plan should the unthinkable happen. As threats change, businesses have to change, because when it comes to cyber security, the surest way to fail is to stand still.”
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.