Another new year, another set of new security concerns for business owners. Now is the time to prepare your business for the latest cyber-scams, including fake news and social media fraudsters.
BrandProtect, a provider of cybersecurity solutions, offered their take on the top five business security threats of 2017.
1. Fake news
"Fake news" — false claims about a company or person that are reported as fact by "news" outlets — ran rampant during the 2016 US presidential election, and it can also have a major financial and reputational impact on businesses. Last year, Avon experienced this, and FitBit got its turn a month ago. The amount of fake news and social media sharing of false news is predicted to increase more next year, said Greg Mancusi-Ungaro, CMO at BrandProtect.
"When fake news targets public companies it is often with the goal of creating short-term unanticipated change in stock valuation of the targeted company, or a key competitor or supplier," he said.
Fake news can also dramatically influence public opinion about mergers, partnerships, or corporate and executive reputations. You can't prevent the creation of fake news, but left unchecked, these stories can dramatically change revenues, operations or reputations, said Mancusi-Ungaro. Active monitoring and reacting is essential to detect fake news, including hidden user forums, he added.
2. Ransomware and malware
More than 200,000 new malware samples were found everyday in the first half of 2016, according to the Anti Phishing Working Group (APWG). While that number is down from 2015, it doesn't necessarily signal relief. They may just be becoming more sophisticated. In many cases malware may hold your website “hostage” until you pay a ransom for it to be released.
"BrandProtect believes that it (the decrease in malware detected recently) signals that the ransomware and malware business model is maturing and these exploits are becoming commoditized. Today's fraudsters are likely to be building their schemes using developer kits that have become widely available online. Now, for an investment of just a few thousand dollars, anyone can be in the ransomware business," Mancusi-Ungaro said.
3. Socially engineered attacks
BrandProtect conducted research on this topic and discovered numerous duplicate Twitter and LinkedIn accounts among Fortune 500 CEOs. By using a trusted name, socially engineered attacks increase the likelihood of success. A 2016 Ponemon research report, which BrandProtect sponsored, revealed "an astonishing 79 [percent] of security teams do not feel that they have processes in place to gain actionable intelligence about external threats." Companies should proactively monitor these types of threats "beyond the perimeter."
"The best first step a company can take to reduce these risks is a complete internet risk or social risk audit," said Mancusi-Ungaro. "Most companies are astonished at the number of places that third parties have used their brand to legitimize their online activities."
Speaking on the topic of socially engineered attacks, BrandProtect general manager Michael Kiefer said, "Even carefully managed Fortune 500 CEOs can be victimized by online masquerades. But every duplicate account, from the CEO to the newest employee, represents a risk to the enterprise. Enterprises need to be consistently vigilant to protect their identities and reputations from becoming pawns in attacks on their executives, employees, partners, or the general public."
4. Mobile threats
Personal phones and other mobile devices continue to be a weak link in the security chain. Not only are they platforms where phishing emails and other schemes are likely to be effective, they represent a unique information conduit to business and personal networks. The rise of fake apps, and their consequences, will continue in 2017.
Mancusi-Ungaro said, "Mobile app fraud remains one of the fastest growing threat arenas in the digital world. With hundreds of app stores active globally, and multiple apps deployed from multiple departments, only security or digital governance teams can realistically coordinate and centralize the comprehensive global mobile app monitoring needed to ensure that end users are not compromised."
According to APWG, over 100,000 phishing sites were detected every month of Q3 2016. Likely this trend will continue and become more brand targeted. As we enter 2017, BrandProtect expects this trend to continue, likely reaching another all-time high in 2017.
Mancusi-Ungaro noted that phishing emails are still the primary means of delivery for most of these attacks. By implementing anti-phishing solutions, which include 24/7 phish detection, evaluation and mitigation, companies can reduce their likelihood of being associated with a successful attack.
To learn more about low-cost business security, check out this Business News Daily article.