Tecknuovo IT Manager Rob Kirkham has a passion for emerging technology, adapting IT solutions for new environments, and building up cyber defences. In the first of his blog series, he lets us in on his top three cybersecurity tips.
Happy cybersecurity month! It’s an important time, as ever, to reflect on today’s state of cybersecurity and the evolving nature of the attacks that we’re all increasingly vulnerable to. Last month’s attacks on Uber and Rockstar were a reality check. If global leaders in app-based travel and video games respectively can fall victim, no one is safe — no matter how protected or well-resourced.
The events made me reflect on what companies of every stripe can do to bolster their cyber defences. In this blog post, I’m sharing my top three tips for preventing, eliminating, and educating your staff on cybersecurity.
Let’s set the scene by considering how Uber and Rockstar’s cyber defences became so easily compromised.
The two tech giants were subjected to simple but extremely effective spear phishing attacks. The threat actor began by accessing an Uber employee’s account credentials that let them infiltrate its online platform. After exploring the systems, they then quickly gained access to elevated privileges through an administrator account. The agent attacked Rockstar in a similar way, using employee Slack credentials to steal footage and code from a secretive, upcoming project.
If this can happen to the likes of Uber and Rockstar, it can happen to anyone. So without further ado, here are my top three tips you can use to strengthen your own cyber defences!
The Uber and Rockstar examples show that no matter how much you spend on cybersecurity, your employees will always be your weakest link. That means that educating and training them to be cyber resilient is the most powerful tool in your toolbelt. Here’s how to do it:
Ultimately though, it’s IT administrators’ responsibility to embed a multi-layered approach to preventing cyber-attacks via phishing emails. Educating staff is just one of many layers. Others include:
You’ll also want to embed some predictive cyber detection tools. This kind of antivirus software works with integrated Artificial Intelligence (AI) to stay one step ahead of attackers in the background — without putting additional strain on IT administrators.
Attackers are constantly exploiting new tools and newly discovered zero-day vulnerabilities. So no matter how keenly your IT admins are on the lookout for new threats, they’ll scarcely stand a chance against these evolving threats. AI and Machine Learning (ML) tools won’t only mitigate them, but also monitor and learn from a pool of millions of endpoints to pick up on trends. In turn, this identifies new vulnerabilities that the software can patch automatically.
" Microsoft Defender (https://tecknuovo.com/what-we-think/educate-to-eliminate-keep-cyber-threats-at-bay-in-three-easy-steps/%E2%80%9Cshorturl.at/ghlM5%E2%80%9D)" and_ BitDefender (https://tecknuovo.com/what-we-think/educate-to-eliminate-keep-cyber-threats-at-bay-in-three-easy-steps/%E2%80%9Cshorturl.at/oqHU8%E2%80%9D)” are some of the biggt anti-virus offerings that incorporate AI and machine learning features.
I’ll quickly demonstrate how one of these works. Microsoft Defender employs “AI-driven adaptive protection against human-operated ransomware”. This means it uses cloud-based AI to analyse and compare how threats and malware behave within a set timeframe. It then automatically adjusts the aggressiveness of blocking in real time, before outputting a cloud verdict that takes immediate effect on the end user’s device.
Multifactor authentication (MFA) is an additional security step in a login process. MFA works with something the user has (like a unique verification code), or something the user is (verified through facial ID or fingerprint recognition. This makes MFA nearly impossible for an attacker to bypass.
MFA has been slowly incorporated into the biggest online cloud platforms over the last decade, but is now deemed essential for any type of online account.
Why is MFA so essential? The short answer is that it forms an extra layer of the cyber security ‘onion’. Regardless of how many special characters, capitals and numbers you have in your password, it’s extremely susceptible to brute force attacks, dictionary attacks and data leaks. MFA provides a barrier between the user’s account and their credentials. So, if a password does end up in the wrong hands, a request for ‘something you have’ or ‘something you are’ will stop the attacker in their tracks.
These three tips are centred on two key components: awareness and proactivity. If you centre your cyber strategy around these principles, you’ll be well on your way to not becoming the next Uber!
In my next cybersecurity blog post, I’ll be taking a deep-dive into biometrics: a likely contender as the cornerstone of the next era of cybersecurity. Watch this space, and in meanwhile, keep building those cyber defences!
Our CEO and Co-Founder Gus has been named as one of LDC's Top 50 Most Ambitious Business Leaders — an award celebrating leaders who demonstrate resilience, strategic excellence, and export success.
Read more
Our Senior Delivery Lead Juan explains why continuous experimentation is the key to moving with the pace of tech and producing low-cost ideas before committing to the best one.
Read more
Last week we launched our very first TeckTalks – a networking and knowledge sharing event for our associates and the technology community at large. Here are the key takeaways.
Read moreGet the inside scoop — delivered straight to your inbox.