Has your credit card ever been hacked? Suddenly there’s a couple of dodgy payments “pending” that you just know is not something you have bought?
Hacking into the payment tokens that are generated for your legitimate purchases is easier than it should be says Pete Bailey, head of cyber security for Theta on Level Three.
The hybrid working environment has helped thieves. Working between the B:HIVE, your favourite local to home café and home has real security challenges. Attackers are out there constantly looking for vulnerabilities.
“Recently people have been trying to find software to make dividing personal life and work life easy,” Pete says. “They have downloaded ‘free’ software to split their hard drive into home and work sections. What they don’t realise that this ‘free’ gift is only free for hackers to get malware in and find passwords via your browsers and folders to get your information and money out.
“Never let your browser, like Chrome, store your passwords. You should use password lockers or managers for security.
Pete has a diverse background in process improvement, training and digital marketing, and has spent the last decade in security, previously running one of New Zealand’s largest information security consultancies.
Pete says there are five main focus areas for companies to prepare for smart cyber-attacks:
1. People – Do your teams know what cyber-attacks look like, and the impacts they can have on your systems? You need to invest in good training for tools, processes, and awareness for your staff. Combine that with having the best filter/alerting tools in place to instantly spot an attack.
2. Hybrid working risk assessments – Your systems and processes should adjust according to new risk factors as they arise with people working on multiple sites. You should conduct a threat assessment – where is your organisation’s greatest security risk? Prevent your staff from taking shortcuts – ensure you understand how they are working and what they need to achieve this. Review constantly.
3. Artificial Intelligence (AI) – AI and machine learning (ML) have grown 28% in the past year and is already being used in several security applications. Users, asset and network profiles are built using these behaviour histories, allowing AI to detect and respond to deviations from established norms. You should specify what level of security your organisation needs – there are systems that specialise in email filtering, threat hunting, detecting bots and bot activity. Invest in the right AI system.
4. Spending – When concluding a budget for cyber security, 10% of your IT budget is considered standard, but for high-risk industries this can go up to 25%. High-risk industries include:
Business/corporate
Healthcare/medical
Banking/credit/financial
Government/military
Education
Energy/utilities
5. Consult & Research -Attack vectors (pathways for attackers to illegally access your environments) and technology change fast. You should do your research and seek the best advice and solutions that are relevant to the current security situation.