If major cybersecurity breaches that took place in 2016 didn’t wake you up to just how serious the current situation is, then your business could be under severe threat. Putting basic cybersecurity measures in place “because nobody would be interested in hacking into my business” doesn’t apply, no matter how small your business may be.
The first particular threat that you may heard about is ransomware, though you may associate this form of attack as targeting individuals and home users as their computers are easier to hack into. You may think that cybercriminals are trading in volume and are more interested in multiple attacks charging between €200 and €300 for return of encrypted data. Try telling that to the National Health Service in the United Kingdom, whose system was encrypted by a ransomware attack, and the effect was so drastic that many hundreds of urgent operations had to be cancelled. That particular attack infected over 300,000 systems in over 150 countries!
Nobody is safe from a cyber-attack and nobody’s system is safe unless constant measures are both adopted and updated regularly. The reason why security has to be regularly updated is because you have to stay one step ahead of hackers, you have to be proactive. If you adopt a reactive approach – wait to see what cyber criminals are doing and then adjust your security accordingly, you’re really leaving your front door open and placing a welcome mat by it as well.
Worse still, cybersecurity threats used to come only from sophisticated hackers and were therefore limited in number. Thanks to the Dark Web and commercial opportunity, it is now possible to buy ransomware as a model and it is open to anyone who knows how to access the Dark Web. These models are designed to spread ransomware in the way that traditional viruses used to be spread through computers, hence why the number of reported instances is on the rise. In the US alone, there were an average 4,000 ransomware attacks every day last year.
The second security threat does not target data, but the system itself, and is predominantly aimed at large companies, or the likes of Internet performance management firms. These attacks are labelled DDoS. Or Distributed Denial of Service attacks. The intention is to stop a system from functioning by attacking it infrastructure, and the attacks come in three different forms.
First there is the volume-based attack, which will saturate the bandwidth of a website to the point where it ceases to function. Second, there is the protocol attack, which looks to engage with all of a server’s resources until it reaches a denial of service shutdown. Finally, there is the application layer attack, which target servers in an attempt to crash them through a flood of what appear to be legitimate requests.
Nation State Cyber Attacks
We may read about spies in books and novels, and think that your business would never be of interest to government-based cyber threats. It is difficult to assess just who is at risk beyond clearly identified targets, but when trying to destabilise the economy of any country, any major business has to be in the crosshairs. We’ve heard rumours, and alleged involvement, of the Russian government in relation to influencing the result of the recent election in the US, allegations President Trump vehemently denies, but it is known that the levels of sophistication of government cyber espionage mean that data theft and manipulation are a constant threat at international level.
The Internet of Things
Referred to in short as IoT, the Internet of Things, which brings an incredible level of connectivity into our daily lives, is also a major source of interest from cybercriminals. The IoT refers to our ‘connected’ devices, whether it is a smartphone or tablet, smart television, connected domestic appliances, security cameras, etc. which can connect to the Internet and exchange data. It is estimated that the number of these devices will reach 30 billion by the end of 2020. In 2015 cybercriminals were able to use the IoT to take out the whole power supply in the Ukraine. It is also known that cybercriminals can even access the video camera built into many laptops and PC monitors. While many of you may be looking to shore up your internal computer system security, you may well be forgetting that it is not just the system that needs protecting, but any other electronic device that has access to it, such as an employee’s smartphone.
This is not, for one minute, implying, that your staff may have malicious intent towards your business, but nevertheless you have to protect yourself against the possible threat that comes with them. This threat comes in two forms, the deliberate accessing and theft of critical data, and working with a lack of due diligence when it comes to accessing information via a connected source. Any company which has sensitive data must be fully diligent in how it protects its data. One of the simplest ways is by strictly limiting who can have access to it and closely monitoring whenever the information is accessed.
Staff can even make a simple error such as opening an attachment in an email which appears to be totally innocent. Cyberattacks are now so sophisticated that a malicious program can be designed to lie dormant, undetected, for several months before it becomes active, while other attacks come in the form of ‘inert’ programs with no apparent function, but when combined with other undetected elements can combine to create a major security breach. Passwords are also another very vulnerable element of a system which has multiple users. We are all advised to use different passwords for every different occasion we are asked for one, but who can remember 200 different Passwords? Human nature is such that many of us who choose to have a complex password, use the same one for every password request.
In any business which has data of great significance or commercial value, specific individuals can easily be identified by cybercriminals as having access to critical data. In becoming a ‘person of interest’, their position can be easily exploited, like hacking into their laptop or home PC and obtaining passwords that they use personally, on the basis that one of these will likely also be used at work, or for n access tunnel to be created between the persons laptop and stored company data.
It is an unsettling fact that with society becoming more and more reliant on technology to improve lives, ordinary human beings will always be the biggest threat to cyber security, as to date no technology exists to make us infallible!
If you want to learn more about ever-evolving threats to cybersecurity, here at Sedmi Odjel we stay constantly one step ahead of threats and have access to a wealth of industry-wide knowledge to help you create the optimum level of cyber security for your own business. If you get in touch, we will be able to tell you exactly what you need to do, how we can help you, and we will also explain why. The reason why we like to explain how cybersecurity threats work is because we strongly encourage all our clients to distribute such information to all their staff. All too often accidental breaches of security happen because a member of staff didn’t understand what they had done wrong – we can help you avoid this happening.