[BreachExchange] 4 Cyber security threats all companies face and what to do about them

Audrey McNeil audrey at riskbasedsecurity.com
Mon Dec 18 18:59:55 EST 2017


http://www.tradeready.ca/2017/topics/import-export-trade-
management/4-cyber-security-threats-all-companies-face-
and-what-to-do-about-them/

Irresponsible users, the Internet of things, “Bring Your Own Device”
policies and the cloud – these commonplace aspects of online business
routines are venues for cyber security threats. Implementation of new
technologies that are meant to increase business productivity and
efficiency also put companies at a greater risk of cyber attacks.

Statistics show that 64% of companies have experienced web-based attacks in
the last year, including phishing and social engineering attacks (62% of
respondents), malicious code and botnets (52% of respondents) and denial of
service attacks (51% of respondents). It doesn’t matter how small or big a
company is – it can be significantly compromised at any moment as long as
it is connected to the World Wide Web. Enough to make anyone nervous, right?

During recovery from a cyber attack, a company will lose financial benefits
carried out by customers, employees, business partners and its corporate
image.

The average cost of a data breach in Canada is $6.03M.

Of course, costs and outcomes will always depend on the nature of the
attack and the extent of the breach, but the loss of revenue from a cyber
attack will outweigh the financial investment in online security mechanisms.

1. Malware opens the gate to your company’s data

A cyber attack is a purely technological act. When you hear about a cyber
interruption, the first thing that comes to mind is a computer virus.
Malware installation – an online security attack conducted by viruses and
worms – significantly impacts one’s ability to find a “common language”
with an affected device.

The rapid development of malware is a huge concern, not only for businesses
but also for producers of anti-virus solutions, as it is getting harder to
keep up with. In just a few months one company might capture up to 18
million new malware samples, or up to 200,000 samples per day! It can cause
system sluggishness, loss of internet connection, inability to access
files, etc.

Sometimes malware is obvious – it operates overtly, constantly produces
pop-up windows and gives you warnings. But malware can also sit silently on
your computer, watch what you are doing, use your computer to sending out
malware to other devices in your network, or sneakily download data from
your network to the attacker’s home base.

Normally, malware installation is not the ultimate goal of a cyber
attacker. It can be the gateway to gaining control over your whole
corporate network.

Once a burglar breaks the front door of your office, he automatically gets
access to all other micro offices inside; he can steal documents, damage
equipment, and vandalize the property. This is exactly how malware acts
after opening the “front door” of your corporate network through just one
device.

So, it should absolutely raise a red flag when your computer becomes
unusually slow and starts performing tasks you haven’t authorized.

2. Your corporate secrets get revealed

How many confidential files sit in one single computer at your office?
These types of files are always hunted for. Data leakage is the most costly
outcome of a cyber attack for an organization. Think about it in
Foucauldian terms: knowledge is power. Once your knowledge in the form of
important data is transferred to someone else, so is your power.

Losing dollars is nothing compared to losing exclusive knowledge about how
these dollars were made. With data leakage, we are talking about revealing
your formula of success constituted by micro (and often under-the-table)
operations, intellectual property, special agreements, partners’ contact
details, client’s confidential information and records.

3. Accounts associated with your business become vulnerable

The loss of corporate data also covers theft of information or login
details for accounts associated with your business, including your
customers’ accounts. Many global companies suffered from major data leaks.
Equifax, a top credit-reporting company, ended up exposing personal data of
over 143 million people as a result of a cyber security breach. Customer
names, Social Security numbers, birthdates and addresses were stolen by
hackers. They also stole credit card numbers of about 209,000 people.

Disastrous events like this can happen even when your corporate devices are
not affected. In most of these cases, account details are obtained through
vulnerable online platforms your company is using.

You and your clients are under a particular threat when your website
enables a shopping cart functionality.

According to Rob Moerman, senior manager of the Cyber Intelligence Centre’s
operations, “when a hacker finds a vulnerable website, they can expose that
crack within minutes to retrieve information like usernames, passwords, and
credit card information” (Canadian Business, 29 June 2016).

Alternatively, company login details can be obtained by breaching your
corporate network. Broken-into accounts, online banking login details, and
credit card information are used for unauthorized financial operations.
This outcome of a cyber attack represents a complete loss of control of
your company’s finances, as well as a direct and immediate financial cost
to you and your clients.

4. Indirect financial loss

Some impacts of cybersecurity breaches are indirect but, nonetheless, quite
frustrating. Loss of customers is one of them. Would you ever want to deal
with a company that doesn’t take care of your money or doesn’t take your
confidential information seriously? Nobody would.

Of course, cyber attacks are not something that one can fully control or
prevent from happening. However, as a well-respected and trustworthy
company, you should obtain at least basic online security systems, be able
to reassure your audience that you are prepared for a potential risk of a
cyber security attack, and guarantee a speedy recovery.

Consumers invest in reliable organizations, they will move their money away
from companies with a history or perceived risk of data breaches.

Another indirect cost is associated with the redemption of your workforce,
both technological and human, after a cyber attack. Information, employee
productivity, and productivity of your business electronic devices all take
time, effort and money to be successfully recovered.

Financial penalties comprise the third example of indirect costs. There are
multiple fines that can follow a cybersecurity attack. You can be charged
by organizations such as the Federal Communications Commission, Federal
Trade Commission, Health and Human Services, the Payment Card Industry Data
Security Standard, and other regulatory agencies for letting a security
breach happen.

Finally, you should never underestimate the cost of legal cases that can
potentially arise as a result of a cyber security breach.

Get some IT professionals on your side

The greatest challenge for companies’ looking to improve their cyber
security is a rapid development of hacking mechanisms. The most effective
solution in this situation is to have a full-time team of IT specialists
who follow the news on a regular basis and learn about innovations within
the field. Your IT must stay on top of their game and make sure that the
company is prepared to resist cyber attacks at any point in time.

Apply the right security software

It is not enough just to be aware of new trends in cyber security. It is
much more important to update and enhance anti-virus and anti-malware
software. This software is a security mechanism that you put on your
“office front door”; so, make sure you use a reliable “lock” which is
sophisticated enough to protect your business.

Ensure everyone follows best security practices

Finally, educate your staff!

A recent data breach investigation report has shown that the majority of
data leaks are a result of weak credentials.

So, secure password protocol is very important; it prevents situations when
your data is protected by a “12345” type of password, or a password that
your employee has been using for the past couple of months for all types of
platforms he/ she is active on.

Imagine that feeling when your wallet gets stolen or your personal notebook
is viewed without your permission. Invasion of privacy is always a highly
unpleasant thing.  Digital privacy nowadays is a real concept, more real
than ever before. So, the same way we protect our wallets and notebooks, we
should also take care of our network security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171218/d24f16c8/attachment.html>


More information about the BreachExchange mailing list