Month: March 2023

Is the increasing number of cyber security breaches worrying you and making you lose your good night’s sleep? You’re not alone.  The fact is that cyber security breaches are on the rise and as organisations upgrade their cyber security measure, the hackers are using more sophisticated tools and strategies as well including AI. This means that in addition to implementing strict cyber security policies, you need to also take proactive measures to mitigate risks. In this article, we’re sharing the best ways how you can protect yourself and your business.

Top 11 ways to minimise cyber threats

1.   Encrypt your data and create backups. By encrypting your sensitive data you mitigate the risk of hackers accessing your valuable information because only those with permission can read it. Always back up your data so your operations aren’t affected in case of an attack or data breach. The 3-2-1 rule is ideal for ensuring you don’t lose your valuable data. What is the 3-2-1 rule? Ensure you have 3 copies of your data. Store two of them in different media and one in an offsite location that is safe.

2 .  Conduct regular staff training. According to statistics over 3,4 million phishing emails are sent globally. The links included in these emails grant access to hackers to user data that includes also login credentials. Training your staff to recognise this type of email is essential for your cyber security. Professional hackers are able to impersonate a leader of an organisation in order to gain access to sensitive information like personal details. Training your staff to check the email addresses as well as links before opening is vital for your company’s security.

3.  Keep your systems and software updated. Regular updates on your systems and software play important role in your cyber security. Updates not only add new features but also fix bugs that can pose a threat to your cyber security. Hackers exploit the vulnerabilities in software and systems by writing malicious code that affects your whole system. Using patch management system to manage all updates automatically and uphold information security helps you keep your operations running safely and effectively.

4.  Use strong passwords. Did you know that over 80% of data breaches are the result of weak passwords? Hackers need a small gap to gain access to your systems. More complex passwords combined with multifactor authentication strategies are needed to protect you from cyber-attacks. Passwords shouldn’t be shared among employees to minimize the risk of having multiple desktops hacked instead of one.  Keeping your passwords stored in an encrypted format is important.

5.  Assess and monitor your vendors. You should always onboard vendors using the correct strategies and monitor them throughout your relationship. Remember to also ascertain that your vendor will not impact your compliance with regulations, agreements and local legislation. You also need to ensure that your vendor doesn’t disrupt your operation. Finally, ensure that your vendor will not impact your ability to meet your organizational objectives.

6. Reduce your attack surface. First of all, you need to be aware of the fact that there are 3 main types of attack surfaces. The first one is the physical attack surface which includes organisational assets that a hacker can gain access to if he has physical access to your premises. The second one is the digital attack surface. These are assets that are accessible through the internet and live outside the firewall.  Your corporate servers, operating systems, forgotten website and roque assets like apps that impersonate your company.  The third attack surface is the social engineering attack surface. This surface exploits human psychology and manipulates your staff into divulging sensitive information. To mitigate your risks, you need to conduct an attack surface analysis to determine your threat landscape.

7. Pay close attention to physical security. It’s not enough that you make risk assessments and security policies for digital assets. Imagine if someone broke into your premises and stole your data. Perform thorough risk assessments.

8.  Put a Killswitch in place. Most cyber criminals don’t bother to cover their tracks, so have your IT department analyse all your security logs frequently and audit cyber security framework audits to ensure everything is always running smoothly. But, what does Killswitch have to do with your security? A killswitch is a form of protection where your IT security team shuts down all systems immediately when a threat is noticed until the issue is resolved.  This is to prevent large-scale attacks from succeeding.

Did you know that around 94% of organizations suffered from a cyber security breach that came from the inside instead of outside? Be sure to screen your new staff and existing staff to ensure that they don’t pose a threat to your company. However, most malicious firewall and malware attacks are the results of human error. Emphasise the importance of safeguarding sensitive information and taking appropriate measures to keep data safe at all times. Negligence is the most common form of cyber security threat for any organization.

9.  Install firewalls. Having a firewall is vital for your cyber security. However, it’s not enough that you have a basic one installed. When choosing a firewall, ensure that you have full security control and visibility of your application and networks. It should also have protection and prevention capabilities as well as a streamlined security infrastructure to be effective.

10. Create a secure cybersecurity policy for your company. Your cybersecurity policy should include disaster recovery, access control and management, security testing, an incident response plan and a clause related to data mishandling and the legal steps that are to be followed if there is mishandling of data or other form of negligence.

11. Update the board at least quarterly on cyber security policy and changes. Your board of directors need to be updated regularly on the cyber security policy and any changes. Cooperation and sharing important information are vital in keeping your company safe.

Contact our IT security team

If you don’t have an in-house IT consultant or department, it is advisable to outsource this to a provider who can offer you all the services and support you need to stay safe. Data breaches and other cyber attacks can cause you not only financial loss but also harm your reputation in the long run.

We all want to ensure that our data is safe at all times. However, the current geopolitical situation and also economic crisis are contributing to an increase in cybercrime. According to gov.uk 39% of UK businesses identified an attack in 2022, the most common threat vector was phishing attempts (83%). Of the 39%, 21% identified a more sophisticated attack type like denial of access, data deletion or data corruption.

Statista interviewed businesses on the frequency of attacks and  21% had recorded an attack once, 27% were attacked less than once a month, 18% fell victim once a month where 15% experienced an attack once a week, 8% once or several times a day and 3% didn’t know if they had been attacked.

