What are the most common types of cyber attacks faced by businesses?
What are the most common types of cyber attacks faced by businesses?
Businesses have long gotten used to IT having a risk attached. There are a few more pressing business decisions than how to protect you, your customers, and your staff from the dangers that the modern internet offers. In this guide, we’ll look at the most common types of cyber attacks and how you can mitigate the risks.
As business IT security specialists, Lucidica deal with cyber security every day. One of the primary issues with IT security is that it can feel overwhelming. It’s complex to understand and the list of things to worry about seems to grow on a daily basis. It also appears like every piece of electronics in your office, from the photocopier to your servers, is a possible source of vulnerability. This source of worry can be tackled effectively by doing an audit of your IT security, which we covered here. Once you know what threats you are facing, you can start to protect against them.
There is also the question of the source of the attack. While the internet remains the most likely direction to expect an attack, it is not the only one.
Also, we’ll consider why the attack is occurring and what the bad actor hopes to gain from it. This can tell you a lot about how to block it and what to do about it if the attack succeeds.
Lastly, we’ll consider what to do if the cyber attack is successful.
Source : Internet Bourne Threats
Everything, from your printer to your phone, is connected to the internet. This gives rise to a new set of risks, as hackers can target any device connected to your network. Attacks can be broken into two further categories, automatic and manual.
Automatic attacks are when a machine blindly attacks any system they’ve been programmed to look for. This might be a specific piece of software or hardware, with a known vulnerability. The WannaCry ransomware attack that hit the NHS in 2017 was an example of this. In this type of attack, businesses can be particularly vulnerable if they have not kept their software and hardware up to date, or have overly relaxed perimeter rules in firewalls.
Manual attacks are aimed specifically at your organisation and will be tailored to your specific system profile. These are much rarer and are also harder to stop. If you work with larger businesses, as a partner for example, they may ask you to ensure your security is up to a high level since you might become a “proxy target” for this larger business. We did a case study about this recently.
In the automated attack, they’ll be looking for one of two things, general control of your systems or encryption of your data. The former is where they’ll want to take over your systems in order to use them for nefarious purposes or to sell on access to other criminals. The latter is where they will encrypt all of your data and then demand a ransom from you to decrypt it. This type of attack has been particularly prevalent in recent years and has hit both large and small businesses.
General control of your systems may have the aim of allowing ongoing access to your entire infrastructure. This gives them the ability to steal data, or plant malware that can be used at a later date. They may also use your systems as a “jumping-off” point to attack other businesses, using your good reputation to get past their defences.
You’ll be familiar with encryption attacks, as they’ve been all over the news in recent years. This is where the attacker will encrypt all of your data and then demand a ransom to decrypt it. They usually demand payment in cryptocurrency, as this is very hard to trace.
The most common method of delivery for these automated attacks is through phishing emails. These can be very sophisticated and difficult to spot, particularly if the attacker has done their homework on your organisation. This type of email will often contain a malicious attachment or link which, once opened or clicked, will allow the attacker access to your systems.
Source : Bring Your Own equipment
Most businesses allow staff to use personal equipment at work, perhaps a mobile, perhaps a laptop. Allowing these devices access to your network can be a real security risk if they are not well managed.
Giving staff access to your internal WIFI network, for example, can be really dangerous. This is because they may not have appropriate security measures in place on their devices, such as a firewall or up-to-date antivirus software. Once a malicious code is inside your network, it’s far harder to guard against.
Another risk comes from the fact that these devices are often used for personal purposes as well as work. This means that they may contain sensitive personal data, such as banking details or addresses.
The types of threats remain the same as internet borne threats, but code that infects mobiles normally only works against other mobiles, rather than laptops, PCs and servers.
Source : Your Staff
Your staff are one of your most valuable assets, but they can also be one of your biggest security risks.
The reality is that most people are not particularly security-savvy and will click on links or open attachments without thinking. This can be a real problem if the email is from a malicious attacker, as it only takes one person to open it for the whole organisation to be at risk.
