It is Halloween and the end of Cybersecurity Awareness Month. While movies and news focus on hackers and AI threats, many professionals have other fears. From shadow IT to that one successful scam message, many mundane issues are a more significant threat to a working and secure IT environment.
Yet, many of these problems are far less attractive than the next generation of AI-enabled, blockchain-verified, intelligent data protection tools. Let us look at the worries many CISOs fear more than the latest headlines.
Spam and Scam Fears
Most spam messages should be painfully obvious. After all, spammers sort their targets by gullibility when they include apparent grammar and spelling mistakes. Yet, due to the low cost of sending spam messages, even the success rate of 1 in 12,500,000 is sufficient to make a profit for the criminals.
Yet, some spammers are more successful in gaining money from their victims. The IRS’s list of annual Tax scams points to a rising response rate from corporate taxpayers. Additionally, the arms race between spammers and spam detection software leads to more targeted spam to increase the payout chances.
Spam is also the primary entry point for ransomware attacks. Significantly, organizations that lack sufficient cybersecurity awareness risk falling victim to spam-induced ransomware attacks.
Thus, an attack as old as an email is still at the top of most CIOs and CISOs’ minds.
Old And New Shadow IT
The rise of cloud computing made it easy for users to acquire new tools. You go online, enter your credit card information, and get a complete productivity suite, accounting software, or an ERP. Pre-cloud computing, each of these would have been a multi-month project. Yet, today, it is a click of a button.
Unfortunately, the speed and low cost with which companies, departments, and individual employees can adopt new technologies circumvent many of the safeguards of the purchasing process. Legal won’t review the terms and conditions unless it goes through the purchasing process. Likewise, data protection officers won’t review the privacy statements. Finally, unless they know about a technology, IT won’t review it for cybersecurity or integrate it into management and monitoring.
Consequently, every piece of unapproved software risks the company and its data. Permission and account management that limits access aren’t in place, and multi-factor authentication isn’t activated. It’s like begging a disgruntled employee or careless individual to share confidential information with the outside world.
Last One In: Forgotten User Accounts
Orphaned accounts are closely related to shadow IT but are distinct problems. Especially in disjoint IT environments, where administrators manage every piece of software separately, there is a risk of forgetting to deactivate user accounts upon an employee leaving the company or even changing positions within the organization.
The worst-case scenario involves a disgruntled employee sharing his access or exfiltrating data after leaving. Yet account degradation is the more significant issue. When no one maintains the account, no one will notice if something goes wrong. Thus, no one monitors messages about cyberattacks, surprising password resets, or accesses from new locations or devices.
Likewise, if users are supposed to take actions to secure their accounts, like activating a new multi-factor tool, no one for the abandoned account can take this step.
Consequently, orphaned accounts remain a viable entry point into corporate networks and an excellent way to exfiltrate data once inside.
Facing the Fears
None of these areas is as attractive as discussing AI’s latest and most significant development. Yet, these are the daily fears and risks for many IT departments. Board members and senior leaders must understand that these problems are more important than any of the changes today’s AI brings us. We must provide them with the resources and flexibility to face these problems and counter their associated risks. Otherwise, these fears can quickly turn into veritable nightmares.
If we don’t, we might as well use this list as a source for geeky Halloween costumes. Happy Halloween!