• Whether an individual, a small business, or an enterprise – cybercrime doesn’t discriminate. All things “cyber” continue to grow, unfortunately including cybercrime (cyberattacks, cyberthreats, hacking, phishing, etc.). Follow along to learn what cyber challenges we are anticipating in 2024 and how you can manage.

  Growth in Cybercrime

  Cybercrime has been on a steep rise over the past several years. With ransomware and “data extortion” breaches making the news almost daily, attackers have turned these activities into profitable revenue streams that are unlikely to stop soon. While risks are at an all-time high, the task of protecting networks is becoming harder for businesses of all sizes. As we migrate to de-centralized cloud-based applications, the traditional “castle” method of defense with building walls around our most valued assets will no longer work.

  The number of applications used by a typical organization has rapidly grown in the last few years. According to recent reports, organizations use 130 SaaS apps, which is up from just 16 five years ago. The problem is then compounded by bringing more and more of our devices online, which creates additional “attack vectors” for cybercriminal to target within our environments. Forecasts say there will be 41.6 billion IoT (Internet of Things) * devices by 2025. These include POS and entertainment systems, cell phones and computers, digital signage, printers and more. Not to mention, the software and firmware running these systems sit atop increasingly complex codebases.

  So, what can you do?

  Business size plays little part in who is or is not attacked. As the “business of cybercrime” has grown, there are now attackers that fit victims of every size. Unfortunately, there is no one-size-fits-all solution for this complicated problem.

  Individuals and small businesses have limited financial resources dedicated to cybersecurity, making it crucial to prioritize and allocate resources effectively. As businesses grow and become more valuable, it is critical that they continue to increase their security posture at the same rate to address new risks and prevent increasing potential losses.

  The Federal Trade Commission lists five principles of sound data security:

1.     Take stock: Inventory the office and know what information you have – where is it stored and who has access? What do those people or businesses do with the information they have access to?
2.     Scale down: Retain only what you need. The more information you hold the greater the risk that personal information will get exposed.
3.     Lock it: Providing the minimal amount of access needed to people and devices generally leads to better overall security. On your network, two things you can do are:

a.    Using advanced firewall with security features like intrusion detection, content filtering and built-in malware scanning. This will help prevent customers and your team from mistakenly navigating to malicious websites and help stop already malicious devices from connecting back to their servers.

b.    Segment your network to reduce the impact if there is a breach. Create smaller “Virtual Networks” (VLANs) in your environment to virtually split up which devices can communicate with each other. A common setup for small to midsize businesses might be to build four “virtual networks” like…

4.     Pitch it: If you don’t need it, get rid of it securely. Create a retention schedule and have appropriate disposal processes and devices.
5.     Plan ahead: Create a policy and procedure regarding cybersecurity and invest in the correct technologies and partners if it’s not your expertise. Use reputable vendors for purchasing hardware and services, and stick with trusted brands – especially when it comes to internet connected devices. Many IoT devices found online are made by fly-by-night manufacturers and have been found to come with “backdoors” built in, but even those not compromised from the start are often not supported long term by the makers and become security risks.

• And finally, never neglect your people. Even a perfect fence can’t work if someone accidentally leaves the gate open. So, invest in employee training and security awareness.

  A few key practices to highlight: **

• • Secure personal devices like laptops and phones, especially when in public places. Be sure to lock your screen if your computer is unattended, and don’t install software that isn’t authorized on work devices.
  • Educate employees on the signs of a cyberattack, especially phishing, and the laws that apply to data they may handle.
  • Make sure employees know who to turn to and feel they can come to you if an issue arises, it takes the whole team to fight these threats.
  • Remove employee access if they are no longer with the company even if you don’t think the person is a risk. User accounts no one is using leaves the door cracked open for attackers.

As we approach 2024, individuals and businesses must be prepared to tackle the evolving cyberthreat landscape. Understanding the seriousness of cybersecurity, identifying your unique needs, and addressing the practices above are great ways to start.

*Stats found in Harvard Business Review: https://hbr.org/2023/04/cyber-risk-is-growing-heres-how-companies-can-keep-up  

**Principles and practices found from Protecting the Unprotected: Data Breach Prevention and Response – A Guide for Businesses and Charities by Dave Yost

Jordan is a Senior Manager of Security and Cloud Services at Hawaiian Telcom, a company under altafiber’s family of companies. He has spent nearly two decades helping organizations implement technology to solve business challenges. Jordan has a Master of Science in Leadership and Management and has earned CSSP, C|CISO, and GCFA certifications. He will happily talk your ear off regarding anything with technology, organizational culture, or the best ways to cook meat with fire!