Consider as well that your staff may be specifically targeted. Hackers may call, asking for a specific person in your team and have a very convincing back story for why they need that member of staff to click a link or go to a specific page on the web.
Even if your staff are super switched on, they may still pose a risk if they are not well trained in your specific security procedures. This could be something as simple as not knowing how to change their password or not understanding the importance of keeping their software up-to-date.
It’s important to make sure that your staff are aware of the risks and have received appropriate training. You should also have procedures in place for dealing with security breaches so that everyone knows what to do if something does happen.
If someone is using your staff to attempt to get access to your systems, it’s more likely they are after your systems specifically and so will be using custom-written malicious code. This makes the risk much greater.
Source : Third-party Services
If you use any third-party services, such as cloud storage or website hosting, then you need to be aware of the security risks involved.
The fact is that you are entrusting your data to another organisation, which means that they are responsible for keeping it safe. However, they may not have the same levels of security as you do and this could leave you at risk.
We’ve written before about this type of supply chain cyber security, as it’s a real threat. Password breaches and data theft are risks that you need to consider before signing up with any third-party IT supplier to provide remote services.
Imagine you’ve given your photocopier supplier a username and password so they can provide remote support to your users. If their systems are compromised, so potentially are yours. This follows with any supplier who provides remote support.
What to do if you’ve been compromised?
If the worst does happen and you see signs of an infection, especially one that is spreading from one piece of equipment to another, then you need to take immediate action.
First of all, try to contain the problem by disconnecting any infected devices from your network. This will help to prevent the spread of the infection. You should train staff ahead of time to know how to disconnect their PC’s from the network in various ways, via software, by pulling out their network cable, or by pulling the power plug from their PC. Have processes in place to turn off WIFI as laptops, and phones in pockets, are often forgotten.
If you have onsite servers, these should be turned off using the correct procedure as quickly as possible.
This is to ensure that any malicious code that has been installed cannot do any further damage, or encrypt your data and demand a ransom.
Once you have isolated the problem, you need to start investigating how the infection occurred in the first place. Was it due to human error? If so, then you need to take steps to make sure that it doesn’t happen again. Was it because of a third-party service you were using? If so, then you need to reconsider whether or not it is worth using that service.
You also need to take steps to make sure that any malicious code that has been installed is removed and cannot come back. This may require specialist help, as some infections can be very difficult to remove.
Once you have cleaned up the infection and taken steps to prevent it from happening again, you need to think about how to protect your data. This may include taking regular backups so that you can restore your systems if they are infected again. It’s also worth considering whether or not you need to encrypt your data so that even if it is stolen, it cannot be read.
As we mentioned in other articles some encryption viruses go after backups specifically, so you can’t use them to do a restore. Don’t think that cloud storage backups are 100% safe either, and some viruses will hunt for Google Drive or OneDrive data they can encrypt.
Cyber-attacks can be costly, both in terms of the damage they can cause and the money you may have to spend to fix the problem. However, by taking some simple steps to protect your business, you can help to reduce the risk and keep your systems safe.
Of course, avoiding the problem in the first place is the best idea, but If the worst does happen then calling a specialist can reduce the downtime and adverse effects of the outbreak.
On the subject of avoiding it, we’ve written an article that can help you on how getting some help with security can reduce overall risk.
As well as a baseline starting point of best practice, IT security is an ongoing task and needs daily attention. It’s time-consuming and requires a precise knowledge set to do well. That makes it an ideal candidate for an outsourced service.
So, as a final word, here is a list of things you should consider.
- Do an audit of your system and security requirements.
- Create an action plan with clear roles and responsibilities.
- Train staff so they understand the risks and know what to do in an outbreak.
Getting a second opinion is a good idea if you’ve got doubts. Many security specialists will be happy to help run you over an audit. Lucidica IT support would be happy to take a look over your system for security issues. Do get in touch if that sounds useful.