Now, these numbers may not tell you much but the latest update by IT governance show that 2023 is seeing a rise in different types of attacks.  In January alone there were 277 million data breaches and cyber-attacks, by March the number was around 300 million data breaches and cyber attacks in total this year.

How does this affect you?

Data breaches and cyber attacks can be devastating for any business. When a data breach happens you lose invaluable data that can put not only you and your staff at risk but also your customers. Another scenario is that the hackers leak the data or sell it forward which results in compromising your operations and your customers’ security. Both scenarios result often in financial loss and damage to brand and customer relationships.

The impact of cyber attacks on your business varies from halting operations to denying access to programs, email or even computers. According to Statista, 70% didn’t require any recovery time at all after a cyber attack. However, 8% recorded disruption of less than a week and 1% recorded a recovery time of over a month.

The increasing volume of data breaches and cyber attacks indicates that cybercriminals are forming new cartels constantly and combining their skills to perform more sophisticated and disruptive attacks. Ransomware and phishing are the most common types of cyber attacks. With ransomware, the criminals aim to force the victim to pay them to get the data back that is corrupted or deleted. Phishing attacks on the other hand are emails and messages with malicious payloads through a link that then releases a virus to your computer or takes control.

The new concern by cyber security providers is also that AI is being used to generate legit-sounding phishing emails with a malicious payload. Criminals without advanced coding skills can generate these emails if they manage to bypass the filter of ChatGPT. 

What can you do to protect yourself?

Where a decade ago it may have been enough to have a functioning firewall and spyware installed on your computer, today these are not enough. If you want to mitigate the risk of data breaches and cyber attacks, you need to ensure that you audit your data protection and cyber security strategy quarterly. You also want to have a regular risk assessment performed to find the weaknesses so you can mitigate risks. Keep your board of directors updated quarterly on cyber security measures and policies. Remember, access controls are vital for your business, you don’t want to give access to outsiders by accident. Training your staff is also important because they perform multiple tasks daily with computers. When your staff knows how to ensure safe working, they will perform better. If you don’t have an in-house IT department or consultant, you may want to consider outsourcing IT services to a reliable IT service provider that provides all the essential support you need from audit to integrations and migration to cyber security.

Chatbots are something we run into daily. They provide initial assistance and are often the first ones to
engage with us when visiting a website. However, whether they are new extensions to our team, or a
serious security threat is a continuous debate. In November 2022 Open AI introduced the most
developed chatbot called ChatGPT, an AI chatbot capable of having more advanced and natural
conversations and answering questions in more detail than basic chatbots.

ChatGPT sounds like a great solution for improving customer experience, right? With its over 175 billion
parameters language model, conversational design that is also multitasking, contextual and personalized
by training on specific datasets it sounds like the perfect customer support, especially with the open
source that enables developers to modify it to suit specific needs. However, not everyone is excited
about the new assistant. Many IT service providers and especially cyber security specialists aren’t very
excited about ChatGPT.

Does ChatGPT pose a threat to cyber security?

The short answer would be yes. Just like any software or app, ChatGPT can be used for good purposes
and cybercrime. Check Point tested if ChatGPT could be used to generate a sophisticated phishing email
and malicious code and they could. What does this mean for businesses that often are targeted by cyber
criminals through phishing emails? If you want to minimise the risk of being on the receiving end of
cybercriminal activity, it is of utmost importance that you take precautionary measures including having
professional support and an up-to-date data protection strategy. You shouldn’t rely on basic protection
such as a firewall, even though it is considered a good protection. You should always avoid opening
messages that include links from senders you don’t know.

Even though the test conducted by Check Point and also TechCrunch showed that basically anyone can
create a basic phishing email with malicious payload in it with help of this chatbot, it’s not a security
threat by itself. It’s as safe or as dangerous as its user.

Is ChatGPT safe to use?

Yes, it is. Generally, ChatGPT is safe to use when you ensure that you comply with the laws and
regulations, take appropriate security measures such as access controls and program the chatbot to
detect and flag malicious and fraudulent text. ChatGPT doesn’t ask for personal information or spread
false information on its own. It also audits the requests and provides answers that are relevant. If a
person asks ChatGPT to do something illegal, it will refuse the request.

I’ll quote ChatGPT itself on the impact of ChatGPT on cyber security. “Ultimately the impact of ChatGPT
on cyber security will depend on how it is used. It is important to be aware of the potential risks and to
take appropriate steps to mitigate them.”

How can you benefit from ChatGPT?

During and after lockdown, businesses have had to come up with an effective way to respond to
enquiries and also support requests. With ChatGPT your prospective customers as well as existing
customers can access 24/7 support and get answers that are relevant to their issues. This in turn helps
you to build a more positive and personalized customer journey and experience.

ChatGPT isn’t here to take over your business or the jobs, it was designed to help you provide better
service to your own customers which leads to a better customer experience. If you take needed
precautionary measures, your data and your clients’ data aren’t endangered.

ChatGPT helps you take some of the workload off the customer supports shoulders freeing up time and
enabling them to focus on the most urgent and more complicated support requests. As result, you’ll
have happier employees and customers who are more likely to stay with you and recommend you to
their network.