4 takeaways from the 2019 Booz Allen Cyber Threat Outlook report

New technologies continue to surprise us, changing the way businesses operate worldwide. However, threats to cybersecurity remain or increase with these new developments.

Booz Allen recently released its 2019 Cyber Threat Outlook report, which offers insight into what we can expect to be the biggest risks this year. Here are some takeaways you could start communicating to employees:

1. Authentication and the IoT
Employees need to remember best practices in password creation and ensure they’re regularly updating them. The outlook report showed that 15 percent of device owners don’t change the default password on their devices, and 10 percent of devices use the same five passwords for administrative access.

Encourage workers to update passwords regularly – or, make it mandatory. This is more important as the Internet of Things, or IoT, pervades networks and brings new security risks for companies. It’s important to do regular network scans to see if any vulnerable devices exist. Booz Allen advised to keep IoT devices, like wearables, in mind when creating a risk vulnerability management plan.

And because many organizations are moving everything to cloud storage, make sure you implement multi-factor authentication on each device. Multi-factor authentication, according to TechTarget, requires more than one method to identify a user when logging in, such as a password as well as a text message with a unique code.

The report also indicated that Bluetooth devices are especially vulnerable to attacks, and that employees should disable the wireless function, when possible, on devices.

2. Credit card chips are more secure – for now
The widespread use of credit card chips adds a great deal of security, the report showed, since it got rid of the magnetic strip risk of criminals’ skimming and point-of-sale (POS) malware tactics. However, this won’t stop criminals for long, as they have already been finding new avenues.

POS machines are devices that record credit card transactions, like the chip readers that have become prevalent in the U.S. The report’s creators suggested ensuring that any POS machine used for transactions is only accessible to certain users and accounts.

POS devices read credit card chips for added security, but that won’t stop attackers from trying new tactics.

3. Adware is a growing threat
Adware is not often taken too seriously by security professionals within organizations. Adware, as the name suggests, automatically shows users advertisements or downloads them, and its been historically easy to detect by antivirus software. But more sophisticated adware has been created that can get around antivirus detection.

The Booz Allen professionals said that threat groups, either criminal or state-linked, could take advantage of these recent improvements in adware.

Educate employees on this risk and encourage them to report adware alerts and consider them to be threats or incidents, rather than just annoying pop-ups. Another strategy to avoid adware threats would be to restrict the software and browser plugins that employees can install.

4. Watch out for fake videos
Finally, the report advises organizations to spread the word about ‘deepfakes,’ which are AI-created videos that spread false information that appears very believable. Criminals use deepfakes to target organizations, often to damage their reputation or even their financials.

Because this is a growing threat, according to the 2019 Cyber Threat Outlook Report, companies need to be aware of it and start to address it. Booz Allen says to talk to public relations and communications professionals about the risk, and set up an alert system that will notify these teams, as well as leadership, about any kind of news story involving your company.

It’s also important to practice executing plans if this were to happen.

These are just some of the threats that the Booz Allen report suggested will be prominent in 2019 for employees across industries. Most important is to stay educated and to continue educating your teams about their responsibility to combat cyber threats.