As Cyber Smart Week wraps up, Palo Alto Networks is highlighting some of key factors that introduce risk into an organisation.
The company says that to gain maximum benefit from IoT, augmented and virtual reality, users need to understand the risks and protect themselves.
According to Palo Alto Networks regional vice president A/NZ Ian Raper, the first step is to enlist people in the fight against cybercrime.
“Many breaches occur because of human factors, including mistakes and malicious action. People don’t usually want to harm the business they work for but it is human nature to make mistakes, or to misunderstand the level of risk. Businesses need to educate employees and ensure they’re taking simple steps to stay cyber safe.”
According to Palo Alto, the four risk factors in an organisation are a remote workforce; malware; phishing and credential theft; and human error.
1. Remote workforce
With more employees working remotely, there is an increased risk of attack because, in many cases, an employee’s home network is nowhere near as secure as the corporate network. This vulnerability can be particularly lucrative if the employee accesses sensitive or commercially-valuable information remotely.
So businesses must:
In 2015/16 global information security providers reported they were identifying new malware variants of a rate of more than 200,000 new samples every day. The form of malware most commonly reported is ransomware.
To stay ahead of cybercriminals, it is important to analyse malware more effectively. This includes implementing multiple analysis methodologies, in the right order, to give security teams a higher probability of preventing malware from penetrating the network.
When implemented in series, malware analysis lets security teams handle most threats automatically, freeing up team resources to actively hunt more advanced threats.
3. Phishing and credential theft
Stealing people’s passwords and credentials is easy and fast, making it one of the most prevalent tools for attacks against businesses and individuals. By disguising malicious intent in seemingly-legitimate emails, cybercriminals can obtain the credentials they need to infiltrate a network. After that, they can move around inside the network at will to either sabotage it or steal information.
There are three key components to blocking phishing attacks:
4. Human error
People will always be the weakest link in the cybersecurity chain but it is possible to reduce the risk of error. This includes:
“Businesses need to focus on ways to prevent a successful cyberattack. By strengthening their employees’ awareness of and commitment to cybersecurity, businesses can dramatically reduce the chances of a breach occurring at all,” Raper concludes.