Too many business leaders assume that if they have a next-generation firewall, a good endpoint solution and an email scanning solution, they’re safe, says Chris Ripkey, head of ConvergeOne’s Cyber Security Practice. But that’s not the case. “Cyber security always changes. It's always evolving and it gets more complex each year,” he says.
Organizations often miss key vulnerabilities, whether it’s their data protection layers, their employees who can be manipulated to provide access to a network or a weak data recovery plan. October is Cyber Security Awareness Month, and it’s the perfect reminder that organizations can’t sit back on their heels amid a dynamic and aggressive cyber security landscape.
Preventing cyberattacks starts with privacy and people as part of a comprehensive Prevent, Detect & Recover Architecture, says Ripkey. “The weakest link in any chain,” he says, “is the people-side of cyber security.”
One of the biggest trends in cyberattacks today relies on social engineering, or manipulating employees into inadvertently providing access to the network via mistakes or behavior. Phishing emails had been the go-to method for years, but more recently hackers have found success with a new trick: spamming people with multi-factor authentication.
This spring, malicious hackers began targeting Office 365 users by bombarding them with incessant push notifications on their phones asking if they authorize a login to their account. “They spam them until finally they just hit approve because they don’t want to deal with the spam requests,” says Ripkey.