Security and cyber threats have become a very hot topic recently in the technology world. With the rise in the reliance on technology for businesses, it’s more important than ever to make sure you are educated on the possible cyber threats. This guest blog from our partners at RapidScale details some of those threats and gives suggestions on how to keep secure from them.
Multiple reports have been published recently covering the cyber threat landscape for businesses, including the Verizon 2016 Data Breach Investigations Report and McAfee Labs 2016 Threats Predictions. These reports have unveiled some of the major cyber threats businesses face today, as well as why human error is such a big issue. For example, 63% of confirmed data breaches involve using weak, default, or stolen passwords, and 26% of miscellaneous human errors involve people mistakenly sending sensitive information to the wrong person! As technology advances, the cyber attack surface will only expand and these statistics will become increasingly unacceptable. It’s more important than ever to, at the very least, implement basic defenses and avoid human-based vulnerabilities as much as possible. Let’s look at some of the common threats today:
Phishing continues to be an effective tool for attackers, as it can very quickly compromise a business network, and attackers can target specific people or organizations. Phishing is a primary method of infecting victims with malware, working by spreading as a trojan whose payload is disguised as a seemingly legitimate file, often coming to the user from a spoofed email address that looks like a legitimate sender. The email tends to carry a malicious attachment or instruct users to click a link that allows a virus to enter their machine. A huge issue here is human error because many business users are unable to identify phishing emails. In the past year, 30% of phishing messages were opened by users, and 13% of those went on to click to open a malicious attachment or link!
Ransomware is a growing threat, with attackers wanting fast cash. This effective type of malware restricts access to a user’s PC, applications, or files and demands that the user pay a ransom to the malware operators to remove this restriction – it also works on a business-wide level, impacting an entire network. Crypto ransomware encrypts files on the hard drive and requires payment of the ransom for decryption, while locker ransomware locks the system and displays messages to scare the user into paying. Criminals often attack Microsoft Office, Adobe PDF, and graphics files, which are typically found in business environments. These targets will expand in coming years.
With extortion hacks, attackers threaten to release sensitive company or customer information if the victim doesn’t pay. Even with backed up data, this presents a threat to a company whose reputation and customers are suddenly at risk. Common examples of extortion hacks include the Sony, Ashley Madison and InvestBank hacks. This method works because it’s creates fear. Organizations fear the exposure of private information, which could lead to angry customers and lawsuits, and even executives losing jobs.
What can you do?
These reports have made it clear that no system is impenetrable, and difficult-to-detect attacks are growing more common. However, even the most basic defenses deter cyber criminals, who will often look for an easier target. But you don’t have to stick to the basic defenses – in fact, we suggest you move beyond those. There are many tools businesses can use to better prevent, detect and respond to attacks. Reports like these have allowed us to find patterns and better understand how cyber criminals operate. The Verizon report offered some useful tips for protecting a business against these growing cyber threats:
- Research and familiarize yourself with the common attack patterns in your industry
- Use two-factor authentication for your business systems and applications
- Monitor all inputs
- Patch promptly
- Encrypt business data in flight and at rest
- Train staff on the threats and steps they can take
- Know what data you have, and protect it accordingly
- Limit who has access to what – not everyone needs access to everything