A seemingly unending string of high-profile data breaches over the past few years has only reinforced the notion that “cybersecurity” is an oxymoron. But Barbara Marchiori de Assis, a cybersecurity program officer with the Organization of American States, insists there are many steps people and organizations can take to safeguard their personal and business data.
Among the trends contributing to a more dangerous cyber environment, Marchiori said during a presentation at the SVIA’s 2017 Fall Forum in Washington, D.C, are more frequent attacks aimed at smartphones and other mobile devices, and the growing “Internet of Things” movement, in which everything from farm equipment to kitchen refrigerators is connected to the Internet.
The Organization of American States surveyed infrastructure operators in 2015 about their experiences with cyber threats. The respondents included energy, manufacturing, security and communications companies; finance and banking organizations; and governments. Of that group, 53 percent said they had experienced an increase in cyber incidents involving their computer systems in the last year, and 76 percent said incidents aimed at infrastructure were becoming more sophisticated. The most popular types of cyberattacks used against them were, in order, phishing (cited by 71 percent of respondents), attacks via unpatched vulnerabilities (50 percent), and distributed denial of service attacks (42 percent).
To help combat mobile attacks, Marchiori recommended that people configure their mobile devices to be more secure by disabling Bluetooth and Wi-Fi interfaces when they’re not in use, avoiding joining unknown Wi-Fi networks or using public Wi-Fi hotspots, keeping camera lenses on smartphones and tablets covered when not in use, and choosing mobile apps wisely, generally sticking to those from well-known companies or organizations.
At the enterprise level, Marchiori encouraged organizations to know where their data is being stored when they work with a cloud computing vendor; keep operating systems, computer programs and apps up-to-date; implement multi-factor identification procedures; monitor the use of privileged accounts; and proactively develop incident response plans.
“At the end of the day, if you don’t adopt security measures, you’re letting something happen to you,” she concluded.