[BreachExchange] Protect Your Business from Crafty Hackers

Audrey McNeil audrey at riskbasedsecurity.com
Fri Oct 7 14:09:37 EDT 2016


http://nationalcybersecurity.com/protect-business-crafty-hackers/

We’d all like to believe we are immune to cybersecurity threats, but the
truth is that anyone could be hacked at any time. It doesn’t matter if you
own a large enterprise company or are an individual doing a little online
shopping, hackers are hungry for your personal information.

This is especially true for small businesses. In fact, nearly half of small
businesses suffered cyberattacks last year, and the average loss of
business was in the tens of thousands of dollars!

While cybersecurity efforts have improved in the past decade, so have the
threats.

Continuously evolving technologies and risks have locked us in a digital
arms race, and cybercriminals are not showing any sign of slowing down.

Digital Arms Race

It seems that every time we discover and patch a network vulnerability,
another one is exploited. It can be enough to make your head spin. Tech
news source ZDNet reports that hackers, looking to combat our digital
solutions, have begun grouping together to cause more damage: “Cybercrime
gangs are now almost as sophisticated as the big businesses they are trying
to steal from, leading to a new security arms race that companies are
losing.”

That’s right. Hacking has matured beyond lone-wolf attacks and is regularly
taking advantage of automated or brute force attacks to infiltrate
organizational data.

Credential stuffing, for example, uses large scale automated attacks to
test stolen login credentials until gaining access to financial assets.
Hackers then use these accounts to transfer money to themselves or hold it
for ransom until the rightful owner pays a lump sum.

Hacking software like this can be easily obtained on the dark net and used
against your small business. That’s scary stuff! And, according to the
OWASP Automated Threat Handbook, there is no shortage of these kind of
attacks.

Of course, it’s not just company desktops and laptops being targeted.
Cybercriminals are moving to mobile as more workplaces adopt
bring-your-own-device (BYOD) policies. While BYOD is incredibly useful in
improving employee productivity, it has made it even easier for hackers to
exploit your data through SMS phishing scams, unsecured Wi-Fi connections
or unencrypted mobile data transfers.

And it doesn’t stop there. Evidence shows that hackers are already gunning
for the burgeoning Internet of Things in hopes of discovering security gaps
before the market even takes off.

Low-Hanging Fruit

While the most adept hackers are developing more advanced ways to attack
state-of-the-art security solutions, others prefer to infiltrate your small
business through methods tried and true.

Phishing scams and spam email attachments are still some of the primary
methods cybercriminals use to access your most valuable data. That’s
because these techniques prey on the weakest link in the cybersecurity
chain – your employees.

Human beings aren’t perfect. We are often tricked by phony sign-in pages or
sketchy download offers. Hackers figure that if they cast out a large
enough net of fraudulent emails, someone is bound to click it. Then boom!
Your data is under their control.

Other security gaps include old software or outdate web browsers that have
not patched existing security flaws. While your employees may not realize
it, ignoring regular update prompts from these services could put your
whole organization at risk.

In the end, educating your employees, following best practices and
investing in cyber security insurance services can greatly improve your
chances of fending off a data breach.

The Best Offense Is a Good Defense

While the news about data breaches can be alarming, the truth is that
establishing basic cybersecurity defense measures is enough to convince
many hackers to look for an easier target.

Even newer, more high-tech threats can be foiled by following a few basic
rules: stay informed, avoid suspicious services or material and report data
breaches quickly before things get out of hand.

Many people ignore the reality of cybersecurity risks until it’s too late.
Don’t be one of them!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161007/43635dd5/attachment.html>


More information about the BreachExchange mailing list