16 Mar Cyber-attacks are on the increase and if you’re running a company – you’re a direct target
What is a cyber-attack?
In its simplest form a cyber-attack is an attack launched from one or more computers to another computer, multiple computers or networks. Typically, there are two different types of attack:
• To disable the target computer or network to take it offline
• To access data held by the target computer or network
Quick wins for cyber criminals
Your company has credentials for online banking, accounting and invoicing systems, CRM… and this list of applications grows as your business scales. A common practice among employees is to keep things simple by using a standardised password theme or a common name ID; password preferences are usually based on family names and uniformed company themes, all of which are easy targets for cyber criminals.
Tried and tested
Cyber-criminals tend to rely on the tried and tested methods and are not leveraging technology such as artificial intelligence and machine learning yet. Although, even the simplest threats are evolving with new vulnerabilities emerging.
Social Engineering we’ve discussed this before on our blog, however, imagine this. An Openreach engineer shows up at your premises claiming the main line is down due to a problem in the area. You check your telephone lines and the line is dead, you had momentarily thought it had been a quiet morning! Then the realisation that your customers can’t get through and you’re losing money hits. The thought that this so-called Openreach engineer with ID is an imposter does not cross your mind – you allow them access to fix the issue when really they’re gaining unlimited access to your network.
Ransomware is now commonplace where the software blocks access to the network and encrypts a user’s files. Last month Redcar and Cleveland Borough Council were breached and employees were unable to access software, planning documents, complaint systems and other critical functions, causing delays and distress to the public. It was reported that there were no individual personal information compromised but 135,000 customers were impacted and whether or not the council pay the ransom, they will still be plagued by productivity losses.
So how can this affect your company?
Cyber-criminals are increasingly using ransomware attacks to target vulnerable companies, especially those with outdated technology or lax cyber-security standards. These attacks which are already costly could see criminals who have begun stealing and releasing company data before encrypting a network. This compounds the cost and raises the stakes for achieving a defensive posture that can address these attacks.
Within the dark web you can see job vacancies for software designers and system engineers requesting ‘at least 10 years of experience’ and for applicants to ‘bring innovative approaches to operations and to think outside the box’. With annual salaries starting around £621k, with expected increases to £1.3m after 2 years upon positive performance reviews, you can see why the best in class cyber criminals apply.
Understanding how these criminals infiltrate your business and training your employees to think smart will reduce their lucrative earnings and a big headache for you.
What can I do right now?
There are a few things that you should have a clear idea about and the risks you face and how to manage them. For example:
• Where is all your collected personal data stored?
• Is it protected and what would you do if it was compromised?
A simple cyber strategy with clear defined structures, processes and criteria will be the difference from you regaining your position post an attack, or not.
• Do your employees know how to spot a spam email or fake web page?
• Does everyone know if your organisation know they shouldn’t open an attachment from an unknown source?
• Do have a strong identity authentication process?
Don’t underestimate the prominent role of human error in data breaches
It’s not all doom and gloom. Mollis can help equip your team with the right tools, such as phishing and scam awareness training, so your workforce is a crucial asset in the fight against cyber-crime and fraud.
Am I too late?
Contact us and we’ll run a complimentary scan and if you have been compromised we can help. If nothing turns up then great, you’ll have peace of mind and then you can take preventative action with testing and training your team.