Cyberattacks are a real risk to businesses. These result in intellectual property losses, affect share prices and consumers lose confidence. Getting cybersecurity right from the start is critical.
Cybercrime is so lucrative; some expect it to cost businesses $US6 trillion a year in damages by 2021. Here is a list of Rightsize’s top 10 security threats for 2019.
We will be posting each few days of January a detailed article into each of these risks to give you more detail and awareness for protecting your business.
The etymology of the word spam is fascinating. When we speak of spam in reference to unsolicited commercial email (commonly abbreviated to UCE) the acronym S-P-A-M does not stand for anything to do with messaging or email.
Spam emails are still a hacker’s favourite and common, to trick a victim into disclosing sensitive information. With the volume of emails hitting staff inboxes, they can get caught off guard. Next, they click on a link that takes them to an imposter site to collect information or initiate a download.
View our article on SPAM here
Phishing attacks aim to steal information such as login credentials. Examples seen in 2018 are emails from Google or Office365 which look genuine however are not. Once a Hacker gains access to email they monitor and learn behaviours of the victim to take advantage of their role.
Once access has been ‘phished’, a cybercriminal seeks out the finance department to change bank details, issue payments, or even further infiltrate the network with BOTs or malware.
View our article on Phishing here
- Email compromise
Business email compromise attacks don’t only happen because of phishing. Many compromises happen due to human error on the victim’s part with loose security controls.
This provides a hacker access to company and personal information. Some attacks target specific corporate executives or high-ranking public officials. Hackers use a compromised email address to deceive victims into making false payments or manipulating workflow.
The most common cause of this is a lack of password controls or users just picking a basic password. With a lack of 2FA (second form of authentication) there is nothing stopping the user from becoming a target.
This has similar outcomes to phishing once compromised.
View our article on Email compromise here
- Distributed Denial of Service
Distributed Denial of Service (DDoS) is when the attacker shuts down a website or service by generating large volumes of traffic. News, e-commerce businesses, and financial and online content services are often targeted. DDoS breaches cause outages from between 30 minutes to 2 hours for a sophisticated hosting provider, or days for the novice, depending on how long it takes to detect the attack, analyse the type of attack used and block it.
In 2018 we have seen DDoS used on public, government and private websites.
View our article on DDoS chere
- Cloud security
Many businesses are migrating to cloud environments with ‘complete’ trust in their security controls and backup procedures.
Relying on the security of a cloud service alone exposes businesses to unnecessary risks. The biggest threats to cloud computing are inadequate identity and permissions management. With inadequate account security, businesses expose themselves to possible disastrous damage with limitations in liability restricting the client from compensation.
View our article on Cloud Security here
- Advanced persistent threats
Advanced persistent threats (APTs) have potential catastrophic consequences. Attackers usually use APTs to collect corporate information over prolonged periods of time, sometimes months to years. This puts intellectual property at risk. APTs are difficult to detect as they monitor corporate networks while blending in with other network traffic.
View our article on APTs here
- Threats from ransomware
Ransomware is malicious software that shuts down personal and corporate systems. The common method hackers attack is through invoices or receipts for a payment. They issue an executable that manifests into a form of crypt locker requiring payment to get access to files or systems.
When someone opens the file, the malware installs itself onto the system. It is difficult to detect quickly and spreads like wildfire locking access to files. The hacker provides a text file with a ransom demand to restore access with a time limit to pay usually by bitcoin or other untraceable cryptocurrencies. They threaten to destroy encrypted files if not paid on time or double the ransom every few hours.
View our article on Ransomware here
- Artificial Intelligence Fuzzing
Artificial intelligence fuzzing uncovers vulnerabilities and bugs in software using machine learning. As this process becomes more widely available, cybercriminals will develop automated fuzzing programs to speed up finding zero-day vulnerabilities on business applications. This enables a higher level of sophistication in the method of targeted attacks on companies.
View our article on Artificial Intelligence
- Corrupting Machine Learning
Cybercriminals corrupt machine learning systems by corrupting, training or configuring them not to update devices or apply patches. They can also teach them to ignore particular types of behaviours and applications. Hackers can also instruct them to ignore certain types of traffic to avoid detection.
View our article on Machine Learning
- Zero-Day Exploit
A zero-day exploit attacks a flaw or vulnerability in software or hardware while avoiding detection. Most security vendors will take 24 – 48 hours to develop patching, test, and then release updates to their software on firewalls, antivirus or operating systems.
Attackers release malware to create havoc before developers can create a fix for the flaw in the application.
View our article on Zero-Day Exploits
Enabling your business to grow efficiently and effectively – we’re the Rightsize for you.
Small businesses struggle to budget their IT operation and often spend inefficiently with a less than great return on their investment. Rightsize Technology understand: we deliver a minimum 30% reduction on IT overheads as a dedicated outside IT department for our clients. Our unlimited 24×7 support, both on and offsite increases their business productivity and capacity, enabling their business to grow efficiently and effectively – we’re the Rightsize for growing small businesses. Talk to our team today for more information.