14 Dec 2017
Three Obvious but Commonly Overlooked Cyber Security Threats
Data theft can be among the most catastrophic crimes committed against businesses of any size. A breach of sensitive customer information, for example, undermines the confidence of existing customers and hurts brand credibility, which diminishes new customer acquisition. Add to these difficulties the possibility of crippling lawsuits, and you have the perfect storm that can bring down an otherwise healthy business.
Companies fall victim to data theft because of a multitude of reasons. One of these is having too little, if any, security systems in place -- a common problem with small businesses that believe they're too small to be targeted. Another, is failing to see security holes that exist in plain sight yet were missed because the cyber security people were looking elsewhere. Here are three obvious yet commonly overlooked cyber threats:
Supply Chain Vulnerabilities
A competitive business must run its operations efficiently, including its interactions with its supply chain. One way of doing this is giving suppliers direct access to one's data network, which allows them to quickly obtain the information they need. While efficient, it also creates a cyber vulnerability if no thought is given to its security implications.
Even trustworthy suppliers can be a security risk. If any of them can be readily hacked because of weak security controls, then they become the weakest link. If cyber criminals can't hack into a business data network directly, they can gain access via one of its suppliers. This was how Target was breached in 2013.
Security Camera Vulnerabilities
When it comes to cyber security defenses, the Internet of things lags behind the PC by more than a decade. This vulnerability is especially damaging with respect to security cameras, which give video and audio access to sensitive information within a business. Many of these camera systems permit unlimited login attempts, which allow hackers to brute force their way in.
Firmware updates of some cameras can be easily intercepted by hackers who then introduce their own infected updates. Many camera owners cause security problems by using the default login usernames and passwords that are common to all new devices of a specific make.
These vulnerabilities allow hackers to view information such as credit card details and PIN number entries made in stores by customers, or to zoom in to the keyboards of employees logging into "secure" accounts. Cameras also allow thieves to case the interiors of businesses and homes for valuables.
Visual Hacking
It's low tech nature and glaring obviousness makes visual hacking all the more effective against businesses with exclusive focus on online threats. A visual hacker need only walk in an area where foot traffic is common such as an open lobby and use a cell phone video camera to record the keystrokes of a receptionist logging into an account. Car dealerships, for example, are busy places where foot traffic among workers at their desktop computers is common. After making a video recording, the visual hacker can then log into the account using the stolen credentials. This is a hybrid physical/cyber security issue because while the account credentials are obtained offline, the theft of data within those accounts occur online from a remote location.
The above weaknesses occur because businesses fail to take a broad approach to their cyber security. For more information and answers to your security concerns, contact our team today.