Back to list

Crakmedia Blog

3 vulnerabilities in cybersecurity

Why should you spend on cybersecurity?

Digital frauds have become quite common in the news, and their consequences can be pretty severe for the targeted companies, their customers, and their partners. In 2011, the Playstation Network suffered one of the most significant data breaches in history. The confidential data of 77 million members of their network was leaked, causing a service outage that lasted almost two weeks. In Quebec, 2019 is synonymous with the worst data breach ever known in the province, with the theft of millions of clients’ data from the Desjardins financial cooperative.

Lawsuits, class actions, public confidence loss, financial compensations, penalties, and endless investigations are just a few of the costly consequences for companies. A multibillion-dollar company might have the resources to absorb the losses and rebuild its reputation. A smaller company might not be so lucky and risk losing everything. It is thus better to invest in preventing data theft before it happens!

Passwords are a security risk

Password, 123456, 123456789, guest, and qwerty are the 5 most used passwords in the world, according to NordPass’s 2022 ranking. Hacking software will only need a few seconds to decipher those passwords.

SpyCloud revealed at the beginning of 2023 that 721 million passwords were leaked publicly on the dark web just in 2022! The worst part is that 72% of the leaked passwords were still in use, creating a potential security breach in tens of thousands of companies for cybercriminals to exploit.

Considering their great vulnerability, the topic of getting rid of passwords altogether is often mentioned in tech media. We are not quite there yet, so the best way to protect your data is to use a combination of methods:

  • Complex passwords: require your employees to create complex and unique passwords of a minimum of 12 characters using a mix of lowercase, uppercase, numbers, and special characters. Hacking software would need a few months to a few years to decipher such passwords.
  • Two-factor authentication: the user must confirm their identity using a unique code from an authentication app or execute an action on their smartphone. This is secure only if a passcode or biometrics protects the device.
  • Password manager: this software generates, records, and encrypts very complex passwords that a user could not possibly remember but are almost unhackable. Your employees only need to create and remember one strong password to protect their vault.
  • Password expiration: force your employees to change their passwords every few months. In case of a data leak, the passwords will probably be obsolete by the time a pirate tries to use them.

In addition, dark web monitoring services such as Firefox Monitor will notify you if your data is leaked. Have I Been Pwned is another service that allows you to check if your email address or passwords have ever been compromised. Would you find yours there?

721 million passwords were published on the dark web in 2022, and 72% of those were still in use in 2023

The human factor in cybersecurity

Suppose they can’t break through your security measures. In that case, the pirate will try to get around them to access your data using the weakest link: humans. Verizon revealed in 2022 that 82% of data leaks were caused by human error. We are thus the best data source, whether we give it on purpose or not.

A cybercriminal will use several methods to influence someone to reveal the information they need to get into your network. This is called social engineering and exploits people’s emotions to obtain information.

  • Fear: The pirate tries to create a feeling of panic and drive the person to act impulsively out of fear. For instance, they might convince you that your computer is infected with a virus. They urge you to install specific cleaning software, but it is in fact spyware that will open a backdoor into your network.
  • Trust: the data thief will impersonate a trusted partner or a renowned brand to extract the confidential information they need without raising suspicions. This is what we call phishing. For example, you receive an email saying your license for the software you use has expired, and you need to connect to their platform to renew it. However, the login page is fake; you just voluntarily gave your username and password.
  • Greed: the cybercriminal tries to convince the user to give their information on purpose in exchange for money or a prize, which is obviously fake. You receive an email saying that you won a raffle for $5000, and you only need to pay the wire transfer fees in advance or, worse, log in to your bank account.
  • Emergency: the ill-intentioned person sets up a scenario that involves an urgent situation. This is the tactic behind the president’s fraud. A person impersonates a company executive and asks for an immediate wire transfer for a secret project or for their login credentials that they “forgot.”
  • Altrusim: The fraudster will use your will to help others against you. For example, you use your keycard to access the office and hold the door for someone rushing behind you. You don’t know that person, but how could you know everyone in the office, right? Unfortunately, that person was not an employee and wanted to connect directly to the network to go around the firewall.

Human error was the main cause of 82% of data breaches in 2022

It is vital to raise your employees’ awareness about security risks that are their responsibility. You can plan fake phishing attacks to keep your employees on their toes, along with year-round awareness campaigns. A best practice is to design yearly or even biannual cybersecurity training to refresh everyone’s memory. The Canadian Centre for Cyber Security website is a good source of reliable information for the general public and companies.

Cybersecurity and your digital ecosystem

We depend on our computers, apps, and IT networks to carry out our work in digital marketing. Cloud computing has become common for various applications in the last few years and an integral part of many work ecosystems. These components form a digital ecosystem essential to the smooth functioning of companies. Thus, ensuring all those parts are secured and won’t allow a pirate in is critical. There is a problem: you have no direct control over most of those components’ security!

  • Apply updates: Always keep everything updated, whether it is your hardware’s firmware or the software your employees use daily. These updates contain many code patches that fix security and stability issues, thus making your infrastructure less vulnerable to attacks.
  • Test new software: Make sure that new software works as expected, is stable, comes from trusted sources, and does not create a security risk on your network before allowing users to install it.
  • Assess new cloud computing providers: Since the software will be hosted outside of your premises, make sure that new providers apply the same or even better security measures as you do. You are accountable for the private data hosted on their servers. Vous êtes responsables des données confidentielles qui se retrouveront potentiellement sur leurs serveurs.
  • Install security software and firewalls: Cybersecurity threats can be found anywhere, and it is necessary to have automated processes to detect, contain, and eliminate them in the event of an intrusion.
  • Backup and encrypt private data: If a data breach or loss occurs, you will be able to recover most of your data, and the thief will have a hard time accessing your data.
  • Use the least privilege principle: Any user on your network should only have access to the data they need to do their job, no more, no less. The principle limits the data a pirate can access in case of a security breach and protects the rest of the company from further damage. Ce principe permet de limiter les dégâts en cas de brèche de sécurité et d’éviter d’exposer l’ensemble des données de l’entreprise.

With cybersecurity, better safe than sorry

Cybersecurity threats are pervasive and becoming more refined each year, making them more challenging to identify. It was much easier when we only had to beware of very obviously fake emails from a certain wealthy Nigerian prince who had 2 million dollars for us in exchange for our bank account details. Fraud attempts nowadays are more subtle and systematic. Investing in cybersecurity right now is essential to protect your company’s private data and avoid it falling into the wrong hands.

______
As a leader in performance marketing, cybersecurity is fundamental at Crakmedia. Training the whole team is of course at core of the company’s security strategy. The company leverages the powerful and dynamic SAP Litmos to train all employees at the beginning of each year.

3 weaknesses in cybersecurity
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.