You open your computer and staring at you in big bold letters is the message;
YOUR COMPUTER HAS BEEN LOCKED.
Your heart drops and you know that today won’t be a good day! You’re the latest victim of a ransomware cyber attack. Your system is a hostage until you follow the instructions to pay the ransom.
Cyber attacks are now a day-to-day threat for businesses of all sizes.
It was calculated In a study by the University of Maryland that hackers attack every 39 seconds ... or on average 2 244 times a day.
With 43%, or over 1 000, of these cyberattacks targeted at small businesses according to the Verizon 2019 Data Breach Investigations Report (DBIR).
Targeting small and medium sized businesses in increasing numbers. Hackers know that they are easy targets lacking both resources and knowledge.
So it is up SMB owners to learn more about, and invest more, in digital security.
Jesse Rothstein, CTO of online security provider ExtraHop says:
“Modern IT infrastructures are more complex and sophisticated than ever, and the amount of virtual ground that we’ve got to safeguard has also grown exponentially,”
The Cyber Attackers:
According to CSO Online 92% of malware is simply delivered by email. Tricking individuals into clicking on a link, opening an attachment, giving out critical information or even giving computer access to the hacker.
Outsiders are responsible for 69% of the cyber attacks which includes 39% from organized criminal groups. Another major player is governments and their agencies who are involved in about 23% of the breaches.
Then internal offenders account for about 34% of the incidents with this including 2% of partners in firms.
The Victims of Cyber Attacks:
Smaller organizations of 1–250 employees have the highest targeted malicious email rate at 1 in 323. (Symantec)
No business is too small or too large to fall victim to a data breach. And no industry has proved immune to attack..
The insurance carrier Hiscox revealed: “More than half of all small businesses having suffered a breach within the last year and 4 in 10 having experienced multiple incidents”
Steps to Take to Defend Against a Cyber Attack:
Owners need to start making high-tech security a top priority.
While 43% of cyberattacks are aimed at small businesses, only 14% are prepared to defend themselves, according to Accenture.
Every employee is responsible for maintaining security ... everyone from the top to the bottom.
More than half of all small businesses have suffered a breach within the last year. So it’s critical for small businesses to adopt strategies for fighting cyberthreats.
Every business should put the following defences in place.
Budget for Cyber Protection
Protection is not free so make it part of the budget. Cybercrimes are increasing dramatically, and costs associated with these crimes can be crippling to any company that has not implemented adequate cybersecurity.
Train all staff on smart high-tech behaviour. With cybercrime always evolving there should be regular up-dates maintaining awareness on the latest online threats and trends.
All staff must understand the dangers of clicking on unsolicited email links and attachments. Always being alert for warning signs of fraudulent emails which are among the fastest-growing forms of “phishing”.
The training should include teaching drills and exercises grounded in real-world everyday scenarios that test employees’ ability to detect scammers and respond appropriately to fraudulent requests.
Conduct regular vulnerability tests. Perform risk assessments on computer networks and applications to find and eliminate possible points of failure.
Implement AI analytics tools to scan networks, user accounts, and applications to determine what passes for normal behaviour. Using these tools to auto-detect and immobilize suspicious activities before they spread.
Use Firewalls and Antivirus Software to Protect Devices
Build security fences and warning systems around internet-facing applications like web servers and cloud services
Protect all computers, smartphones and tablet with good antivirus software.
Distributed denial of service (DDoS) protection is an essential control for many industries. Guard against non-malicious interruptions with continuous monitoring and capacity planning for traffic spikes.
Be Wary of Inside Jobs
Remember that insiders are involved with over 30% of cyber attacks. Track insider behaviour by monitoring and logging access to sensitive data. Make it clear to staff just how good you are at recognizing fraudulent transactions
Limit employees’ access to only the files, folders, and applications that they need to perform their on-the-job tasks.
Where possible use 2 Factor Authentication, or even multi factor authentication, before authorizing any major requests.
Check emails for links and executables. Give your teams ways to report potential phishing or pretexting
Limit Access of External Devices
Monitor and scan any device that’s connected to a computer system or network, and prohibit the use of removable media (e.g. USB drives).
Be Careful What is Clicked and Opened
Be aware: Clean up human error wherever possible.
No clicking on links from unknown people, and no clicking on links in email. Even in social media from known people if the link or context is something unexpected from them.
Social attacks are an effective way to capture credentials..
Simply, if you don’t know what it is or who it’s from then hit “delete”
Don’t Fall for Fear Tactics
“Websites with malware are a major source of infection (more than email),” for example Brian LaBone, Senior Support Technician at Infoquest Technologies said that “Pop-up messages on a website that say your computer is infected and that you should call an 800 number are still fooling consumers.”
Keep All Software up to Date
Computer, or website, building software often contains weaknesses, or backdoors, that can let hackers gain access to the system. Install the regular security patches and updates provided by the software providers as soon as they are available.
Have a Complete Backup System
Make backups and duplicates of data and files that can be retrieved in the event of system failure, compromise or ransomware.
Install and Regularly Update Anti-virus, Network Firewall, and Information Encryption Tools
These are designed to scan for and counteract viruses and harmful programs; guard against incoming network or denial-of-service attacks; and keep sensitive information safe.
Use a Virtual Private Network (VPN)A VPN encrypts the information sent to or from your device. This prevents others from gaining access to it or seeing what you type or where you go on the Internet. Using a VPN is essential for security if you’re using public WiFi. It’s also advisable if you use RDP (remote desktop protocol) to log into a remote computer.
In many cases cyber protection will be grudge purchase or investment ... no different from reluctantly paying insurance. But as the internet grows exponentially so do the risks. Individuals and organisations are interwoven and the consequences of cyber breaches can be devastating.
Don’t become a victim through neglecting this essential business requirement.
If you are not convinced that your chance of becoming a cyber attack victim is increasing then read more scary statistics in this article from SafetyDetectives.