The recently concluded CyberWeek (an annual worldwide event that took place in Abu Dhabi in the UAE in October 12-17, 2019) offered training and talks on a number of important issues that are highly relevant for today’s security professionals: cyber threats, hacking (ethical and otherwise), cloud security, application security, reverse engineering, addressing web attacks, cryptocurrency, artificial intelligence, social media, cyber careers, and more.

This Hack in the Box conference is crucial because organizations today face serious cybersecurity threats. In fact, cybersecurity threats affect every business, no matter the size. As the second most reported economic crime,cyber crime affects 32% of organizations around the world and costs the global economy over US $400 billion per year. In other words, this is not something that you can ignore.

It is necessary for every company to be proactive in their approach to cybersecurity and to make the required investments and plans to ensure they are prepared for when a cybersecurity attack inevitably happens. Keep in mind that due to the continual technological enhancements, the amount of touch points that cyber criminals can locate within a business is expanding.

To help reduce the chances of it affecting you and your business, read on to learn about the five cybersecurity risks every organization needs to prepare for.

1. Zero-Day Attacks

When it comes to cybersecurity risks, the most feared is the zero-day attack, as it can produce severe consequences for businesses, no matter their size. A zero-day attack gets its name from the fact that security teams have precisely zero days to respond before it becomes active. Therefore, these types of attacks have a very high likelihood of succeeding, creating extensive damage to networks, or facilitating data breaches.

Zero-day attacks target systems whose vulnerabilities are yet to be discovered or patched. To mitigate the risk of your organization suffering one, make sure to always use common sense when you receive suspicious emails or attachments. Many of these attacks spread through email or the internet; therefore, you and everyone else in your company should avoid opening them altogether. You also want to make sure you are using reliable security software that you keep current by installing updates and security patches right when they are issued.

2. Cloud-Data Leakage

Over the next few years, one of the most prevalent cybersecurity threats is going to be cloud-data leakage, which includes the uploading of sensitive company information to cloud services. Cloud data breaches occur because many organizations don’t leverage best practices. Hackers will always go for the weakest link, so you want to ensure that you are putting forth a robust security system.

One of the reasons for the influx of cloud-data leakage is due to the increase in the number of employees using their personal devices for work in the absence of a strict security policy. When they use their own devices to access storage services (perhaps when working from home or while commuting), there is an increased opportunity for a security breach, particularly if they are using older operating systems.

Additionally, to avoid data leakage, make sure you are encrypting data. Your company’s data should not be on the cloud without being encrypted. Moreover, you also want to change your passwords routinely.

3. Mobile Malware

The threat of mobile malware is increasing. Hackers become more sophisticated. They target mobile operating systems. This lets them steal device information.

To improve firm-wide mobile security, first establish a security policy. This policy must give definite rules for acceptable use. Also, explain security risks of smartphone use to employees. Show how these measures mitigate those risks. Educating employees with cybersecurity training builds your primary line of defense against malware.

If employees bring their own devices to work, create a clear BYOD policy. This security plan should include provisions for installing software on personal devices. This applies to devices used to store or access company data. It also needs protocols for reporting lost or stolen devices. Other requirements are regular backups and data protection practices.

4. Targeted Attacks

Targeted attacks are aimed towards a specific individual, company, system, or software. These attacks no longer target companies indiscriminately with viruses and spam. They generally use targeted email attacks. These successfully penetrate a company’s network. Preventing these attacks often requires an advanced approach to email security. This combines various layers of defense with up-to-the-minute threat intelligence.

Provide training to your security teams. They must monitor computer systems, networks, mobile devices, and backup devices. Implement training for employees on handling security risks. Also, inform them of repercussions for malicious activity.

Restrict privileged access to central servers and security systems. Allow only a minimum number of employees this access. Also, monitor access to all servers, regardless of privilege level.

5. SQL Injections

An SQL injection is an attack in which malicious code is inserted into an application and then transferred to the backend database. This can then produce database query results or actions that should never have occurred. The malicious code can also potentially steal, delete, or modify data on the affected server.

To prevent an SQL Injection, you want to ensure that you are using stored procedure instead of dynamic SQL. This will stop SQL injection from happening since the input parameters will always be treated as an actual text value, instead of as a command. Also, having to validate input can significantly increase your chances of preventing SQL injection as suspicious inputs will be filtered before submission or processing by the server. Consider adding an email validator.

Which of these cybersecurity risks is your business most concerned about? Or, are you currently struggling with something else entirely? What steps is your firm taking to protect itself from cybersecurity risks? Let us know your thoughts, insights, and any relevant experiences in the comments below!

AUTHOR BIO

Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder and Chief Executive Officer of Hack in The Box (http://www.hitb.org), organiser of the HITBSecConf series of network security conferences which has been held annually for over a decade in various countries including Malaysia, The Netherlands and the UAE.