Explore by Topic
Explore by Type
C2FO Powers Early Payment Programs for the World’s Largest Companies.
Discover expert insights on working capital, cash flow optimization, supply chain management and more.
We believe all businesses can and should have equitable access to low-cost, convenient capital to grow and thrive.
Here is a short checklist for a basic cybersecurity audit, rising threats to watch out for, plus resources for prevention and awareness.
Cybercriminals have expanded their targets to include not only countries and large corporations but also small to mid-sized businesses (SMBs) in recent years. They have become ripe targets because they don’t garner the news headlines and enforcement scrutiny that an attack on, say, General Motors or Alibaba would generate, and they don’t often have the resources or staff a big company or organization would have at its disposal, according to Threat Post, a cybersecurity news website.
“With government and big companies pouring cash into cybersecurity, underfunded and understaffed SMBs are prime targets,” states the article.
With the start of the new year and rising threats on the horizon, it’s a good idea to reassess the resilience and vulnerability of your front-end and back-end computer operations. A cybersecurity audit would be useful in preventing any attacks. We lay out below a short checklist to include in a cybersecurity audit in order to make sure you are in the best position for 2022, whatever your budget or the size of your IT department.
We also write about trending threats to watch out for plus a helpful list of websites and resources that you should check out in order to keep up to date on the ever-changing cybersecurity space.
It’s like the California Gold Rush but with computer equipment. Mining for Bitcoin and other cryptocurrencies is seen as a big moneymaker. Cryptominers have been pouring expensive computer infrastructure into mining for digital currency because it’s a resource-heavy process to extract. But there have been enterprising, malicious hackers who don’t want to use their own equipment and instead secretly infect people’s computers with cryptomining malware. This is called cryptojacking — your computer is unwittingly enslaved for its computing power in order to mine for digital currency. No one is really safe from cryptojacking, which has impacted both ordinary computer users and governments. Computers are usually infected via malware on websites. Signs of being a victim include your device not working as well, overheating and increased fan activity.
Deepfakes are sophisticated, artificial intelligence-driven technologies that fake real people’s actions and news events — akin to an image doctored with Photoshop. For example, imagine watching a very convincing video of U.S. President Joseph Biden breakdancing and it’s going viral on Facebook. Problem is, he does not breakdance (as far as we know). That video is an example of a deepfake. While journalists have been mostly reporting on deepfakes when it comes to celebrity video spoofs, deepfakes have even infiltrated social media networks like LinkedIn in the form of AI-created people masquerading as important government and business officials. Another thing to watch out for: the rise of “cloned” audio, according to the Guardian. A few years ago, scammers pretended to be a German CEO during a phone call, mimicked the CEO’s voice with deepfake software and bilked a German energy firm of £200,000.
“Alexa, are you safe to use?”
It’s a question worth asking because the number of Internet of Things (IoT) devices is expected to grow exponentially over the next several years, and yet these devices can open you up to various kinds of cybercrime, according to Hacker News. Many IoT devices come with the veneer of safety in the form of password protection, but there are still many others, “cheap and low-capacity Internet of Things devices,” that don’t even have this basic security. The news outlet reported that an IoT device with flimsy security in 2019 could be compromised in less than 3 minutes. And last year, “an IoT device is attacked on an average of 2,814 times every single day by more than 100 different botnets trying to hijack it.” There have been attempts to lock down security on IoT in the form of network providers and device manufacturers collaborating on security protocols, among other remedies.
In December 2021, the Apache Software Foundation, an important tech organization, disclosed to much worry that one of its applications, Log4j, has a huge vulnerability called Log4Shell. The name Log4j may sound obscure, but it’s a tool that “is used worldwide across software applications and online services, and the vulnerability requires very little expertise to exploit,” according to the UK’s National Cyber Security Centre. “If left unfixed, attackers can break into systems, steal passwords and logins, extract data, and infect networks with malicious software. This makes Log4shell potentially the most severe computer vulnerability in years.” Cybersecurity staff across the world spent a good chunk of December looking for this vulnerability and locking down their systems, but government officials say Log4Shell will continue to be a problem for years to come, according to CNET news.
Ransomware is malicious software that steals your data or blocks you from accessing your website, networks, computer files and other tech systems. The malicious actors behind the malware then demand you pay them or they will release your private data or prevent you from ever accessing your tech infrastructure. The FBI states that “you can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware.” Ransomware has been a problem since the dawn of the internet, but it has become probably one of the top cyber threats in recent years, according to many experts. Yahoo News reported that ransomware victims paid nearly $600 million in the first half of 2021. What’s been especially troubling is how ransomware is now targeting software-as-a-service (SaaS) applications, open-source projects and remote technology as many companies move to cloud applications, according to DARKReading, a cybersecurity news website.
CNET not only provides reviews on the newest and coolest tech gadgets but also has a team of journalists devoted to reporting on the latest in cybersecurity for a general audience. Recent articles cover VPN trackers, security vulnerabilities such as Log4Shell, privacy concerns over tracking devices and more.
If you want even more in-depth knowledge of cybersecurity, we can’t recommend enough the website for the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. federal government organization that “leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure.” The website portal has a bevy of information on essentials, but we recommend starting with the CISA Cybersecurity Awareness Program and the CISA Cybersecurity Awareness Program Toolkit, which both dip into general education on cybersecurity and tips for defense.
Brian Krebs is a longtime watcher and investigative reporter of all manner of techno malfeasance and software vulnerabilities, both big and small. He was a Washington Post tech reporter for many years until branching out with his eponymous blog on cybersecurity, which he started about 12 years ago. We think it’s an essential website when it comes to the latest in tech security such as the newest software patches, breaches, privacy concerns, cybercrime of the week and more. We also recommend his Twitter feed for real-time news.
Do you need to talk to an expert or get advice on cybersecurity and you are operating on a relatively tight budget? The National Cybersecurity Society (NCSS) is a professional membership organization specially geared to the small to medium-sized business community. It provides education, advocacy, advice, a small business toolkit on cybersecurity and other valuable resources.
Are you feeling intimidated in regard to cyber defense and the wealth of tools out there? PC Magazine has a great section on security reviews that is continuously updated. It has articles on VPN options, spyware protection, ransomware defense, password managers, antivirus software and other tools.
People have reaped rewards from advances in technology, from fast mobile payments to remote work and education becoming doable, but the advances come with attendant dangers such as cybersecurity concerns. The COVID-19 pandemic has also complicated matters with the increased use of insecure telecommuting devices and networks. Balancing security concerns while also maintaining and increasing the efficiency of operations is a dual concern for many businesses in the present and future. What’s essential to all of this is cultivating a strong cybersecurity mindset where security is already baked into your business computing infrastructure and process. This requires knowledge and awareness, and we hope this primer sets you up for success.
In this article:
Related Content
These are the forces that could shape the global economy over the coming year.
High prices and a shorter season could put pressure on shoppers.
Subscribe for updates to stay in the loop on working capital financing solutions.
4 min read
3 min read