Opinions expressed by Entrepreneur contributors are their own.
The threat landscape is growing, and professional cybercriminals are increasingly becoming more dangerous as their methods develop in complexity and sophistication.
Although threat actors leverage different techniques, they all have a common goal: to find a single exploitable security weakness and rapidly take advantage of the situation. Developing a tactical response plan is essential; however, the best defense is strengthening security to prevent attacks from occurring in the first place.
Most of us are familiar with common security recommendations: 2FA, software updates, data encryption, using secure networks, VPNs, proxy servers and more. While these recommendations should always remain part of your security toolkit, others have emerged to help you adapt to the rapidly evolving threat landscape.
1. Avoid inputting sensitive information into generative AI applications
Generative AI leverages machine learning and deep learning algorithms to autonomously generate content based on complex data patterns. These systems are trained on datasets containing text from the internet, books, articles and other public sources; however, they can also “learn” from user interactions by collecting data from conversations.
Recently, enterprise-grade versions of ChatGPT and GitHub Copilot have been introduced, claiming that these models do not use business and conversation data for training purposes. To safeguard sensitive data, at Oxylabs, we actively encourage our employees to use business accounts.
Nevertheless, it is less clear how popular generative AI tools use customer data if customers interact with free versions. Therefore, users should still exercise caution by avoiding the input of sensitive or confidential company data into generative AI applications if free accounts are being used. Further, data should be completely anonymized and stripped of personally identifiable information to maintain privacy and security.
2. Go beyond standard security protocols for remote teams with encrypted, containerized workspaces
Hybrid teams went mainstream in 2020 and are likely here to stay. While working remotely benefits both employers and employees in many ways, the use of mobile teams continues to challenge organizations from a security perspective.
We’re all familiar with conventional protocols such as using trusted Wi-Fi networks, VPNs, Multi-Factor Authentication (MFA) and data encryption. Due to the increasing use of cloud-based services, companies must also ensure each vendor has robust security practices in place and maintains compliance with the latest security regulations.
Another emerging recommendation is deploying encrypted, containerized workspaces on company-owned and personal employee devices. The use of such systems ensures data is secured in a container even if device safety is compromised. For example, if malware infects a containerized browser, it won’t be able to spread anywhere beyond it.
3. Secure supply chains with a risk-mitigation strategy
Supply chains are growing in size and complexity, requiring a comprehensive risk management strategy that includes compliance with regulations and robust safety protocols.
Risks include phishing attacks, ransomware, software vulnerabilities, man-in-the-middle attacks and more. It is recommended to implement standard security measures such as firewalls, intrusion detection systems and advanced security monitoring. Further, it’s essential to integrate specialized security standards and practices, such as the Cybersecurity Framework developed by the U.S. Institute of Standards and Technology (NIST).
4. Swap traditional encryption methods with quantum-resistant encryption algorithms
Quantum computers beat traditional computers by leveraging quantum mechanics to solve complex problems faster; however, their use poses a challenge to commonly used encryption methods.
Encryption typically converts plaintext (unencrypted data) into ciphertext (encrypted data) using a cryptographic algorithm that requires a key to “unlock” the data. Quantum computing potentially weakens or breaks commonly used encryption techniques, such as Grover’s algorithm, Shor’s algorithm and quantum key distribution.
To address the threat, researchers are exploring post-quantum cryptographic techniques and algorithms designed to withstand attacks from quantum computers. These include code-based cryptography, hash-based cryptography, lattice-based cryptography and more. In the meantime, organizations must maintain a robust security posture and stay informed of quantum-resistant encryption methods as they become available.
5. Safeguard Cyber-Physical Systems (CPS)
Cyber-Physical Systems (CPS) communicate with the world around us through a network of computational and physical components. These include electrical power distribution systems or smart grids, smart traffic management systems, autonomous vehicles, remote healthcare monitoring, smart buildings and more.
The concept has been around for decades; however, the emergence of Internet of Things (IoT) devices, connected appliances and sensor technology has increased CPS prevalence substantially since 2010. Data generation has grown concurrently, attracting cybercriminals in the process.
Access control, authentication, software updates, monitoring and regulatory compliance are well-known protocols to secure CPS. Emerging recommendations also include:
Network segmentation to isolate critical CPS components and less crucial systems to limit access in the event of an attack;
Designing CPS systems with redundancy and fail-safe mechanisms to ensure systems keep operating if an attack or system failure takes place;
Regular penetration testing or simulated cyber attacks to identify vulnerabilities.
6. Boost your Identity and Access Management (IAM) strategy with three-factor authentication (3FA) and passkeys
We’re all familiar with two-factor authentication (2FA), where two steps or “factors” are required to access a system, including a password or PIN and a mobile phone or device that generates a one-time password (OTP).
3FA takes security up a level by requiring authentication comprised of some type of biometric data, such as a fingerprint, face scan, iris recognition, vein recognition, voice recognition or other piece of highly individual data. However, even 3FA might soon be overthrown by passkeys, a technology already used by Google. Resistant to phishing, passkeys utilize fingerprints, face scans or pins to unlock a device or program without using passwords.
7. Protect assets with cyber insurance
Last but not least is cyber insurance. It’s not the most innovative or exciting recommendation on this list, but insurance has existed for hundreds of years because it adds value to any security strategy.
Cyber insurance can protect your organization from liabilities associated with sensitive data breaches, such as credit/debit card details, health records and social security information. While it may be cost-intensive in some cases, it does have the potential to save your organization millions of dollars in the event of a security breach.
Cybercriminals continuously enhance their techniques. That’s why it’s imperative to stay a step ahead with a robust data security strategy that fuses next-generation practices that go beyond familiar safety protocols. Integrating these recommendations protects your organization’s digital assets on the ever-evolving threat landscape to ensure long-term business viability and success.