October is Cyber Security Awareness Month

Does your cyber security plan make you more than a statistic?

In the wake of multiple data breaches, ransomware attacks and backdoor hacking incidents, it seems like National Cyber Security Awareness month couldn’t have come at a better time. 

Established in 2004, National Cyber Security Awareness month takes place every October and is “designed to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident,” according to the Department of Homeland Security. 

Those national security incidents appear to be on the rise. This year is lining up to be the worst year for cyber security incidents on record with a number of high profile breaches and global attacks, including:

  • Cloudbleed – February 2017
  • WannaCry ransomware attack – May 2017
  • Petya/NotPetya ransomware attack – June 2017
  • 198 Million Voter Records Exposed – June 2017
  • Instagram Data Breach – August 2017
  • Equifax Data Breach – September 2017
  • CCleaner Malware Attack – September 2017
  • Deloitte Data Breach – September 2017
  • Sonic Drive-in Data Breach – September 2017
  • Whole Foods Data Breach – September 2017

While it would be reasonable to assume that companies and individuals are paying closer attention to protecting against cyber security threats, that doesn’t appear to be the case across the board. A number of vulnerabilities have recently come to light, proving that we still have a long way to go when it comes to ensuring our online security.  

Top Trading Apps Packed with Security Flaws
Research Group IOApp recently ran a test on 21 of the top mobile stock trading apps, responsible for millions of users and billions of dollars worth of transactions yearly, and their results were staggering. 

Of the 14 security controls tested, 95% had a high failure rate in privacy mode, 67% failed in secure data storage, 95% failed in root detection, and 62% failed in sensitive data in logging console, hardcoded secrets in code and SSL certificate validation.

Worse, 62% of the apps sent sensitive data to log files where 67% of that data was stored unencrypted, exposing users’ net worth and investment strategies to potential hackers.

Failure to Secure the Internet-of-Things
The American culture has been quick to embrace the Internet-of-Things (IoT) with over 8.4 billion devices currently in use. Whether you control your thermostat through your phone, ask questions of your Echo or Alexa home assistant, or monitor your home security system from a basketball game, the reliance on the Internet-of-Things also leaves us increasingly vulnerable to cyber criminals. And many owners are completely unaware. In fact, research shows that one-third of all IoT owners never change the default password on their devices and 54% don’t use third-party security tools to protect their investments. With estimates suggesting that by 2020 25% of cyber security attacks will be against IoT devices, these statistics are especially troubling as some users are essentially inviting criminals into their homes through connected home assistants and vulnerable security systems.

The global cost of cyber security failures is continuing to rise. It is estimated that cybercrime costs have increased by more than 23% in the last year alone, with over 130 breaches worldwide. Companies across the United States have incurred the highest cost in the world, approximately $21 million, in data breaches.

With cyber crimes showing no signs of slowing down, it’s vital that every organization takes a closer look at the security plans they have in place and the systems they are using to protect their sensitive data. At Spud Software, we’re committed to helping companies safeguard against cyber criminals and protecting our clients from becoming more than another cyber security statistic.