14-05-2019 | | By Christian Cawley
Information Technology departments are usually on the ball when it comes to traditional threats. Bad passwords, viruses, and website whitelists are all par for the course. Managing portable assets (phones, tablets, USB flash memory, etc.) is also a key element of maintaining the integrity of data on an organization's servers.
But what about the security challenges of the future? SIM card hacks, Whaling, smart vehicle security, and national infrastructure weaknesses can all impact on modern businesses, with little more than vigilance to protect from attacks on these vectors.
Thanks to the SIM card swapping scam, cybercriminals no longer need to steal phones to access data. Instead, a simple call to a mobile network provider's help desk can have a SIM card cancelled and the SIM card data transferred to a new card.
The result is that two-factor authentication (2FA) codes are then forwarded to the cybercriminal. Any business that relies on 2FA for procurement or other online services is then at risk of a massive security breach.
Business phone users should have a SIM card PIN set up to help mitigate the risks here. Additionally, using an authenticator app for 2FA, rather than SMS messages.
You're probably aware of the risk posed by phishing, in which scam emails target people posing as messages from banks, credit cards, or online stores. The idea is that the target is tricked into clicking a link, opening a web page, inputting their personal data, and that information is then used to empty their bank account.
As domestic users have become accustomed to questioning unsolicited emails, scammers have moved their attention to bigger targets: whales. More specifically, the people who control the budgets in larger organizations and SMEs.
Whaling requires a lot of work by cybercriminals, from collecting information about their target to hacking the corporate network. If an email doesn't pull off the scam, impersonations have been used instead, successfully having business funds transferred into an account set up in the name of the hacker's target.
Avoiding whaling attacks requires awareness and a focus on the myriad risks from cybercriminals to any modern business.
Another month, another smart vehicle security risk is uncovered. Most recently the news that smart car alarm systems allowed hackers to track vehicles, unlock doors, and even switch off engines has caused disquiet among owners.
What business would want a fleet of vehicles that can be remotely observed and potentially controlled by a third party?
The development of smart vehicles from sci-fi possibility into a useful reality requires a mature approach to security. Until manufacturers can deliver this consistently, businesses should use smart vehicles sparingly.
An issue that has become known in 2019 is the risk that national infrastructure can present to businesses of all sizes. The UK government’s apparent willingness to contract Chinese hardware manufacturer Huawei to provide its 5G network rather than a company without ties to the Chinese government has proved concerning.
At the time of writing, it isn't known if these plans (which potentially upset US-UK relations and intelligence sharing) will come to fruition. However, given China's relaxed attitude to international copyright law, a smart IT director will be making plans for complete data encryption across all company sites and particularly mobile hardware.
The information security challenges to come require a whole new approach to protect data and personnel from embarrassing and damaging results.