What’s the biggest issue facing your business right now? For most companies, possible answers would include marketplace competition, acquiring new clients, lack of staff and a host of other challenges. And while each present a unique problem, the danger isn’t powerful enough to close your company down immediately.
However, with one wrong click of the mouse, a cyber threat can infiltrate your system, steal your data, and close your doors for good. In some instances, these cyber criminals won’t even steal anything. They may simply block your access files until you pay a hefty ransom.
According to research from Symantec, more than 317 million pieces of malware are created every year. And if you’re thinking only large corporations are at risk - then you’re mistaken. Malware is created to target a specific weakness or vulnerability and are sent out in bulk to large corporations, as well as small and medium businesses. Cyber criminals could care less who it affects, as long as someone takes the bait.
This is why businesses continue to be stung by cyber threats. Not only are you and your employees likely to be out of the loop when it comes to what a threat looks like, but your networks and systems will have little to no protection in place to stop malware once it reaches your company’s network. And, when that happens, it is mission accomplished for the hackers who will now be able to hold you for ransom or take whatever files they wish and sell them on the black market.
With over a billion pieces of malware out there disguised throughout the internet, as well as being sent directly to the inbox of your employees, there is not a day that goes by where your business isn’t under attack. Sure, it’s not a targeted attack, but these passive attacks can do serious damage to your business and its reputation. After all, if clients find out their data has been stolen or that your systems have been hacked, they will certainly reconsider their decision to do business with you. And the monetary costs of being a victim of cyber crime will set you back as well. You will not only be on the hook for any possible downtime at your business but you could also face fines if you are found to have broken any compliance regulations. For many businesses, these problems can often be too great to overcome.
With that in mind, let’s take a look at a few of the security threats business's face and just how they work.
In many ways, account hijacking is the most dangerous threat facing your business since it gives cybercriminals the one thing necessary to execute most cyber threats - trust. Think about it, if your employees or clients receive an email from someone at your company they know and trust, they will likely do whatever is asked of them in an email without thinking twice about it. That’s why cyber criminals look to find ways to access business email accounts. With that built-in trust, it becomes infinitely easier for them to get someone to download a malicious file or willing to give up valuable information. And it’s also a lot easier for them to spread their malware around to other companies you’re regularly in contact with.
Now you are probably wondering just how one of your staff members will have their email account hacked. Most of the time, they will have unwittingly given up their passwords as part of some phishing or spear phishing scheme where a cyber criminal sends an email claiming that something with their account is wrong and needs to be corrected immediately. In some cases deadlines are used to get the individual to act quickly without thinking things through. The unsuspecting victim will then be lead to a professional looking website and prompted to enter their details including email password to “correct” the problem.
Of course there is no problem and they have just given up control of their email account, and possibly other accounts if they use the same password, to a cyber criminal.
Most people are quite familiar with Trojan horses and they have been around for so long they almost feel as if they belong to a bygone era of the internet along with Netscape Navigator and Ask Jeeves. Not only are Trojan horses still alive and well, the BBC reported that one such threat, the Dridex Trojan, managed to steal more than £70 million from victims across the globe in 2015. This malware would steal online banking data from a user’s computer and use it to access their account.
The worst thing about this Trojan horse was that it was hidden in an unassuming Microsoft Office document that is likely to be similar to the ones passing back and forth between your employees, clients and vendors on any given day. Jens Monrad, a systems engineer at FireEye, told CNBC that businesses also face further risks from Dridex since it can perform activities such as stealing credentials from applications, keystroke logging and even download further malicious programs.
And this is only one of hundreds of thousands of Trojan programs out there and ready to strike. Each one is different in some way but the end result is always bad as it makes its way onto your networks to wreak havoc.
One threat growing in scope and targeting business's is digital extortion including ransomware. Research from Symantec shows the number of digital extortion attacks increased 113 percent from 2014 to 2015 and the FBI is predicting the number of attacks will continue to grow. Much like Trojan horses, worms and other pieces of malware, these make their way onto your system by downloading an infected file. Unlike other malware which is setup to spy on your data and steal valuable information, ransomware will prevent you from accessing your systems. Other forms of digital extortion feature cyber criminals accessing your systems and threatening to sell your data and information unless you meet their demands.
In most cases of ransomware, the hackers will demand somewhere between £250 and £500 paid via Bitcoin to go away and unless you have system backups ready to go, you are more or less at the mercy of these cyber criminals. The cost of other types of digital extortion can vary depending on what type of information your organization stores with businesses in the healthcare, legal and financial services sector more vulnerable to this kind of attack.
Prevention is the best medicine
If you talk to any cyber security expert, they will tell you that prevention is the best way to fend off threats. For instance, email and spam protection can significantly reduce the number of emails with malicious attachments received by your employees and cut down the probability that something harmful is downloaded onto your network. Anti-virus and anti-malware that scans and identifies harmful files before they can be downloaded is another security aspect that can help in your company’s prevention efforts.
It’s also important to remember that the threats listed here are simply a small sample of what’s lurking out there. And the thing is cyber criminals don’t care if you have one or 1,000 employees. They are simply putting bait out there hoping someone bites. That’s why it is important to have an expert who knows security and how to protect business by overseeing your IT.
If you want to know more about how you can defend yourself from cyber threats, contact the team here at Ingenio Technologies. We have experience protecting businesses just like yours from the actions of cyber criminals.
Like this blog? Check out our previous blog in this series:THE NEW AGE CRIMINALS – Spyware.