Cybersecurity is looking more and more like a Wile E. Coyote/Road Runner cartoon every day. And sorry to say it, security pros, but we’re the Coyote in this situation.
But where is all this spending getting us? Attackers seem to be ahead of these security solutions at every turn. The reason hacking Road Runners are making us look like the Coyote is a fundamental problem with how we approach data security risks.
Rather than playing right into the Road Runner’s hands (wings?), we have to start thinking about the unexpected data security risks that attackers are exploiting. Here are five vulnerabilities you may not be thinking about—but need to address quickly.
1. Drive-by Attacks Have Reached the Digital World
What happens when you experience a data breach? You search for the root cause as quickly as possible and inevitably someone takes the blame. But what if your employees didn’t do anything wrong?
Attackers launch drive-by downloads by compromising well-known websites and using them as malware-spreading machines. Your employee could log into her favorite news site to start the day and, behind the scenes, the drive-by malware will scan the computer for unpatched vulnerabilities and infect them accordingly.
As opposed to phishing attacks that require employees to actually click an infected link, drive-by downloads can put your data at risk without any human interaction. According to Verizon’s 2017 Data Breach Investigation Report, drive-by downloads were the top means of malware delivery.
2. Social Media Can Do More than Hurt Employee Productivity
No manager wants to walk past employee desks to see them just sifting through Facebook. If they’re staring at social media all day, they aren’t getting work done. However, social media is more than just a productivity drain—it’s a breeding ground for opportunistic hackers.
Even if you block social media sites on your company network, employees can put your data at risk even away from the office. Thousands of Facebook accounts are hacked every day. If your employee loses their password credentials for a personal social media account, hackers might be able to use that same information to log into business accounts.
It’s unfortunate that password management is so poor at times, but it’s a reality you have to deal with as a cybersecurity leader. Make sure like-jacking and link-jacking on social media sites can’t deliver malware that will find its way into your network.
3. The Business of Exploit Kits
It seems the security vulnerabilities of Adobe Flash are well-known at this point. However, there are other applications that run on nearly every PC that are putting your data at risk. With the help of an exploit kit, attackers can infect your network through Oracle Java, Adobe Reader, and many other applications.
Exploit kits require time, expertise, and effort to develop. You safeguard your network against well-known kits, but zero-day exploit kits seemed few and far between. Now, we’re witnessing the rise of exploit kits-as-a-service. Automation and an as-a-service model make exploit kits far more accessible and far more dangerous for businesses trying to defend their data.
4. Your Data Is Under Attack from…Your Printer?
Attackers are always looking for a weak network endpoint that can serve as an initial foothold for a large-scale attack. This is why security pros feared personal mobile devices in the workplace for so long (and still are in many cases).
But with everyone focusing on smartphones and mobile workers as a vulnerability, attackers are turning to other endpoints like printers.
The days of wired printers sitting on every employee’s desk are gone and it seems every printer is connected to the enterprise network. Connectivity is convenient, but mismanagement can put all sensitive data in your print jobs at risk.
5. Are Cybersecurity Reports Steering You in the Wrong Direction?
How do you decide which cybersecurity risks to prioritize? Your internal pros will help make those decisions, but third-party expert reports are just as important. We’ve already referenced the annual Verizon DBIR, but are these reports setting you down the wrong path?
If you aren’t careful, cybersecurity reports can cause you to lose focus on your specific data protection needs. The general key findings in these reports are great, but the data vulnerabilities in healthcare won’t be exact matches for risks in the manufacturing industry.
Pay special attention to industry-specific insights so you can focus your defenses and investments properly. It won’t do you much good to spend millions on cyber espionage defenses if financial gain is the main motivator for your attackers.
Don’t Grow Complacent with Your Cybersecurity Strategy
These five vulnerabilities are just a few of the unexpected data security risks you face. Rest assured, hackers are spending day and night forging new attack vectors and launching never-before-seen threats. You can’t take a set-it-and-forget-it approach to cybersecurity.
Your top priority should be to get out ahead of attackers—and this means understanding all of the weak spots in your defenses better than they do.
Wile E. Coyote actually caught the Road Runner way back in 1980. It didn’t work out so well for him. But who says you can’t come out on top against hackers?