Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

Top 5 cybersecurity vulnerabilities and how to address them

November 01, 2022

Top 5 cybersecurity vulnerabilities and how to address them
Incorporating technology into our daily lives—whether delivering groceries via a smartphone app, using a smart lock to secure your home or working remotely poolside—has made our busy lives a bit easier. Unfortunately, the more technology we use, the more vulnerable we become to attackers who want to access our systems, retrieve data, steal funds and cause chaos. Read about the top five security vulnerabilities for your customers to look out for—and how to help.
 
Phishing
Phishing, where someone sends a message to trick the recipient into giving out sensitive information or enable an attacker to install malicious software on a device, has been around for a while but is still a considerable threat. But as organizations have changed the way they communicate, so have attackers.
 
Some examples include:
  • Spear phishing: An attacker impersonates a large vendor and requests purchasing department details.
  • Real-time phishing attacks: An attacker impersonates multifactor authentication (MFA) login and convinces the user to reveal the one-time passcode sent to their phone or email.
  • Collaboration tools: Enterprise chat applications, online meeting platforms, and other collaboration tools can be used by attackers to impersonate a trusted source and convince people to take harmful actions, such as visiting a malicious website or revealing their passwords.
Cloud vulnerability
Customers have a misconception that because something from the cloud is delivered to them  “as a service,” they aren’t responsible for its security. This isn’t true—cloud providers are only responsible for the security of their own infrastructure, not whatever their customers run or use within that infrastructure.
 
Common cloud vulnerabilities include:
  • Misconfiguration, including lack of testing and configuration audits
  • Poor access controls, including zero trust policies and identity and access management
  • Insecure application usage, including using unpatched software and ignoring the supply chain
  • Data leaks, including accidental and malicious leaks
  • Lack of visibility, including incident detection and record keeping
Remote device vulnerability
If stalkerware sounds potentially dangerous, that’s because it is! You might have heard of keyloggers, malware installed on a victim’s computer that records the keystrokes that a user types, including usernames, passwords and other personal information. Well, stalkerware takes it up a few notches and is used for—you guessed it—stalking unsuspecting victims.
 
Once stalkerware is installed on a victim’s endpoint device (laptops, mobile devices, etc.), it provides the attacker with various surveillance data, including GPS coordinates, internet usage, audio, video and more. This can be running on an endpoint in stealth mode, making it difficult to notice it was installed.
 
Industrial Internet of Things
The Internet of Things (IoT) is the network of physical objects—“things”—embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the internet. For businesses, applying IoT technology to industrial settings is called IIoT, and devices engage cloud technologies to improve delivery and increase productivity across various industries, from manufacturing to logistics.
 
IoT devices are subject to cyberthreats, including:
  • Man-in-the-middle: An attacker breaches, interrupts or spoofs communications between two systems, and can assume control of a smart actuator and knock an industrial robot out of its designated lane, damaging an assembly line or injuring operators.
  • Device hijacking: The attacker hijacks and assumes control of a device.
  • Distributed Denial of Service (DDoS): A DDoS attack or denial-of-service (DoS) attack can negatively affect a wide range of IIoT applications, causing severe disruptions for utility services and manufacturing facilities.
  • Permanent Denial of Service (PDoS): E.g., phlashing. PDoS attacks damage the device so badly that it requires replacement or reinstallation of hardware.
 User error
As technology is rapidly evolving, users must consistently improve good safety practices to reduce the risk of vulnerabilities.
 
Some common insecure activities:
  • Use of common passwords across multiple systems/platforms
  • Use of unsecured wireless networks where bad actors steal credentials using a wireless scanning tool that captures traffic
  • Click links on seemingly safe-looking webpage that may contain links to nefarious web pages that harvest users’ credentials as they attempt to enter username/password information into a fake login page  
  • Click links in an email without first knowing if the link is a safe website
  • Enable macros or click links in documents that are not known to be safe
Scary, right? But have no fear—the best defense against cyberattacks is a good offense. 
Ingram Micro has a Cybersecurity Center of Excellence and experts that can leverage over 100 cybersecurity products to help partners understand options available to address your customer’s use cases.
 
Email An Expert