Whether you’re a small, medium-sized or large business, it’s time to face facts: your organization will be breached.
The sensitive information you hold is a gold mine for hackers – customer details, corporate information, and sensitive material that could be used for blackmail. All of this information is important to you, which makes it valuable to a hacker.
Below are some of the most common methods cyber criminals use to extract corporate data; make sure you’re aware of them and have suitable solutions in place to prevent their success.
Every day, 156 million phishing emails are sent, 15.6 million make it through spam filters, 8 million are opened, 800,000 recipients click on the phishing links, and 80,000 people provide their personal information.
Sending phishing emails to an organization’s employees is one of the most popular methods cyber criminals use to get their foot through the door. It’s simple to do, easy to reach a large number of people, and, generally speaking, phishing emails deliver results.
The most-attacked industries are e-commerce (32.4% of all phishing attacks), banks (25.7%), and social networking (23.1%). Cyber criminals are getting increasingly clever, often imitating small companies that supply larger companies.
In November 2013, Target had 110 million customers’ credit card data and personal information stolen through an email malware attack on one of its suppliers, costing the company $148 million.
What can you do?
Although there isn’t a clear-cut solution for this one, you can make sure you have a number of hurdles in place to trip up cyber criminals:
- Protect your network with a firewall, spam filters, and antivirus and anti-spyware software.
- Educate your staff not to click on links, download files, or open attachments in emails from unknown senders, or to provide personal information. This can be done effectively through staff awareness training.
Software providers regularly update their products to fix bugs and security issues. Using out-of-date software can make your organization extremely vulnerable to an attack, so it’s best to update and patch as soon as possible.
Verizon’s 2015 Data Breach Investigations Report (DBIR) found that more than 70% of cyber attacks exploited known vulnerabilities that had patches available – with some exploiting vulnerabilities dating back to 1999.
Cyber criminals frequently scout the Internet for organizations that use out-dated or unpatched software and are quick to exploit any that they find. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash.
Adobe is currently urging Flash users to update to the latest version of the software after a significant security flaw was discovered. According to reports, a Chinese hacking collective known as APT3 is already exploiting the vulnerability by sending phishing emails to companies in the engineering, telecommunication, and aerospace industries.
What can you do?
Run regular penetration tests on your network and web applications to search for vulnerabilities. This way you’ll spot the weaknesses and have a better chance at fixing it before cyber criminals can get a look in. Find out more about penetration testing >>
A distributed denial-of-service (DDoS) attack occurs when a hacker sends a large amount of traffic to your website that your server can’t handle. As a result, your site server hangs and stops responding to any more requests – basically crashing the site.
With falling costs, it has become easier to engineer such attacks, and more businesses are being targeted. About 32% of information technology professionals surveyed said DDoS attacks cost their companies $100,000 an hour or more. More than 3.4 million DDoS cyberattacks were perpetrated worldwide in 2014, up more than 60% from 2.1 million in 2013.
What can you do?
The more you know about what your normal traffic looks like, the easier it is to spot when its profile changes. Most DDoS attacks start as sharp spikes in traffic, and it’s helpful to be able to tell the difference between a sudden surge of legitimate visitors and the start of a DDoS attack.
It also makes sense to have more bandwidth available to your web server than you think you are likely to need. This won’t stop it completely, but it will buy you extra time to help fix the problem.
A growing method to make money from organizations is to deploy malicious software that is designed to block access to a computer system until a sum of money is paid. Ransomware spreads through email attachments, infected programs, and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan, or cryptoworm.
Last year, a sheriff’s office in Tennessee paid a ransom to CryptoWall cyber criminals who managed to lock the law enforcement’s sensitive data.
“My first response is we are not going to be held hostage. We are not going to pay a fee to get our records back,” Sheriff Jeff Bledsoe said. “But once it was determined which records were involved and that they were crucial to victims of crimes in this county, and to the operations of the sheriff’s office and the citizens of this county…I had no choice but to authorize to pay this.”
What can you do?
Small companies especially may feel a certain amount of pressure to give in, but it is strongly advised that you do not pay the ransom as there is no guarantee the criminals won’t up the ante or that they’ll follow through with the key you need to unlock your data. Instead, it is best to regularly back up your information so that if you’re targeted you’ll be able to ignore the criminals, wipe your disk drive clean and restore your data from a backup.