5 Security Threats and How To Protect Your Business

If cyber criminals spent as much time on positive innovations as they do on harmful innovations the world would might be a better place. Unfortunately, that is not the case. The Gartner Group estimates that spending on Cyber Security will grow to around $93 billion this year and for good reason. It is estimated that cyber crimes have cost businesses and other organizations $50 billion in just the past 5 years.

With cyber attacks becoming more sophisticated, seemingly on a daily basis, protecting your business should be a top priority if it isn’t already.

Below are five threats that every business should know about and steps that can be taken to help protect against them.

Business Email Compromise or BEC

That’s the term the FBI uses for cyber threats that use email as their vehicle to commit fraud and deception. It’s a long name for an incredible simple trick. Cyber criminals will try to scam employees by posing as a Manager, CFO or CEO. Sometimes they go as far as creating an email that can easily be mistaken for the corporate account. Using this tactic a criminal might gain access to sensitive financial information or intellectual property that can be sold or held for ransom.

Security awareness training for employees can be used to teach employees to verify the sending person’s identity and email address carefully, even to call the person to verify that they sent the email before releasing any confidential information.

Phishing Scams

A phishing scam uses social engineering tactics to trick a user into clicking an email link that deposits a virus or malware on the the network, posting information to a fraudulent website or even using logon credentials within a fraudulent site.

Phishing scammers may use a “shotgun” approach, sending thousands of emails and hoping someone clicks or they can be targeting your company specifically.  An example of a phishing email sent to thousands of people that you may be familiar with are the UPS and FEDEX package tracking emails that deposited viruses and malware on millions of computers and were easy to accidentally click on when a user was rushing.

A more targeted attack, one that targets your company specifically, may be an email that looks like it has been accidentally sent from a competitor or partner company that has a financial or competitive information document attached. The temptation to open the attachment may prove to be overwhelming and when opened there is nothing there but, a key logger or spyware has been deposited on the computer leaving no visible or noticeable trace.

Even employees that have gone through security training and are sophisticated users can fall for phishing attacks. It is imperative to impress on all users the need to verify emails before taking any actions.

Malware 

Malware is more than just annoying. It eats up network bandwidth slowing everyone in the company down, it can send mass spam emails resulting in your business email being blacklisted. Some malware can make changes to your company’s website, infect SQL databases and infect or disrupt other areas of your digital business. Whether the malware comes in the form of a virus, worm or Trojan your best protection from malware is to make sure you employ an endpoint protection solution that has instant and automatic security updates and is centrally managed so threats are noticed in real time. Your employees should also notify your IT service provider immediately if they think they may have clicked on a malicious link, their computer is acting abnormally or they are suddenly getting strange popups. Better to be a pest than a victim.

Advanced Persistent Threats or APTs

APTs have many organisations terrified and rightfully so. An APT attack happens persistently, moving throughout the organization undetected stealing information as it goes. An APT attack can last for months or even years without being detected. Large corporations have entire Information Security teams that hunt for these threats on an ongoing basis. Most APTs have been found to be delivered via email and websites.

Once again, employee education about cyber scams may offer the best protection since APTs are hard to spot and even harder to get rid of once discovered.

Ransomware

IT professionals business owners and CEOs are by now all aware of the growing threat of ransomware and the dire threat it poses to companies and organizations of all sizes. Ransomware is one of the biggest security challenges of the past few years and is likely to remain so for the foreseeable future.

Ransomware infects computers and encrypts all data files and databases on the your network at incredibly fast speeds. The Ransomware attack that took Maersk shipping down in July of 2017 spread so fast that by time their IT department could respond it had taken down their entire worldwide network disabling ALL operations. In the end, after a ten day outage, Maersk had reinstalled 45,000 PC’s and 4000 servers. The total cost to the company for the attack is estimated to be $250-$300 million.

To protect against Ransomware requires companies to perform frequent threat checks make sure all security updates are in place and have regular, tested backups in place in case the unthinkable happens.

Cyber Security, IT protection, Protection