Marketing director of DataTech Labs Mitchell Chokas and CTO of ForgeRock Eve Maler weigh in on the growing and insidious threats to business’s security.
Mitchell Chokas
Marketing Director, DataTech Labs
Why is digital security such an important topic right now?
Due to the current state of the world, there is an accelerated effort towards organizations and individuals making more digital transactions. With that, hackers are evolving and becoming more sophisticated with targeting their strategies to exploit individuals and organizations.
What are the common mistakes you’ve seen recently when it comes to digital security in business?
Mainly, individuals being duped by sophisticated phishing attacks. Most employees are aware of the dangers of clicking on a suspicious link. Machine learning, however, has enabled hackers to construct convincing messages that may sway individuals to unknowingly compromise their organizations’ networks and systems.
What are a few of the challenges when it comes to protecting a business or consumer?
Keeping up-to-date with current cyberattack methods and educating consumers would be a great step in preventing compromising attacks from unauthorized individuals.
How have you seen digital security change in the past couple of months?
The most surprising change I’ve seen is more enterprises and organizations rethinking their approach to cloud-based architectures, due to vulnerabilities. This has led to prevention being the key to staying secure over just detection. Also, more companies are developing hybrid and multi-layered cloud solutions that are flexible and can deliver scalable protection at speed.
Eve Maler
CTO, ForgeRock
Why is digital security such an important topic right now?
Identity is the internet’s weakest link. As we adjust to life that’s more digital, data becomes more vulnerable. In 2019, five billion U.S. consumer records were stolen, according to our latest Identity Breach Report. Protecting digital identities can’t be an afterthought; it is an imperative for enterprises to maintain trust with consumers and avoid costly breaches.
What are the common mistakes you’ve seen recently when it comes to digital security in business?
Data breaches caused by unauthorized access are on the rise, which is a symptom of poor access management. In the United States, 40 percent of breaches were caused by unauthorized access in 2019 (a symptom of poor identity and access management (IAM) strategies), and Q1 2020 shows the same trend. This can be a problem caused by either malicious actors from outside or inadvertent access by insiders.
Organizations should adhere to the privacy principle of data minimization to help consumers avoid providing unnecessary copies of data. The lack of transparency and control in how these organizations are collecting data can also be mitigated by using a comprehensive consent and permissions management approach.
Knowing the value of consumer data, both to the owner and cybercriminals, these statistics show that organizations must elevate their digital identity management strategies to protect consumer data, as well as their brand reputation.
Additionally, organizations often lack transparency and control over how they collect consumer data, which can lead to diminished customer trust.
What are a few of the challenges when it comes to protecting a business or consumer?
Malicious agents are becoming more and more sophisticated in how they target and attack both business and individual consumers. They often exploit current events or disasters to target users, as we’ve seen with the increase in phishing attacks in Q1 2020 sharing false information on the COVID-19 pandemic.
As hackers evolve their attack methods, organizations that haven’t implemented adaptive, context-aware authentication methods will continue to fall short. To proactively combat threats and breaches, organizations must adopt a “zero trust” approach to security, only granting access where it is strictly needed. To push back the tide of breaches, businesses must control access to data in a dynamic and adaptive fashion with a closely circumscribed perimeter around the protected resource.
Hackers continue to evolve their attack methods using current events to craft convincing phishing emails to target consumers, like COVID-19. This resulted in an increase of successful phishing attacks in Q1 2020. Cybercriminals also take advantage of some organizations’ lack of proper authentication methods to obtain unauthorized access to personal data.
How have you seen digital security change in the past couple of months?
The pandemic led to a significant increase of highly successful COVID-19-themed phishing attacks seeking to exploit consumers and businesses alike. Some sources are estimating increases in phishing emails of over 600 percent. GMail alone reported they blocked 18 million phishing attacks and 240 million COVID-19-related spam mails on a daily basis. Fake websites, presenting themselves as healthcare services or government benefit sites, are effective at obtaining consumer credentials.
Additionally, stay-at-home orders throughout the nation caused rapid shifts to remote work. However, not every organization was prepared and their attack surface increased as a result. Unpatched virtual private networks, overprivileged access to corporate networks and data, and the opening of gaps directly in corporate firewalls are among the many threats unprepared companies faced as they sought to support their remote workforces.
Businesses must bolster their security approach to react to new norms of work, taking measures to prevent unauthorized access to business and consumer data.
COVID-19 led to massive increases in phishing emails and attackers seeking to take advantage of organizations that did not properly secure their remote workforce. Google reported they block 18 million phishing attacks and divert 240 million spam messages on a daily basis, all related to COVID-19.