Cyber security is an important topic for all business. There has been so much news lately about banks, corporates and government institutions getting hacked and their information is stolen or encrypted by hackers. What a lot of people don’t know is that a lot of these cyber attacks are the work of organised criminal gangs acting at a global level and adept at exploiting vulnerabilities to cash in!
According to Cyber security ventures, in the next two decades, cybercriminal activity will be the biggest challenge that humanity is going to face. They state that by 2021 cybercrime will cost the world $6 trillion annually up from 2015 $3 trillion. Cyber-attacks continue to grow in size, cost, and sophistication. By 2022, cyber security ventures predict that there will be 6 billion users and by 2030 more than 7.5 billion users. This means that an increase in users will also lead to a major increase in cybercrime. (Morgan, 2017).
Microsoft security also estimates that by 2020, the number of people online will be four billion, fifty billion devices will be connected to the internet and the data volumes online will be 50 times greater than today. This will greatly increase the risk of malicious attacks and exposure to security (The Emerging Era of Cyber Defense and Cybercrime , 2016).
In terms of cyber security, there are a lot of topics to talk about. Here we will focus on Ransomware, Phishing and Social Engineering attacks.
It is a type of malicious software designed to block access to a computer system or files stored on a computer. The hackers typically demand a sum or ransom to be paid to unlock these documents hence the term. In the past few years, the number of attacks has increased exponentially both in terms of scale and level of sophistication.
In 2015 these attacks cost $325 million for businesses worldwide, and experts predict this number will reach $11 billion by 2020. Here are some interesting facts:
There are numerous steps to ensure cyber-hygiene (to coin a term).
The first of these steps is an audit or review to understand the risks and potential impact of these risks.
The next step is to put together a plan for mitigating the risks thrown up during the audit process. Some examples of a risk mitigation approach would be:
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication (Wikipedia, 2019).
This is deceiving users into doing something via email, enabling the attacker to hack a target. BEC (Business Email Compromise) attacks have now become more sophisticated and their numbers have gone up extremely in recent years.
Currently, 50% of phishing sites are now using HTTPS as an attempt to “legitimise” their phishing attempts. Not all phishing attacks are necessarily the same as some are more sophisticated than others and cyber security experts say that spear phishing, in particular, is on the rise. Researchers found that 83% of spear phishing attacks are brand impersonations of organisations that users are familiar with and trust (Keck, 2019).
In the year 2017, 76% of businesses were victims of phishing attacks unlike before, where they targeted consumers. According to (Kirolov, 2015) an average large company (10,000-employees) spends $3.7 million a year dealing with phishing attacks and half of these costs are due to productivity losses.
Various steps can be taken to protect and avoid phishing attacks. Some of the proactive steps you can take include:
This is where attackers use human psychology rather than technical hacking methods to gain access to networks, systems or physical locations. Nowadays, it is the preferred tactic among attackers in the hacker community because it is easier to exploit your natural inclination to trust than it is to find ways to hack your software.
Social media and how we tend to overshare provides the majority of the information that hackers need free of charge. Through social media, hackers can learn routines, patterns of behaviour and contacts, they can also acquire answers to security questions that are used to authenticate or reset passwords.
In the past 5 years, medical identity theft has nearly doubled from 1.4 million adult victims to over 2.3 million in 2014. 88% of cases reported saw personal data as the stolen assets. The average time an attacker takes to get the first victim is 82 seconds
Social engineering is not a new threat and it is becoming a go-to for the hackers. Although there is no science or appliance that can fully protect against social engineering attacks, preventative measures can be taken which include:
In conclusion, given the significant business and economic impact, organisations should become more cyber-resilient. Organisations should get input from IT professionals which will enable them to prepare and prevent these attacks. They should acquire, develop and retain key talent and learn how to align their cyber team in line with business risks.
If your company doesn’t have an IT policy or your team don’t use the best IT security practices, you could be at risk. AUP IT can help you with the best solutions for cyber security, book your free IT consultation HERE.