In 2018 the number of cyber-attacks on businesses more than doubled.
There are many different kinds of cyber attack. The most common is the Trojan. Like the ancient warhorse, once installed on your computer, it will infect other files and potentially wreak havoc.
Another growth area for cyber attack is email compromise, where users are tricked into sending business critical or personal information to an email address. Or tricked into transferring money to the hacker's bank account.
There are also crypto-jacking and encryption attacks. If you thought encryption was a good thing, think again! Encryption can be used by cyber criminals to cover up their activities.
No matter how small your business, you need an understanding of the types of threats which you're likely to encounter and a comprehensive approach to online security.
Cyber Attacks Explained
Both Trojan attacks and the email compromise attack depend on users making a mistake. The most common way is by cllcking on a dodgy link in an email or opening an attachment, without first checking that the sender of the email is legitimate. Staff training is absolutely essential to prevent these sorts of attacks from impacting your business.
Trojan Attack
As described above. Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are tricked into loading and executing Trojans on their systems.
Trojan attacks were up 84% earlier this year, making them the most common form of attack on businesses and consumers.
Business email compromise
Many businesses are still vulnerable to phishing attacks, where a member of staff clicks on a link or opens an attachment without checking first that it is legitimate.
But not all email-borne attacks use malicious URLs or attachments. Impersonation attacks often use "social engineering" and are designed to trick key users such as finance department staff, executive assistants, and Human Resources staff, into making bank transfers or providing other payment information to cyber criminals.
They do this by pretending to be the Managing Director or a similar senior person in an organisation. They can also impersonate one of your regular suppliers. Some specifically target departments responsible for sensitive employee data, such as payroll. This data can then be used for identity theft. Detecting and blocking these types of attack requires thorough inspection of the content of emails.
Email security options will help but staff need to be aware of this type of attack and must be vigilant at all times so that your business does not become a victim.
Crypto-jacking
Crypto-jacking is when an attacker hijacks your computers to mine cryptocurrencies. Most of the time this doesn't directly result in data loss, but it can nevertheless affect your computer's power.
Increasingly crypto-jacking is combined with cloud-jacking (stealing processing power and storage from someone's cloud account) to further boost mining capabilities.To counter this threat you need:
- Strong passwords
- Endpoint virus protection
- High level of security software on your Firewall.
Encrypted attacks
Encryption is a valuable tool for organisations and individuals. But this also makes it very attractive to cyber criminals, who use encryption to mask malicious behaviour.
Many organisations are unaware of the threat, and very few are using suitable mitigation techniques. Cyber criminals have become very adept at hiding in Secure Sockets Layer (SSL) traffic. Therefore it is so important that your firewall can do deep-packet inspection of the encrypted traffic.
CNC recommend SonicWall Firewalls to give your network the best possible protection.
FOREWARNED IS FOREARMED!
SERIOUS CONSEQUENCES FOR YOUR BUSINESS
In the US 60% of businesses which suffer a cyber attack go under within 6 months. Even if your business recovers from the attack, the consequences for your business brand and image can be very serious. Be warned!
In the UK many businesses are still failing to implement the five steps recommended by the government's Cyber Essentials scheme. According to the annual Cyber Security Breaches Survey, only 50% of all businesses surveyed have implemented all five security measures as set out by the scheme.
HOW CNC CAN HELP
At CNC we are certified in Cyber Essentials. Security services we offer include:
- Security Review service
- Help with all aspects of control and security
- Support businesses in obtaining Cyber Essentials certification.
If you would like CNC to review your security policy, or help you obtain Cyber Essentials certification, then please do not hesitate to contact us.
You can call us on 01273 384100 or email us at sales@cnc-ltd.co.uk.
Get in touch and make sure your business is protected.
|