[BreachExchange] 3 Serious Digital Threats to Your Business in 2017

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jan 30 18:32:16 EST 2017


http://opensources.info/3-serious-digital-threats-to-your-business-in-2017/

The internet is far from a safe place to do business, but the convenience
and capability of the web makes it nearly impossible for any competitive
company to stay away. In the seemingly eternal arms race between hackers
and cybersecurity experts, digital threats are changing every year ― and
becoming more and more appalling with every generation.

To have any semblance of online safety, business leaders must be aware of
potential threats to their enterprises ― especially those that are most
likely in the coming year. Security experts predict the following three
threats to be the most probable digital issues in 2017.

1. Ransomware

Ransomware is among the newest and most insidious of malware creations.
Like any malware, ransomware can find its way onto a device through a
variety of means: a corrupted file, link, or video sent through text
message or email. However, once successfully lodged on a device, ransomware
then plays on human fears and desires by hiding a user’s files and locking
access to essential processes. Desperate and anxious, users will do almost
anything to retrieve their data ― including pay outrageous sums and freely
give privileged information.

In recent years, the variety and popularity of ransomware has grown
exponentially. Since 2012, ransomware infections doubled every year, and in
2016, around 50,000 users were subjected to ransomware attacks every month.
Worse, hackers are more motivated than ever by the substantial gains they
achieve through ransomware tactics: Last year, nearly $1 billion was paid
as ransom by users hoping to retrieve their stolen data.

Unfortunately, experts can do little to combat ransomware once it is
insinuated into a device; strong encryption usually thwarts any kind of
data retrieval. Businesses must prepare for the ransomware threat with
frequent backups of data and procedures to quickly and efficiently address
ransomware attacks.

2. Phishing

It might seem like an antiquated tactic, but phishing emails and texts
continue to produce results for cybercriminals. People tend to trust
messages from addresses and numbers they recognize, so hackers who can send
phony emails and texts laced with malware are more likely to see success.
Ransomware is often packaged in phishing schemes; in fact, a recent study
found that 93 percent of phishing emails contained ransomware. In
businesses, where emails are the primary mode of communication, phishing
can be devastating, so it is important for leaders and workers to be
equipped with strong anti-virus software and understand the most common
phishing tactics:

CEO scams. Also called CEO fraud, emails that purport to be from business
leaders can be effective at persuading lower-level employees to make poor
decisions. Most often, they convince victims to make payments, share
sensitive information, or click dangerous links.
Corporate emails. Similarly, these schemes entail sending out notices that
look like official communications, such as invoices, human resources
documents, or enrollment messages, but links or attachments are instead
grievous malware.
Technical emails. Pretending to be auto-generated messages, such as “failed
to send” or error reports, this phishing method hides danger in technical
jargon that most employees do not understand.
Commercial scams. Email marketing is exceedingly popular, so it follows
that hackers would use the same tactics, hiding malware instead of deals
inside emailed content. Sometimes, these emails look like insurance
notifications, shipping confirmations, or wire transfer requests.

3. Hacking

Insecure networks are some of the easiest and most fruitful targets for
cybercriminals. Businesses are filled with juicy data, such as customer
information, payment accounts, and even corporate plans. Many startups and
small businesses forget the importance of cybersecurity while they focus on
building their brands ― only to allow hackers free reign on their networks.
Updating all software religiously and maintaining strong firewalls
around-the-clock is vital to staying safe from this threat.

Unfortunately, the increasing strength of cybersecurity is encouraging
hackers to be more creative with their techniques. Experts are noting an
increase in employee exploitation: Hackers infiltrate employees’ relatively
weak home networks and convince them to steal corporate information.
Additionally, hackers might obtain employment with the primary intention of
leeching data and funds thanks to their employee credentials. Businesses
must be careful in their hiring processes and suspicious with their account
access to ensure disgruntled employees lack the power to destroy the
business from the inside.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170130/04ecc25f/attachment.html>


More information about the BreachExchange mailing list