Cyber security is an important topic for all business. There has been so much news lately about banks, corporates and government institutions getting hacked and their information is stolen or encrypted by hackers. What a lot of people don’t know is that a lot of these cyber attacks are the work of organised criminal gangs acting at a global level and adept at exploiting vulnerabilities to cash in!
According to Cyber security ventures, in the next two decades, cybercriminal activity will be the biggest challenge that humanity is going to face. They state that by 2021 cybercrime will cost the world $6 trillion annually up from 2015 $3 trillion. Cyber-attacks continue to grow in size, cost, and sophistication. By 2022, cyber security ventures predict that there will be 6 billion users and by 2030 more than 7.5 billion users. This means that an increase in users will also lead to a major increase in cybercrime. (Morgan, 2017).
Microsoft security also estimates that by 2020, the number of people online will be four billion, fifty billion devices will be connected to the internet and the data volumes online will be 50 times greater than today. This will greatly increase the risk of malicious attacks and exposure to security (The Emerging Era of Cyber Defense and Cybercrime , 2016).
In terms of cyber security, there are a lot of topics to talk about. Here we will focus on Ransomware, Phishing and Social Engineering attacks.
According to Cyber security ventures, in the next two decades, cybercriminal activity will be the biggest challenge that humanity is going to face.
What is Ransomware?
It is a type of malicious software designed to block access to a computer system or files stored on a computer. The hackers typically demand a sum or ransom to be paid to unlock these documents hence the term. In the past few years, the number of attacks has increased exponentially both in terms of scale and level of sophistication.
In 2015 these attacks cost $325 million for businesses worldwide, and experts predict this number will reach $11 billion by 2020. Here are some interesting facts:
- Over 4000 ransomware attacks occur every day.
- Nearly 60% of ransomware attacks are delivered through email as embedded URLs.
- Consumer infection rates are on the decline.
- The biggest ransomware targets are small and medium-sized businesses. Ransomware works by encrypting important data and “selling” it back to its owner.
- For retail businesses, ransomware is the second-largest cyber security threat.
How do you protect yourself from malicious actors?
There are numerous steps to ensure cyber-hygiene (to coin a term).
The first of these steps is an audit or review to understand the risks and potential impact of these risks.
The next step is to put together a plan for mitigating the risks thrown up during the audit process. Some examples of a risk mitigation approach would be:
- Have a clearly articulated IT security policy
- Make certain that your firewalls and internet gateways are secure and up to date
- Ensure all devices that connect to the network have business-grade anti-virus and anti-ransomware installed
- Certify the staff is trained to recognise potential threats and report them to IT
What is phishing?
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication (Wikipedia, 2019).
This is deceiving users into doing something via email, enabling the attacker to hack a target. BEC (Business Email Compromise) attacks have now become more sophisticated and their numbers have gone up extremely in recent years.
Currently, 50% of phishing sites are now using HTTPS as an attempt to “legitimise” their phishing attempts. Not all phishing attacks are necessarily the same as some are more sophisticated than others and cyber security experts say that spear phishing, in particular, is on the rise. Researchers found that 83% of spear phishing attacks are brand impersonations of organisations that users are familiar with and trust (Keck, 2019).
In the year 2017, 76% of businesses were victims of phishing attacks unlike before, where they targeted consumers. According to (Kirolov, 2015) an average large company (10,000-employees) spends $3.7 million a year dealing with phishing attacks and half of these costs are due to productivity losses.
How to protect yourself from phishing attacks?
Various steps can be taken to protect and avoid phishing attacks. Some of the proactive steps you can take include:
- Enforcing a two-step verification or multi-factor authentication
- Raising employees security awareness by training them on how to identify phishing and how to handle them appropriately
- Security tools must be used like antivirus which will protect your system and device from the malicious software that is continuously growing and spreading via phishing emails
- Do regular backups and keeps a copy of backups off-site
- Trust but Verify. Where possible contact the people you do business with to verify if the email sent is legitimate
- Do not enable macros in document attachments that are received via email.
What are Social Engineering attacks?
This is where attackers use human psychology rather than technical hacking methods to gain access to networks, systems or physical locations. Nowadays, it is the preferred tactic among attackers in the hacker community because it is easier to exploit your natural inclination to trust than it is to find ways to hack your software.
Social media and how we tend to overshare provides the majority of the information that hackers need free of charge. Through social media, hackers can learn routines, patterns of behaviour and contacts, they can also acquire answers to security questions that are used to authenticate or reset passwords.
In the past 5 years, medical identity theft has nearly doubled from 1.4 million adult victims to over 2.3 million in 2014. 88% of cases reported saw personal data as the stolen assets. The average time an attacker takes to get the first victim is 82 seconds
How to protect yourself from Social Engineering attacks?
Social engineering is not a new threat and it is becoming a go-to for the hackers. Although there is no science or appliance that can fully protect against social engineering attacks, preventative measures can be taken which include:
- Securing your computing devices by keeping your antivirus/antimalware software updated
- Using multi-factor authentication on devices and critical applications
- Being cautious of email offers that are too tempting
- Trusting but Verifying
- Training should be provided to everyone in the organisation
In conclusion, given the significant business and economic impact, organisations should become more cyber-resilient. Organisations should get input from IT professionals which will enable them to prepare and prevent these attacks. They should acquire, develop and retain key talent and learn how to align their cyber team in line with business risks.
If your company doesn’t have an IT policy or your team don’t use the best IT security practices, you could be at risk. AUP IT can help you with the best solutions for cyber security, book your free IT consultation HERE.
Late last year, reports started circulating about people in China becoming infected with pneumonia. Officials said they were monitoring to prevent it being spread and developing into something more severe.
Along with staff, businesses recognise that data is their most valuable intangible asset. Why take backup lightly when it carries heavy business value.
Ransomware encrypts folders and files, rendering them inaccessible. Criminals demand a ransom in return for the decryption keys and even an additional fee to prevent public release of the stolen data. It disrupts business and cause reputation damage to organisations. Review your security policies and strengthen security posture periodically to keep you away from malicious attacks.