Cybercrimes Within Companies: Risks and Solutions

Computing has seen drastic growth in the past few decades. Most people today, regardless the age, own or use a smart device that allows them to connect to the rest of the world. Most companies may not perform a business transaction without a computer and the internet. With that comes multiple risks and threats to the security of their data. The purpose of this blog is to review the future risks and solutions that might apply to an undisclosed well-established organization, considering new technologies that the organization may adopt. We will also look into changes in the information assets and vulnerabilities, as well as new threats that might surface within the selected company’s computer systems.

The undisclosed company 

There are several well-established companies within the United States alone, whether they operate locally or internationally. One particular company that we believe to be well-established is a multinational tech company that has been on the market for quite some time. This company has managed to release several products, from cellphones to desktop computers in the past few decades, not to mention 5G deployment, the latest and fifth-generation technology standard, a high-capacity transmission technique for cellular networks that is gaining momentum. In the past few years, this company, just like others, has been a target for multiple cybersecurity attacks of which some of which may have been successful. Tim Sandle, editor-at-large based in the United Kingdom believes that “a massive nitro data breach impacts Microsoft, Google, and Apple.” With the newly deployed 5G technology, this undisclosed company could also be exposed to more risks and threats.

Reviewing the future risks and solutions that might apply to the organization.

Whether it is an open-source operating system or a close source operating system (Windows and iOS), hackers are making it clear through the recent security breaches that no operating system is fully secured, and no data is safe. For many years, companies have been experiencing countless security threats. Some of them being phishing, DDoS (Distributed Denial of Service), malware, password attacks, SQL attacks, or the famous ransom attack, one of the most redoubtable cyber techniques that are being used against larger organizations. Today, cybercriminals have developed other strategies that are yet to be known by many companies, including our undisclosed ones. 

1- Future risks that might apply to the organization. 

Norton, one of the largest anti-malware software companies on the market, listed the following as some of the most reluctant companies' security threats and vulnerabilities in 2020 moving forward:

AI-powered cyberattacks.

Hackers are using artificial intelligence to create programs that imitate human behaviors and use them to trick people into sharing their financial information.

Cloud jacking 

Hackers use this strategy to gain access to programs and systems of business stored in the cloud.

Synthetic identities 

Cybercriminals use a mixture of real and forged credentials to generate the delusion of a true person.

Vehicle attacks

Internet-capable and connected cars and trucks could not just allow cybercriminals to access and unlawfully gain possession of personal data, but could also track, disable, or takeover the safety functions of the vehicle. 

Deepfake voice technology 

The technic is used to impersonate or imitate other people's voices.

New cybersecurity challenges from 5G deployment

Tech experts are concern about 5G (Norton, 2020). Of all the new technologies that our undisclosed organizations might adopt, they believe that 5G may create additional security risks and threats for many organizations, including governments and business entities. Kaspersky, another anti-malware company, stated on their webpage that this latest technology needs major improvements to at least mitigate the risks of hacking, starting with the network itself. Other risks associated with 5G are the lack of encryption early in the connection process, decentralized security, the devices connected to 5G (many IoT devices were manufactured not just with a lack of security, but also before 5G).

 Todd Haselton from the CNBC news channel reported in 2019 that our undisclosed company announced a cellphone revenue of $25.99 billion, approximately 40.8 million cellphones sold worldwide. Although hackers may not target everybody that owns this particular smartphone, many of them are CEOs and high ranked government personnel. These are potential targets using a smartphone that may not have enough security to protect their sensitive data and those of their respective companies. Yet their devices are operating on 5G. Another risk to consider is the loss or theft of the device that can land in the hands of hackers. 

 Considering changes in the organization’s information assets, our undisclosed company reported $323.888 billions of total assets and more than 137,000 employees worldwide in 2020. This leads us to believe that the company could face serious security challenges, not just internally (within the company itself), but also externally (on devices sold to customers worldwide). Therefore, the company has got to tighten its network security and enforce the policies in place.

2- Future solutions that might apply to the organization

Multiple solutions might help our undisclosed organization and many others mitigating their security risks. These potential solutions include:

-Avoiding poor password management and poor authentication requirements. The company should have and enforce a strong password policy and avoid using default or easy-to-guess passwords. Two-factor authentication in addition to the time and location of access are also best practices. 

-Avoid missing patches, as they can leave the network vulnerable to attacks. Deploy all updates, identify, and remediate risks.

-Avoid accessing social media accounts on the company’s computers.

-Human error. Research has shown that human errors are 20% of cyberattacks. 

-Avoid phishing attacks and scams. One successful way of doing so is training its employees on how to recognize those practices.

-Avoid vulnerable third-party apps. It is recommended not to download unauthorized apps on the company’s computers.

-Only access secured websites on the company’s network.

For mobile devices, the company should use mobile device management, file integrity monitoring software, and implement a strong acceptance use policy that highlights guidelines for company and workers-owned mobile devices.

  

 The NIST (National Institute of Standards and Technology) upcoming publication on cybersecurity for public safety and communications claims that ICAM remains one of the most important types of research on information security. ICAM (Identity, Credential, and Access Management), a set of security controls that allows organizations to enable the right person to access the proper information at the right time, is a tool that authorizes companies to manage, monitor, and secure access to sensitive data. 

We reviewed the future risks and solutions that might apply to an undisclosed and well-established organization, taking into consideration new technologies that the organization may adopt. We also looked into changes in the information assets and vulnerabilities, as well as a few new threats that we believe might surface, not just within our undisclosed company’s computer systems, but within any other company that is equipped with computer systems. Companies must upgrade their network security systems, taking into consideration the latest technologies such as 5G, should they wish to minimize or stop potential cyber-attacks.

Here are links that might be helpful:

AI Editor

Web hosting