CTC’s May 2019 Threat Report

Hackers never take a break from their assaults, so it’s crucial never to take a break from your defense — even if that means spoiling someone’s idea of “pure fun” (see below).

Manufacturers Under (Cyber) Attack from the Inside

A report recently released by Verizon highlights a common — and serious — cybersecurity threat: people within the attacked organization itself.

Twenty percent of cybersecurity incidents and 15% of the data breaches covered in the report originated from insiders. Reasons for the attacks varied, but the report cites the top motivators as financial gain (47.8%) and “pure fun” (23.4%).

Such attacks:

  • Exploit internal data and system access privileges
  • Are often only found months or years after they take place
  • Unleash potentially significant harm on a business

What counts as “significant harm”? In a separate report, the Ponemon Institute calculated that manufacturing organizations incurred an average annual cost of $8.86 million annually to contain insider threat-related incidents.

Verizon categorizes the scenarios/actors as:

  1. Careless workers who misuse assets
  2. Inside agents stealing information on behalf of outsiders
  3. Disgruntled employees destroying property
  4. Malicious insiders stealing information for personal gain
  5. Feckless third-party partners who compromise security

There are major Hollywood movies with fewer characters, which means your IT team has its work cut out for it. If you’re a manufacturer interested in effectively curtailing threats from these and any other individuals, start with a security audit today.

Are You Vulnerable to a Supply Chain Soft Spot?

As the above list of scenarios highlights (see #5, above), it isn’t enough to keep an eye on individuals inside your enterprise. It isn’t even enough to watch out for those attacking it directly. It’s critical that you engage with your vendors, too, about their security measures.

Driving this point home is recent news that three video game development firms have fallen prey to attacks that originated upstream. Wired describes the software supply chain attacks as those where “hackers don’t attack individual devices or networks directly, but rather the companies that distribute the code used by their targets.”

Hackers achieved this by injecting malicious code into programming tools used by the game developers. That malicious code then enables hackers to install malware into certain video games.

If it’s been a while since you addressed cybersecurity with vendors, there’s no better time to begin than now.  

Password Problems Across the Pond

A survey conducted on the cyber landscape in the United Kingdom underscores the problem of poor password management that afflicts individual users and businesses alike.

Among the findings:

  • 23.2 million victim accounts worldwide used “123456” as the password
  • More than 40% of Brits expect to lose money to online fraud

Joining “123456” on the overused-password front were such simple, common terms as:

  • The name “ashley”
  • The band name “blink182”
  • “superman” — who proved far more popular than another fictional character, “batman”

Barring strict procedures and processes, it’s likely that the same people leveraging such passwords are handling sensitive data within your organization. Encourage better password hygiene with material such as this one, from the Department of Homeland Security.

Shoring Up Your Defense Begins with a Call

At CTC Technologies, we help clients every day protect their networks, intellectual property, revenue, and more. We can help your enterprise, as well. Contact us today to get started; there’s no better time than now. Prefer to call? Reach us at 734.408.1993.