Top 3 Cybersecurity Threats We Uncovered at GrrCon 2024

Editor’s note: In recognition of National Cybersecurity Awareness Month this October, we are publishing a series of blog posts dedicated to educating and informing you about cybersecurity practices. This is the 10th in a series of posts. Below, you can find a list of links to the rest of the series:

• What is a Pig Butchering Scam and How Do You Protect Yourself?
• 6 Conditional Access Policies You Should Turn on Now
• Tips for Running an Effective Cybersecurity Awareness Campaign
• What is Quishing and How Do You Protect Yourself?
• Early Warning Signs Your Employees Need to Look Out for and Report to IT
• My Dad Lost Thousands of Dollars in a Romance Scam. Here’s How They Work and How to Protect Yourself
• NIST Releases New Password Rules: What Does It Mean for You?
• 7 Reasons Your Organization Needs Cybersecurity Insurance
• Why Does My Organization Need Cybersecurity Insurance and an MSP?
• Why Keeping a File with Passwords on Your Computer is a Terrible Idea
• How Do Passwords Get Hacked?
• What Happens When You Use the Phish Alert Button?
• Why Does Social Engineering Happen?

We recently attended GrrCon 2024, where cybersecurity experts gathered to share ideas and promote solutions to help businesses fight online threats.

Held annually in Grand Rapids, Michigan, much of GrrCon is about how to counter emerging and potential threats, but there are valuable takeaways that are of interest to you, our clients.

Artificial Intelligence: Bad Guys Can Exploit It

Artificial intelligence (AI) was this year’s theme, as it has been top of mind for tech companies. Google, Microsoft, Apple and OpenAI each have released their version of a chatbot designed to follow a prompt and generate human-like responses.

While these chatbots are great for productivity, bad guys have found ways to exploit their design to cause harm to organizations and their employees.

Because tech companies are rushing to release their products to the public, security has been lagging for these applications. Some basic security features exist, but attackers already have found ways to beat the system.

For example, you can’t plainly ask a chatbot how to make a bomb, but with the right prompts, you can trick it into giving you some details.

Additionally, attackers have figured out how to upload malware by prompting chatbots to grab a “template” that lives somewhere on the internet. However, that “template” is malicious code designed to steal credentials or send data from other people’s chats to the attackers.

Our advice is to be careful about what you send a chatbot. Never send personal or financial information and ensure your chat data is protected before you upload private documents.

Password Cracking: Avoid Short Passwords and Patterns

As computers are becoming more powerful, password cracking is becoming incredibly easy, with even 12-character passwords breakable in hours.

The timing of this discussion is great, as the National Institute of Standards and Technology (NIST) recently released updated password guidelines that are meant to increase password security while making it easier for users to remember their passwords.

Our advice is to avoid common patterns (adding the month, year, your name, your company name, etc.) to the end of your passwords. It’s the first thing hackers will try because they know people fall into these predictable patterns.

We also recommend passwords of 15 characters or more and utilize passphrases that are easier to remember (e.g.: TreeBoxChairClock) but harder to crack because of their length.

Backups: Make Sure They Scan for Malware

Lastly, backup solutions are evolving and doing more than just creating copies of your data.

Organizations are moving toward backup software that also scans your data for malware and checks for encryptors, identifying potential threats before they can cause harm.

Attackers live in an organization’s system for at least a week — and oftentimes longer — before attacking. They do this because they want to understand where everything is and gather as much data as possible before initiating the attack. Additionally, the longer attackers are in your system, the fewer backups that are viable to use.

This is why it’s important to have at least a month’s worth of backups that can be used before an attacker infiltrates your network. Additionally, consider upgrading your backup system if it doesn’t scan for malware.

GrrCon is a great way for us to stay on top of trends in the world of cybersecurity, and it’s nice the event takes place in our own backyard.

It helps us improve our services so that you can keep your business running smoothly while increasing productivity, security and profitability.

Grand Rapids-based Managed Service Provider

Do you have questions about AI, password guidelines or backups? Contact us here so we can help your organization stay safe and thrive.

Did you like this blog? You can subscribe to our newsletter to receive a weekly email with our latest blog posts.