Most of us have heard of computer viruses and hacking or have seen news reports about large companies losing client data. But how much do you actually know about cyber attacks and security breaches? Why is it done? How is it done? Why is data so valuable? What is to gain? How big is the problem?
Why are cyber-attacks orchestrated?
Intelligence agencies worldwide now consider cybercrime to be the fastest growing organised criminal activity. ‘Hacking’ has evolved from individuals intrigued at seeing if they could ‘get in’ to a system, to activist groups determined on causing disruption and embarrassment to organisations and governing bodies, to a point now where organised crime gangs have recognised cybercrime as a hugely lucrative market.
No longer can one envisage a hacker to be a teenager sat in a darkened bedroom ‘being mischievous’. In short, some have identified a very powerful and profitable way to make lots of money: targeting millions of global victims (groups and individuals) remotely in fractions of a second.
How is it done?
There are various methods but cyber criminals are essentially now targeting the weak link in technical systems: humans. In this day and age, business owners have a legal responsibility to protect data they collect and retain. This being the case, most (although some still prefer to ‘run the gauntlet’ and take their chances) invest in some degree of network protection – whether it is enough or not is another question!
Sophisticated antivirus products are adept at blocking and preventing threats, so cyber criminals have worked out a way for those defences to be dropped, allowing the ‘trojan horse’ of computing to canter in. Quite simply, they dupe the guards – you and your team.
The deceptions are increasingly convincing, with emails looking identical to maybe banks or courier services, but with fake links. The link instructs your antivirus to allow access to the program – which actually happens to be the cyber criminals. Once inside, it’s free to roam or lie dormant at will – on average for around 20 days – and then start wreaking havoc.
One of the most damaging is ransomware. Data is either stolen or becomes encrypted, with victims having to pay for data recovery/decryption. Of course, similar to ‘traditional’ protection rackets, having paid, victims frequently find their data is never restored.
Why is data so valuable?
Data has value for different reasons. It may be the information is valuable in its own right, such as bank or credit card details. Or, the breach places clients in a vulnerable/sensitive situation and so destroys trust between organisation and client. In this respect the baddies may target both the organisation and also the individuals to extort funds.
Companies are now legislated by data protection laws. Infringements are often met with hefty fines and although a bad decision, some may perceive it a better option to pay the cyber criminals than report a breach.
A data breach can have a huge impact on reputation and credibility, especially where data involves personal finance or health because of the degree of trust placed in those organisations by clients/patients with what is undisputedly an individual’s most confidential information.
How big is the problem?
To give you some idea of the scale and perhaps convince you that your business is very much in a ‘when, not if’ situation when it comes to cyber attacks, here are some statistics:
- One security company alone identified 18 million new samples of malware in one quarter
- On average there are 200,000 attacks detected every day
- In the US alone the Internet Crime Complaint Center received 2,500 formal complaints of ransomware attacks – imagine how many weren’t reported!
- A total ransom of $24 million was paid by these 2,500 victims alone. Leading security agencies to believe that global revenue generated by ransomware is in the high billions
- It has been found that 117 million Linkedin users’ security was vulnerable while 32 million Twitter usernames and passwords have been put up for sale.
Vigilance is paramount
The following are some tips on how to safeguard against cyber attacks:
- Train your team to be vigilant of email scams and to never respond to anything that they do not personally know about
- Protect your system with a comprehensive range of security products. Antivirus alone may now not be enough. Microminder offers Vigilance, which combines three crucial elements: Sentinel managed anti-virus; Spydaweb browser control; and Symon system monitoring, and qualifies clients for 10GB of free Quark online backup
- Back up your data regularly – at least daily, or if you can, at lunchtime too
- Prevent mobile phones attaching to your network, either for charging or via wifi. Ask Microminder about Proximity wifi access points
- Vary usernames and passwords – having ‘one for all’ gives hackers access to all if they get their hands on your credentials
- Contact Microminder immediately if you believe you have been targeted.