Not got the time to read our full guide, why not cheat and just check out our infographic here…
In an ever increasingly digital world, the threat digital attacks pose to businesses of all sizes continues to grow. According to a recent survey by the Department for Digital, Culture, Media and Sport, over four in ten businesses (43%) and two in ten charities (19%) experienced a cybersecurity breach or attack in the last 12 months.
4 Biggest Cyber Threats & How To Fix Cyber Attacks
These figures demonstrate how important it is for businesses to implement robust security measures that will safeguard key business data. However, also included in the same survey is the fact that under three in ten businesses (27%, versus 33% in the previous 2017 survey), and two in ten charities (21%) have a formal cybersecurity policy or policies.
It’s clear there is still a lot of work to be done in the commercial sector to improve digital security. This is particularly true in the capital where financial districts such as Mayfair are prime targets for cybercriminals. At Amazing Support we’ve helped countless companies in and around London to tighten security and protect their data through our managed IT Support and Cyber Security services. In many cases this has involved dealing with the four biggest cyberattack threats to UK businesses, which we go into more detail below, along with the best way to deal with them.
1. The Ransomware/Cryptolocker Attack
Perhaps the most famous attack of this kind to date was in 2017, when the WannaCry attack hit the NHS and heavily affected its systems.
A growing number of large organisations are targeted on a monthly basis, yet it is reported that 84% of the UK’s biggest brands still do not understand the impact it can have on their business.
But it’s not just the big players who are locked in this battle. When you consider that up to 60% of businesses go bust within the first six months due to a cyberattack, it’s an issue that affects everyone.
Ransomware viruses work as a Trojan that are usually hidden in email attachments. Once opened they can ‘lock out’ users from accessing their files on a Windows PC, infecting the entire system. The name ‘ransomware’ comes from the money victims are asked to pay in return for a password that will give them access back to their computers.
Most types of ransomware are difficult to recognise before they start to spread and infect. Users usually become aware once they receive a message telling them their files have been encrypted.
How to Fix & Prevent RansomWare
Using our experience in the field, we suggest implementing the following:
- Installing and maintaining an up-to-date antivirus
- Checking that web-filtering definitions are maintained
- Providing staff training on cybersecurity so they know which red flags to avoid
- Ensuring all file backups have been successful for at least 30 days
- Keeping all computers on the network patched and updated
2. Email Phishing/Whaling Scams
By nature most people place their trust in others, even if they don’t know them too well. It’s one of the best traits we have as humans, but unfortunately, it is also manipulated by hackers who are willing to exploit people’s willingness to trust before asking questions.
Phishing, or whaling (also known as CEO Fraud) is a method used by cybercriminals to gain access to some of your most sensitive business information. They’re after things like business credit cards and bank account details and any other passwords that will give them direct access to company related funds. This is done by either sending a fake email, or redirecting you to a fake website that looks like the real thing.
These messages usually take the form of bank requests asking for private information on email or via a website, or request you click on a link to update or verify account details, suggesting there is an issue that needs your immediate attention.
It’s these type of threats that 72% of FTSE 350 companies are becoming increasingly concerned about compared to all the other risks facing their business. When you consider this has risen from 54% in 2017, it highlights how seriously these are now being treated.
However, despite 96% of FTSE companies claiming to have a cyber-strategy in place, only 16% state that their board understands how cybercrime can potentially lead to huge losses in terms of share price, damaging the brand’s reputation and the negative impact it can have on customers.
How to Fix & Prevent Email Phishing Scams
However, while businesses aren’t able to remove phishing attempts, there are a number of ways they can be prevented:
- Ensure email filtering is in place to reduce phishing attempts
- Provide detailed staff training on what to look out for and avoid
- Always keep passwords secure and only available to users
- Check URL addresses before following a link as they are usually a different domain
- Make sure web browsers are kept up-to-date and patched
3. Online Extortion
The threat of extortion is something business owners have had to face for centuries, but the style and platforms used by modern-day cybercriminals has evolved and changed.
With the ability to quickly send information to multiple sources at the touch of a button, this is used by hackers as a threat if a victim refuses to comply. For example, sextortion is an email based scam sent to businesses – usually high ranking executives – demanding they pay up large sums of money or face the ‘consequences’. This could be anything from bad PR about the company, to fake sexually-orientated videos attempting to ‘expose’ their target.
Blackmail of any kind is scary, even when you have no association with any of the threats being made against you. This type of scam is intended to make you think they have access to your passwords and have personal footage you do not want anyone to see. It’s intimidating and threatening, but it is also a scam designed to prey on your worst fears.
How to Fix & Prevent Online Extortion Attempts
We’ve dealt with these emails on a number of occasions, and would advise the following actions are taken:
- Refuse to pay any money as this is a scam trying to extort money
- Change your passwords and ensure they are not easy to guess
- You can either disable your webcam or cover it, so you remain in control of it use
4. Zero Day Attacks
A zero day attack happens when hackers specifically target a flaw or vulnerability within a system. The name derives from the fact that a cure hasn’t been invented at the time the attack took place – because if one did exist it couldn’t be referred to as zero day.
Essentially there are two types of zero day attacks that can occur. A zero day vulnerability uses an existing hole in the software’s security, while a zero day exploit uses the same vulnerability to install harmful software onto the system.
Once infected, it is used to destroy, disrupt and steal vital business related data. A good example is the attack suffered by Sony Pictures in 2014 which saw an organised group of hackers steal and share information related to unreleased films, contracts, business plans and email communications between top level executives.
Like many other types of digital infections it is impossible to spot zero day attacks.
How to Fix & Prevent Zero Day Attacks
Based on the numerous occasions we’ve helped SME’s and corporations overcome these issues, there are a number of preventive measures that can be put in place to lower your exposure to these risks:
- Ensure all systems on the network are up-to-date with the latest operating systems
- All security patching is regularly updated to reduce zero day attack threats
- Check all browsers, operating systems and security software is configured correctly
- Provide training to staff to ensure they practice safe and effective online security habits
Fixing & Preventing Cyber Attacks On Your Business
While the scale of the threats may differ if you are an SME or a larger organisation, the type of dangers facing every business are the same. Although it may seem as if threats are lurking in almost every corner, by implementing a concise cybersecurity strategy they can be defeated.
The government have also set up their own initiatives with the National Cyber Security Strategy, which saw the launch of the Cyber Governance Health Check which has been designed to help businesses get up-to-speed.
Where the concept of hackers and cybercriminals were once the domain of Hollywood thrillers, it is now a reality the business world has to face up to. It’s an issue that is here to stay, and by using the right tools, it can be successfully tackled head on.