CSR-WHITE-GRAY.png

Here Are the Top 3 Cyber Threats Facing Your Business (And How To Protect Yourself Against Them)

Discover Top 3 Cyber Threats Attacking Your Business to Steal Your Money.

Let’s face it, it’s no secret that Cyber-attacks can be very costly to your business.

Today, more than ever business leaders are feeling the effects of this with the recent attacks on Optus and Medibank costing thousands in damages.

But these types of attacks don’t only have the potential to cost your business large amounts of money, but also to be detrimental to your reputation in the marketplace.

The good news is that, with the right knowledge you can do something about it… Here are the top 3 Cyber threats facing your business, and what to do about them

1. Phishing Attacks

This type of attack is a type of social engineering and can be via email or text message (known as Smishing), where an attacker will send an message that pretends to be from a reputable source, and will include; (1) a link to a compromised website where, on putting in your details the attacker will be able to use these details for ill purposes, or (2) a file infected with Malware, which on opening will attack your system.

Attackers will use known brands for their phishing campaigns, some of the most common being Microsoft, Apple, Google, Chase, Amazon and will use fear to get your employees to act quickly without thinking, with common subject lines including “Your Account Will Be Locked”, or “Important: Please Log in to Your Account to Verify Your Info” or “Invoice Due”.

Spear Phishing

However attackers will sometimes use a more personal approach to try and steal your employees’ information. These Spear Phishing emails will address the employee by name, and will be spoofed to look like it came from someone in your organization and try to trick them by getting them to do something that makes sense, like update their personal information.

Steps To Protect Against this:

  1. Education – Educating your employees about the dangers of phishing attacks is the best thing you can do to protect your business. Many of these attacks, especially for Spear Phishing attacks, rely on creating a sense of urgency and for employees to act without thinking. Teach your employees;

    • To always verify financial transaction requests face to face with the sender.
    • To verify the sender’s identity by asking a personal question before acting.

    Many times an employee can unintentionally damage the business, which is another type of threat referred to as Unintentional Insider Threat. It is important to ensure that all your employees know how to spot these attacks.

  2. Email filtering – Consider configuring email protocols like SPF, DKIM, and DMARC to reduce this type of spoofing emails. This will help prevent Business Email Compromise (BEC) which will reduce the chances of Spear Phishing.


  3. Enable Multi-Factor Authentication (MFA) – This is an important step when it comes to mitigating the risks of Phishing as it reduces the chances of attackers taking control of email accounts. This extra layer of security makes it so that, even if an attacker is able to comprise an account username and password through successful Phishing, they would still be unable to access the account without the extra piece of information.

  4. Use a Password Manager – this generates strong and unique passwords for use by your employees. This helps prevent weak password reuse across and compromise. Having unique, different passwords across the business accounts prevents damage as if an attacker was about to access an employees account, they would not be able to jump from account to account using the came credentials.

2. Malware Attacks

Malware is the second biggest Cyber threat to your business and there are between 250,000 to 1,000,000 new variants being developed every day. This is a generic term referring to malicious software and ecompasses Adware through to Viruses. More simply put, Malware is code written specifically to cause harm to a computer or benefit an attacker at the expense of the victim.
Some examples of Malware include:
Viruses. These are self-replicating and installed onto your system without user consent
Trojans, which are usually installed by a user thinking it’s a legitimate software.
Ransomware, which is a form of attack which holds user or company information at ransom.
Adware. This type of Malware infects a system and is used to download unwanted ads.
Spyware, which is used to eavesdrop on users.
Malware usually comes from malicious websites, downloads, spam emails or from connecting to other infected machines or devices. Are any of your employees using their personal devices on the company network? If so, and they are infected with Malware, it might increase the risk of Malware infecting and spreading through your company. Malware is forever evolving, and attackers are becoming smarter in the ways that they are programming these. What makes this type of attack so dangerous is that its goal is to infect a system and remain undetected for as long as it can. This means that even if one of your employees inadvertently clicks on an attached infected file sent through a spear phishing email and the malware (depending on the type of Malware) spreads through the network, you might not even be aware of it until the damage has been done. However, Malware does leave tracks known as IOCs.

Steps To Protect Against this:

As with the first threat, the number one defence against this type of attack is by
  1. Education – As with the first threat, the number one defence against this type of attack is by your employees about the existence, and the potential dangers of infection by, and the spreading of Malware.

  2. Defining Critical Assets – You should keep an inventory of all devices that are connected to your business network. As a common way of infection is via your employees bringing in unknown personal devices, which may be infected, and spreading this to other systems, it is important to know about the exact devices that are used, and ensuring that all of these devices have anti-Malware software (AV) installed.

  3. Limiting Access – This means making sure that each employee only has the network privileges/ levels of permission that they need to do their job. This will limit the chance for infection of malware as, even if one of your systems are infected, it will not spread throughout your business.

  4. Keep Regular Backups – One way that ransomware works is by encrypting your company’s data, thereby blocking you from accessing it, and demanding paying for the key for that encryption. By keeping a complete backup of all your data, even if an attacker encrypts the original set and demands payment for the key, there is no need to pay as you can restore and continue operating from the backed up data.

3. Weak Passwords

Another major threat you are facing is your employees using weak or easily guessed passwords. Not only this, but you will find that many of your employees might be using the same passwords across multiple accounts across your cloud-based services. This can lead to huge losses as, if an attacker can compromise an account by getting the login credentials, they will most likely try these same details across all accounts that they can find. If this is successful, your financial information may be exposed.

Steps To Protect Against this:

  1. Change Default Passwords – many systems have a pre-programmed default password set. The problem with this is that when these systems are sold and set up for use in your business, they may have the same password as a different unit of the same model. If an attacker gets this default password from a different company, they may try it in yours and your devices may be easily comprisable.

  2. Business Password Management Technology – These platforms help employees manage passwords for all their accounts, suggesting strong passwords that cannot be easily cracked, and that are not repeated.

  3. Multi-Factor Authentication – Implementing this ensures that users need more than just a password to have access to business accounts and will include multiple verification steps. This will ensure that, even if attackers are able to get hold of account credentials, they will need further authentication to be able to access accounts.

There are several Cyber threats that are potentially devastating for your business. These
days, more than ever before these methods of attack are growing at an increasing rate, and
the developers of these are becoming smarter. The best way to ensure that your business is
protected is by having a comprehensive knowledge of the threat landscape, and by having a
strong team of IT security professionals by your side.

 

Thank you for reading our blog post about Cyber Security. As a leading Cyber Security Recruitment Agency, we are committed to helping businesses find the top talent in the industry. If you have any further questions about our company or the services we offer our dedicated Cyber Security Recruiters will be happy to help, so don’t hesitate to contact us. Thank you again for considering Cyber Security Recruitment for your staffing needs. Stay safe and secure!

Name(Required)
This field is for validation purposes and should be left unchanged.
Name(Required)
This field is for validation purposes and should be left unchanged.
Name(Required)
This field is for validation purposes and should be left unchanged.
Name(Required)
This field is for validation purposes and should be left unchanged.
Name(Required)
This field is for validation purposes and should be left unchanged.
Name(Required)
Name(Required)
This field is for validation purposes and should be left unchanged.
Name(Required)
This field is for validation purposes and should be left unchanged.
Name(Required)
This field is for validation purposes and should be left unchanged.