With the ever changing cyber-security landscape, you have to be on your toes with your eyes wide open.  Like technology itself, the attack vector and payload delivery is changing by the minute.  The hackers (actors) are adapting faster than we can plug the holes.  By the time the attack has been evaluated and figured out, the actors are on to the next iteration of approach.  As has been mentioned over the last few posts, the best attack vector has been the person, the one with emotions and possibly fears.  The actors know this.  And social engineering is as old as humanity itself.  It is one of the few things that have stood the test of time and continues to work.

On to the cyber security myths …

1. Strong passwords will keep you safe:  Strong passwords are good start, but not enough today.  Due to phishing attacks, you need Two-Factor Authentication / Multi-Factor Authentication as an additional defense.​​​​​​
2. Annual cyber-security awareness training is adequate:  No, it is not enough.  The attack vectors are morphing at an alarming rate and you need constant update training so that you can recognize what is taking place and further put up barriers to prevent yourself from becoming a statistic.
3. Cyber-security is the responsibility of your IT Department:  This could not be further from the truth.  Since the attacks are dominantly social engineering based, it is the person who needs a better mental configuration for understanding what they are seeing vs. technology systems.  Generally, the systems themselves have great security (when configured properly).  Systems work on 1’s and 0’s.  It is on or it is off.  People have their own 1’s and 0’s and 100 other options in between and this is where the actors take advantage of us.
4. My business is too small for actor targeting:  Small businesses are generally easier to attack because there is less training provided and the myth of “I am a small business, I will be overlooked” is part of the problem.
5. If I am attacked, I will know about it quickly:  Many years ago, this was a truth.  Today, the stealth nature of the actors is to hide, collect information, analyze that information and then execute an appropriate attack to ensure a higher rate of return for their efforts.   You can liken this to Phishing vs. Spear Phishing/Whaling attacks.  If I put in a little more effort, I will get 10x the return.

And on to the numbers:

• More than 80% of breaches occur due to stolen passwords – phishing.  Don’t be a statistic and review that strange email you receive.  If you think it is a strange email, simply delete it.
• More than 60% of small businesses do not have a cyber security program in place.  Talk to your IT vendor, partner or internal IT staff and ask them to help assemble a training program with you.  IT technicians are highly motivated to protect you and they stay on top of what is happening in the IT world.
• 60% of small businesses are likely to lose their company if hit with a cyber-attack.  They generally do not have the resources to mitigate, pay or overcome an attack in today’s world.

Education is the cornerstone to thriving in the digital world today.  Make sure you have prepared yourself for the inevitable cyber-attack in the future.

Ion Technology Group is adamant about protecting you through proven information.  Arm yourself with the latest information, train your employees and staff and make sure your IT maintenance and cyber-security practices are up-to-date.  Attacks not going away.  Contact Ion Technology Group today to learn more about how stay clear of the statistics list.

Have a great computing day