The 9 cyber threats you need to know about now
It’s Friday 13th. Unlucky for some. But don’t let it be unlucky for your business.
Cybercrime is one of the hottest topics for all businesses right now. And the biggest business crime in the UK.
But do you know about the latest cyber threats?
When it comes to cybersecurity, knowledge is power. Read on and clue yourself up…
-
Ransomware
Ransomware has become the poster-girl of cybercrime, with hackers making millions by corrupting files and demanding a ransom for their safe return.
It used to be that they’d focus all their efforts on large organisations like healthcare providers and multinational enterprises, but they’re now regularly attacking small businesses too. In fact, they use automated software to target all businesses, all the time.
All it takes is one click on an infected link… and all your valuable data is being used as a blackmail tool. Some people are prepared to pay big to ensure they don’t lose that data forever.
A new strain of ransomware referred to as LockerGoga was specifically created to target manufacturing and industrial companies; not only stealing data but physically harming machinery. With ransomware architects now able to literally bring production completely to a halt, a no-nonsense approach to security has never been more important.
-
Malware attacks
There are a host of different malware (malicious software) attacks being deployed by cybercriminals these days, all of which are specifically created to cause as much harm as possible.
Common causes of successful attacks include file sharing through insecure sites, downloading media and signing up to free software programs, so strict security mechanisms are a must.
-
Cloud abuse
Cloud computing offers a list of benefits as long as your arm, but it’s still easily abused. The fact that we can all work remotely from our mobiles and tablets increases the risk of devices being lost and data ending up in the wrong hands.
Plus, with everything stored in virtual servers accessible from anywhere, it’s crucial to proactively defend against malicious activity and have robust back-ups in place.
-
Insecure API attacks
This thing called an API allows different pieces of software to speak to each other. But if they aren’t created with strict security processes in place, hackers will soon be buzzing around your data like wasps around an ice lolly on a hot day.
There’s very little you can do about this unless you’re a technological whizz who designs software alongside your day job. The safety of your organisation is very much in the hands of your provider. To avoid getting stung, be sure that stringent data encryption and authentication software is included before you buy.
-
Supply chain attacks
Supply chain attacks are a particularly nasty weapon in the cyber criminal’s arsenal, and they’re becoming increasingly common. Also referred to as third-party or value-chain attacks, they happen when someone from outside an organisation has access to its data. What looks like a legitimate software update is pushed out, but instead of updating it spreads a fastmoving and destructive virus that has the power to take whole companies out of operation.
The most high profile example at the time of writing is the NotPetya attack, a Russian-masterminded piece of malware that released the most devastating cyber event businesses had ever seen. The virus spread like wildfire, turning computer screens black and disabling entire networks within minutes.
The really terrifying thing about NotPetya and its ilk is that the viruses spread on their own, with no need for human interaction. Until recently it was safe to assume that as long as people knew how to recognise an iffy email attachment, cyber criminals wouldn’t be able to cause much damage. NotPetya has changed the face of computer viruses because it can take out hard drives all by itself.
According to a 2018 survey conducted by the Ponemon Institute, over half of organisations had suffered breaches that were caused by a vendor – further proof that you need to pick your suppliers wisely.
-
Poor password management
Weak passwords are pointless and dangerous, but millions of people are still cutting corners with easy to guess codes like Password1 and 12345678. The impact is so serious it’s predicted that passwords as we know them will be dead within the next few years. Instead of single-factor authentication (using one password to access an account) security conscious organisations are using multi-factor authentication instead.
-
Your own staff
Unfortunately, the weakest link in many organisations is often well-meaning staff. With the exception of sophisticated attacks like NotPetya, the majority of computer viruses need a human being to enable them, by clicking on a link or replying to a phishing email.
These attacks often happen at the end of a busy day when defences are low and people are thinking about going home. So it’s essential that everyone is educated in how to recognise dodgy messages.
You’ll also need to implement a robust plan for managing personal devices if people work on the go. Transport for London reported a huge 34,322 lost mobile phones at the end of 2017, along with 1,078 laptops, 71 games consoles and staggeringly – 10 desktop computers. It only takes a second to leave a device on a train, but the repercussions last a lot longer.
Regular backups and data encryption are a must if you want to avoid the drama of a mislaid mobile device.
And let’s not forget previous staff, particularly if they left under a cloud. Disgruntled ex-employees have been known to delete files, steal data, spread rumours and even access company bank accounts. So it’s important to disable all access the second they leave the building.
-
Basic data loss
Cyber threats aren’t always the work of evil geniuses hacking into computer networks. Data goes missing for lots of reasons, and it’s usually completely accidental. It’s happened to the best of us; spending hours typing away on a document, only to delete/lose it at the last minute.
Without a reliable back-up method, that file is lost for good.
14% of data loss is caused by human error, 10% is down to software failure and the rest is caused by hard drive crashes and system errors.
Data losses like this don’t just take a huge amount of time and effort to fix, but they can seriously damage reputations too. And with GDPR now in full swing it’s never been more important to ensure that accidents like these don’t happen.
You’ll need regular backups, 24/7 data monitoring and SSL security encryption to give you peace of mind that even if the worst does happen, your business critical information will never be too far away.
-
The Internet of Things (IoT)
It’s a fancy phrase that’s become quite a trend over recent years, but the Internet of Things is really just about different devices being connected online.
With everything from heating to doorbells now being operated by our mobile phones while we’re out and about, there have been understandable concerns about security.
Hackers are always on the lookout for weaknesses in new systems, so if you do invest in IoT technology in the business, make sure it’s from a trusted provider who can prove they take security safely.
If you need help protecting your business, just ask
If you’re struggling to keep up with cybersecurity, or are not sure if your business is fully protected, our expert team is ready to help. Just call the helpdesk on Cardiff 02920 003 313 or Birmingham 0121 270 3377. You can also find out more about our cybersecurity services here.
Follow us
A quick overview of the topics covered in this article.
Sign-up to our Byte-Sized Newsletter on LinkedIn for monthly updates, tips and tech news
Latest articles
January 15, 2025
January 15, 2025
January 15, 2025