If you’ve seen “The Most Dangerous Town on the Internet—Where Cybercrime Goes to Hide” and think it has nothing to do with your life, you’re not giving the office security vulnerabilities all around you enough attention. In Norton’s short documentary, “The Jester” talks about the evolution of cybercrime and how the theater of war has moved into cyberspace. Phishing attacks, malware, ransomware, data breaches, and spam dumps are accelerating around the world and posing a serious threat to businesses of all kinds.
The Jester is a famous gray-hat hacktivist who’s been called “the Batman of the internet.” This hacker vigilante is known for waging retaliatory attacks against enemies of the United States, including Iran’s president and jihadists, and last year, he made headlines for breaking into Russia’s Foreign Ministry site and leaving a message for Putin. He’s one of many people journalist Heydon Prowse interviews in his quest to better understand the evolution of cybercrime.
In the video, Prowse focuses on bulletproof hosting and travels around the world to uncover the role it plays in facilitating and enabling criminal activity. Hackers need secure places to launch attacks from and store stolen data, like credit card information—which is why they use hosting providers that turn a blind eye to whatever they store. Most of the executives interviewed in the film deny responsibility for the content their companies host, but their denials have huge consequences for executives, employees, and consumers alike.
Step carefully—the internet is a minefield
The 2017 Cyberthreat Defense Report from the CyberEdge Group found that an alarming 79 percent of networks were breached last year at least once. Companies ranging from Wendy’s, Neiman Marcus, and Sony to Ashley Madison and Yahoo have fallen victim to high-profile, damaging, and embarrassing attacks they’re still recovering from, and the volume and severity of attacks is accelerating. The stakes can’t really get higher than a politically motivated hack that may have influenced the outcome of the US presidential election.
The internet is dangerous, to say the least, but companies must use it to conduct business today. As IBM Chairman, CEO, and President Ginni Rometty put it, cybercrime “is the greatest threat to every company in the world.” The evolution of cybercrime means we must treat digital security as a top priority, regardless of whether you sell cheeseburgers or business analytics software.
In short, the office is a veritable hotbed of places vulnerable to attack. If you want to protect your business against the evolving threat of cybercrime, here are four ways you can start building a better defense around your IT perimeter right away:
1. Pay attention to your printers
Printers are one of the most overlooked security vulnerabilities in the workplace. According to an IDC research paper titled, “The Printer Is an Endpoint: Proactively Addressing the Security Vulnerability,” hackers often seize on the lack of attention given to printer security relative to other devices and peripherals on the network. To many in IT, printers are “only printers” and labeled as low risk, but modern printers are networked devices, which means they can be targeted by sophisticated malware and accessed via a number of entry points, like a modem or wireless access point.
These are major risks—but not all hope is lost. Today’s advanced printing solutions can provide your business with printers that can defend your network instead of leaving it wide open. For instance, these printers can detect and prevent attacks in real time, and then after the fact, they can immediately begin to self-heal from the attacks automatically. Turning to these types of secure devices that monitor and stop threats almost completely on their own will keep you from having to spend another minute worrying about these cyber risks.
2. Keep your guard up against IoT devices
Energy utility company National Grid estimates that energy represents 19 percent of total expenditures for office buildings. US office buildings spend an average of $1.34 per square foot on electricity a year, while in the typical office building, lighting, heating, and cooling represent between 54 and 71 percent of total use.
Need the SparkNotes? Energy costs a lot. To cut down on consumption and costs, businesses are increasingly turning to IoT devices, such as smart thermostats, meters that save electricity, and sensors that shut off lighting and heating/air-conditioning when no one is in a room. The catch-22: Anything connected to the internet is hackable. Take the St. Regis Shenzhen, a five-star hotel where a hacker found he could control of the thermostats, lights, TVs, and window blinds in all rooms through the property’s mobile app.
IoT devices are the latest and greatest targets in the world of hacking. It’s up to your IT team to start placing stricter access controls and device settings to better protect these devices from falling into the wrong hands. Don’t let hackers exploit these often overlooked endpoints.
3. Secure all mobile devices
It’s a mobile world out there, but the rise of the remote workforce and BYOD has resulted in additional security vulnerabilities. The main findings of the 2016 BYOD and Mobile Security Report revealed that one in five organizations suffered a mobile security breach, and 39 percent of businesses cite security concerns as the number one inhibitor to BYOD.
How can you fight against such staggering odds? To start, if your business relies on a BYOD policy, build out that policy to be as comprehensive and inclusive as possible—and make sure it’s easy for your users to understand. Beyond that, it may be worth turning to a mobile device management solution to automate certain IT tasks related to device health and security.
4. Combat human error with education
All these points of vulnerability pale in comparison to human error. Human error really is “ground zero” when it comes to being hacked. One shortcut, one absentminded click, and a company can be compromised. Even the most robust security protocols fail if employees are not following best practices or fall prey to scams. Michael Howard, HP’s Chief Security Advisor, believes that humans remain the largest challenge in protecting organizations.
That said, it’s up to IT to spread security awareness throughout their organizations—with cybersecurity trainings that don’t suck. We’ve all sat through or hosted unbearably boring cybersecurity sessions, but with a little sprinkle of creativity, you can create a training that will truly stick with users, minimizing human error.
Ultimately, technology is just one pillar of good security, with people and processes serving as the other two pillars, and the evolution of cybercrime isn’t slowing down anytime soon. To better protect your business, you need to plug any and all security gaps, starting with the ones we’ve listed here, and ensure the entire workforce understands how to avoid the “dangerous towns” on the internet.