Getting Savvy
About Cybersecurity
Persistent and ever-increasing attacks by bad actors highlight the pressing need for more sophisticated approaches to data security
Technology has changed nearly every facet of modern life, making things easier, faster, and more convenient. It also has opened the door for criminals to steal not just money but something that has become increasingly valuable: data. Individuals and corporations face the daily challenge of ensuring the extraordinary volumes of information shared across the internet and internal networks are kept secure.
“Bad actors have always been a threat to maintaining a secure network,” said Sheikh Rabiul Islam, an assistant professor of computer science at Rutgers University in Camden, where he leads the university’s Cybersecurity, Accountability, Fairness, and Explainability Research Group. “As systems and networks become more complex and interconnected, the opportunities for possible breaches multiply.”
According to Security Magazine, a leading industry publication, there are more than 2,220 cyberattacks every day, or one every 39 seconds. From successful phishing attempts to malware or misuse by authorized users, this amounts to more than 800,000 attacks a year. The data companies and organizations keep on their networks is the most common target.
“The primary challenge faced by organizations in terms of data security is data breaches, which involve compromising the confidentiality of information,” said Islam. He added that in addition to attacks made directly against an organization’s networks, third-party apps, software, and mobile devices create additional susceptibility.
The rise of remote work has added to the complexity of fighting off cyberattacks. People working from home could potentially install unapproved software, or their remote location could make it hard to set up conventional protections like firewalls. An analysis by a leading virtual office contractor found a 238 percent increase in cyberattacks since 2019.
Remote work also has accelerated the adoption of cloud computing, further increasing network vulnerability. A 2022 report found that nearly 39 percent of businesses had experienced data breaches in their cloud environments in the previous year.
“Any compromise that can occur on local computers or devices can also occur in the cloud—and I would argue that the risk is even higher in the cloud,” said Islam. “Cloud providers cater to multiple companies, resulting in extensive sharing of resources such as computing power and storage, creating a potential vulnerability for attackers to exploit.” Islam noted that, like the cloud, mobile, and devices connected to the Internet of Things (IoT) further expand the opportunity for a network to become compromised.
Outside partners and third-party vendors also open the door to potential issues of concern.
Many of these attacks go unreported. However, according to Black Kite, an independent organization that assesses cyber risk, third-party data breaches nearly doubled from 2021 to 2022, with health care providers being the most common target.
“Any software, including third-party applications, could potentially harbor a backdoor, whether intentionally designed or unintentionally present,” said Islam. “Not all service providers can be trusted, and any of them—trusted or not—could fall victim to a data breach.”
Islam urged companies or organizations with third-party software providers to thoroughly review their service-level agreements and clarify expectations about potential security breaches.
Interestingly, while the scope and likelihood of possible threats are expanding, the methods for combating them remain surprisingly familiar. Up-to-date antivirus software, now commonly referred to as antimalware software, has been in use since the 1980s, continues to play a significant role and, according to Islam, it should be installed or activated on all devices within a network, including computers, servers, smartphones, and tablets.
Another critical step is to adopt multifactor authentication. “I cannot say this strongly enough: use multifactor authentication for every application and device that accesses a network,” said Islam. “This way, even if one form of authentication [such as a password] is compromised, an alternative form of authentication [such as a one-time code sent by text] can offer temporary security.”
Keeping software updated, insisting on strong passwords, and training users to be cyber-smart are additional simple but essential ways to keep networks safe. “Urge users to avoid using the same password across various platforms and to exercise extreme caution when dealing with possible phishing emails,” said Islam. “This classic and still widely used method is a prime way for attackers to steal information. It’s beneficial for everyone to possess a foundational level of IT literacy.”
As organizations and individuals become more sophisticated in battling cyberattacks, criminals will undoubtedly develop new ways to hack into the troves of data now stored across the globe. “No one is entirely safe from cyberattacks as long as they are connected to the internet in some way,” said Islam. The trick is to stay vigilant and remain one step ahead.
Design: Karaamat Abdullah
Photography: Ron Downes Jr.