As we begin 2024, Joe Kelly, Vice President of IT & Data Security at Lumine Group provides insights1 into cyberattacks in an era where cyber threats are becoming more sophisticated and pervasive, and require a heightened state of readiness. With over 30 years of industry experience, he discusses ways in which cyber threats have changed the landscape of data security.
In this article, we explore different cybersecurity challenges, threats observed in 2023, the importance of multi-factor authentication (MFA), emerging technologies, and what to look out for in 2024.
At Lumine Group, we remain in permanent learning mode with regards to cybersecurity and we continue to seek advice from those who know better.
“No matter how prepared, this will always remain a no-win game,” said Joe. "We will always be up against it.”
This proactive approach attempts to stay ahead of threats by understanding the data being managed and promoting a cybersecurity philosophy throughout the organization. Below, Joe reflects on key learnings from 2023, and how we can strengthen our own cybersecurity practices this new year.
Q: Joe, what did we learn about cybersecurity in 2023?
Joe: Reflecting on the past year, we saw different news stories that demonstrated how now, more than ever, it is impossible to remain entirely risk-free.
You can compare our diligence in keeping up with the best cybersecurity protocols to an athlete’s fitness regime. It highlights the need for a strategic and disciplined approach. An athlete's well-being and potential hinge on their daily habits and mindset. So, to perform at their best, it's crucial to be aware of how their lifestyle impacts readiness for training, competition, and success.
Similarly, IT departments need to be aware of how the landscape of cybersecurity is ever evolving and how changes can impact an organization’s ability to be ready. We too need to be training constantly and reviewing changing threats.
For example, social engineering attacks are getting more sophisticated. Phishing attacks where a scammer tricks the unsuspecting target into clicking a malicious link, downloading malware, or sharing sensitive information, are becoming more targeted.
Q: Both in our professional and personal lives, there seems to be a greater focus on the conversation of protecting your data, especially with the increase of two-way and multi-factor authentication. How important is it? What should employees pay closer attention to?
Joe: Two-factor authentication (2FA) requires users to present two types of authentications, and Multi-Factor Authentication (MFA) requires users to present at least two. We’ve seen a real shift to prioritize MFA. This provides a crucial role in enhancing data security measures by adding additional safeguards to protect your accounts. With that said, cybersecurity best practices require a layered approach, for which MFA is just one.
Organizations and employees can significantly enhance their data security and better safeguard accounts by paying closer attention to passwords. Increasing password length and using unique passphrases that can help keep unauthorized users out of accounts.
Tokens, which are digital keys that provide temporary access to specific resources or services can also be used to authenticate processes. Lastly, utilizing unique codes, like a changing combination of numbers, serves as an additional safety feature. Ultimately this needs to be adopted across any organization.
MFA should not just stop at the traditional office. Now more than ever, employees are working remotely and the deployment of MFA in both online and in-home settings is something everyone should be aware of and enable.
The home office includes equipment that the IT department has not managed to date. IT departments need to think beyond their traditional boundaries and consider policies, procedures, and capabilities that support secure access to systems and data from employees who work from anywhere (WFA), connecting via equipment beyond their realm.
Q: In 2024, what emerging technologies in the data security space can we look for?
Joe: As we continue to move more corporate services to the cloud, password management tools are now providing more value. Even in an environment where Single Sign On (SSO) is implemented, users struggle with the number of accounts and passwords they are required to manage. This is true in both their corporate and personal lives, so they resort to using the same credentials for many services, increasing the risk of compromise.
Password management tools allow individuals to offload the work of memorization and offer a secure vault for managing accounts and passwords. Systems often have different minimum password requirements. Password management tools can aid the user in producing complex passwords while making it simple, and with support for ‘browser extensions’, logging onto web-based applications and services can be simplified.
Password breach detection is included in most password management tools.
Q: What cybersecurity challenges or opportunities do you anticipate making headlines in 2024?
Joe: As I said earlier, we remain vulnerable. In my opinion, as we step into this new year, there can be many opportunities and challenges with cybersecurity. Three challenges to pay closer attention to are:
1. Social engineering attacksThese attacks manipulate or coerce someone using their social connections to negatively impact them or their organization.
This could include providing sensitive information. The perpetrator might pretend to be someone the user knows or someone trustworthy, like a well-known, often senior member of the organization. They might try to convince users to take actions that allow them to access your systems, like providing a password.
If successful, these malicious actors can gain access to user accounts, steal confidential business information, and possibly introduce harmful software including ransomware.
2. Ransomware attacksRansomware attacks are ever-increasing. In a ransomware attack, malicious actors use harmful software, or other techniques, to encrypt, steal, or delete data. They then ask for a ransom to reverse the change and undo the damage.
Ransomware can have a costly impact. It could affect regular business operations and reputation as intellectual property, customer, and personal data could be compromised in the process.
3. Data breachesData breaches occur when unauthorized individuals gain access to confidential information. The consequences are often severe and the malicious actor obtaining the confidential information may also be a resource from within your business. Security awareness training raises the level of knowledge within an organization of how data may be compromised. A layered approach to Cybersecurity should always include awareness training.
Q: Can you share any actionable best practices?
Joe: Actionable steps for employees to incorporate best practices into their daily routines will differ. But the following are good starting points:
- Maintain good MFA hygiene and use unique and complex passwords. These practices are entry-level requirements in any defense against cyber threats.
- For mobile phones, enable biometrics. Biometrics is like a digital fingerprint for your phone. It uses unique things about you, like your face or fingerprint, to make sure only you can access your device. So, if your phone gets stolen, having biometrics turned on helps keep your information safe.
- Always track your devices. In the case it ever gets lost or stolen, you’re protecting personal and corporate data by being able to remotely wipe those devices.
- I mentioned it earlier, but it's important for everyone to take part – so challenge your local IT department on their MFA protocols. Accept that MFA is part of life, so make it part of your routine.
Through this conversation, we are reminded of the ways to protect ourselves from cyber threats and learn new ways to ensure data is secured. Joe reinforces that every organization is vulnerable, and constantly fighting against the threat of cyberattacks.
Following the philosophy of a “no-win game,” it is important to stay informed, remain ahead of threats, and deploy a proactive cybersecurity philosophy that will be crucial to safeguard your digital future.
At Lumine, we share insights into the ever-evolving communications and media industry, and company culture. We are always interested in speaking with individuals who would like to learn more about life at Lumine. Whether you have questions about our acquisition philosophy or questions about a Lumine business, please get in touch to learn more.
[1] The information provided in this blog is for general informational purposes only and note intended as advice. Reliance on information herein is disclaimed. Readers are advised to seek independent expert advice for their specific cybersecurity needs.