Over the last year, we’ve seen security grow as a key area of concern for business owners. And this comes as no surprise as online malicious activity is the strongest it has ever been.
We have even seen shifts in the types of activities hackers have been doing. The older credit card skimming scams where criminals would capture credit card details, either through physical devices at point of sale, or via website hacks, and then sell them on the dark web, are disappearing.
These approaches have become ‘aged’ amongst hackers, with reports of some of the larger dark web credit card stores closing down. While profitable, they have been getting too much focus and require too much effort to realise gains. The retirement of these activities means cybercriminals are exploring more sophisticated and easier forms of cybercrime.
In Australia, we are fairly modernised as far as credit cards go. Most, if not all, have smart security chips in them. These are used to verify the cards when inserted into the machines at the point of sale. This is not the case in other parts of the world where signatures are still prevalent. However, that is changing. Other countries are a fair way behind but are catching up quickly.
Australians lost over $300M to online scams in 2021. That figure is not reducing, with already $72M in losses reported in the first quarter of 2022. Meanwhile, online security breaches are still occurring. Every week, we continue to see reports of major names in the world being hacked. Some recent activities include:
TransUnion – a large finance/insurance business in Africa that was breached via a brute force attack on their systems. Unfortunately, one account was using “Password” as the password and was able to be very easily cracked. A $15M ransom was asked for their data to not be released.
OKTA – a secure authentication provider had client data accessed when a third-party it uses for support was breached. This type of ‘supply chain’ attack is becoming more common. As large companies are spending more time on security, they are becoming harder to breach. So, hackers are attacking the supply chain companies the larger organisations use.
Microsoft had the source code for a number of projects accessed, including Bing and Cortana.
Samsung had part of the source code for the Android phone operating system accessed.
The list goes on!
Vendors are generally improving security in their products quickly once issues have been identified. However, we do know of at least one vendor that relaxed security in their product, allowing a single character password to be used to meet the needs of a large client. While I understand the desire of vendors wanting to meet client needs, I can’t help but think this is just the wrong approach. Also, it may be ok for this client in particular, but it sends the wrong message to other clients.
The best security approaches we have come across use complex passwords with multi-factor authentication (MFA). Complex passwords can be considered multiple words, letters, numbers and symbols. Longer ones can be harder to remember, which is where password managers (such as LastPass) come in. These tools randomly generate complex passwords and save them for you – to be easily accessed when you need them.
Multi-Factor authentication adds an additional level of security, such that if a user id (which is often an email address these days) and a password is identified by a hacker, they still will not know the MFA code, which you carry on a device with you and dynamically changes every 30 seconds or so.
If you are a supplier to a large company (which many businesses are), expect to see security requirements start to appear in your engagement terms.
Don’t be your client’s weakest link.
Train your employees on security and phishing awareness. If you are not strong in this area, work with your managed IT provider. They will be able to assist.
The net result? There will be a strong focus on security, compliance and governance moving forward.
Make sure you’re ready!
Talk to us today to learn more and start protecting your business.