Cyber criminals are continually improving and looking to exploit any weakness in your information security. Are you aware of your businesses weak spots and what’s being done to protect them?
Common Business Cyber Attacks
Emails, texts and hack applications that trick you into handing over your login credentials and then log into your account to perform malicious activity such as changing bank account details on your client invoices, or encrypting your data and holding it to ransom.
A Botnet, short for “Robot Network’’, is a group of computers, phones or other devices that are connected to the internet and have been breached. The owner can then use this network of devices to flood websites/applications with traffic this is known as distributed denial-of-service attack (DDoS attack). A recent high-profile DDoS attack was during the 2016 Australian Census. Botnets can also be utilised to steal data, send spam, and allows the attacker to access the device and its connection to perform any number of malicious actions.
The most common and high risk malware applications are encryption viruses such as cryptolocker, or key logging credential/data stealing applications such as Zues or Spyeye.
Cryptolocker typically enters your environment by users clicking an email, bringing in an infected device or by a hacker breaching the perimeter of your network and introducing the malware. The encryption application then encrypts your files and holds them to ransom.
Key logging applications often enter in a similar way and then steal your credentials, information or money through online banking applications.
Your risk of being a victim of one of these cyber security breaches can be greatly reduced by understanding your weak spots and protecting them.
- Staff: 90% of attacks are due to a staff member inadvertently clicking on something they shouldn’t
- Remote Access Systems: Any method you allow a user to interact with your systems remotely poses a risk that needs to be managed
How to protect yourself
- Security and network design best practice: Often connectivity and function are the focus of those connecting systems rather than security. Ensure that security posture is reviewed by an expert periodically
- Simulation Training: By simulating attacks we can reduce the chances of employees unwittingly handing over their details
- Next generation Firewalls, Endpoint Protection and Cloud Security solutions that can detect suspicious behaviour rather than just looking for known viruses.
- Two factor authentication, which provides an added layer of protection by asking for a token or security code when a connection is made to your system from a new external source.