Cyberattack. Hackers. Cybersecurity. Long gone are the days when these words conjured up images of anonymous creatures hunched over a keyboard in a dark room with mysterious green and white ciphers running across their black screens. With global digitization came new risks and dangers affecting companies large and small, individuals of all means. As of today, there are over 14 billion accounts and over 800 websites affected by cyberattacks. And those are just the identified ones. As cyber criminals develop new tools and techniques, it is imperative companies do not underestimate the scale of the impact one small vulnerability in their systems can cause. If large financial losses and reputational damage do not sound like a good time, below is a short list of things to consider when thinking about protecting your business.
Data Backup
Although backing up your data may seem quite obvious, it is a very important step in company’s cyber resilience as this will keep you one step ahead of cybercriminals if an attack were to occur. One of the most common attack tools in the bad actors’ arsenal are various strains of ransomware. After getting access to company’s systems (via phishing emails or malicious pop-ups, for instance), ransomware encrypts all the files it can access and deems them unusable. In order to regain access to an key, the victim is required to pay a ransom demanded by attackers, that can range from a few thousand to millions of dollars. Reportedly, this year, the highest ransomware payment of $75 million went to the Dark Angels gang. The amount has beaten the highest reported ransomware payment of 2023 that came to a £37.8 million. It can get very expensive.
By backing up your data on an external device, another computer or the cloud, the criminals cannot use it for blackmail and extortion. Despite the unpleasant fact of the attack, the company will be able to get back to work quicker and will not need to worry about paying a ransom.
Up-to-date Software
Unfortunately, having a copy of your data is only useful if it has not been stolen prior encryption as this would pose a risk of said data being sold or exposed on the dark web. Therefore, the best method of protecting the company from unwanted guests is to ensure all possible safety measures are implemented. Again, it seems obvious, but it is vital that all software, both and not, is up to date and switched on. Always download the latest versions of software and, where possible, set everything to update automatically to avoid missing anything important. When downloading updates manually, ensure they come from an official source and are compatible with your hardware and operating systems. And always ensure that everything that should be on is on – antivirus, firewalls and VPNs will not save you if they are “tucked away in a drawer” when they should be actively running.
2FA and MFA
Two- or multiple-factor authentication is a great tool that can prevent criminals from being able to access internal systems and data. By requiring multiple forms of identification, the company ensures they know who is accessing protected information. While it may seem frustrating having to take extra steps when accessing your emails, files or VPN services, this can be imperative useless. The dark web provides a great selection of compromised accounts to fit any taste and budget with combolists consisting of emails and passwords being one of the most popular and accessible products of the cybercrime sphere. By requiring and external source of identity authentication, a correct email and password combination will only give a criminal a peace of mind that whoever sold it in the first place did not lie about authenticity. The more internal services require 2FA or MFA, the harder the system as a whole will become to breach.
Staff Training
As staff are usually the centre of operations in a company, it is imperative that enough time and resources is put into improving their knowledge of the cyber risks and how to protect themselves and the company. In the current data-driven age, this knowledge will be useful not only in the workplace but in the everyday life.
One click on a link embedded into a malicious email can cause disruptions affecting whole countries. For instance, one of the biggest known ransomware attacks is believed to be caused by one stolen employee password. Colonial Pipeline, the owner of a pipeline system carrying fuel from Texas to the Southeast in the US, suffered an attack in May 2021 that disrupted operations across the whole country for days resulting in massive financial losses. Not to mention a hefty ransomware payment of $4.4 million in bitcoin, of which only $2.3 million was successfully seized by the U.S. Department of Justice.
Although Colonial Pipeline is not the only example of damage done by one leaked password, it is a great example of the importance of staff training. Educating your employees on how to identify suspicious emails and applications, how to create strong passwords and change them regularly, how to update their software and use new security measures like 2FA ensures they are informed on best practices for cybersecurity.
Filtering
Although this is not a step that can be applied to all businesses, setting up filters on emails and websites that can be accessed from within the company can contain the risk of infection. Bad actors design emails and websites to look like official entities. Email filters scan sender’s identity, keywords, content and attachments to identify validity and potential threats. Blocking certain websites that are known for malicious pop-ups will reduce the risk of an accidental installation of malware. Filtering with addition of educated staff is a good starting point for a safe and secure cyberspace.
Conclusion
Unfortunately, there is no foolproof way to be fully protected from cyberthreats. Therefore, it is important to take all possible measures to minimise the risk and, if an attack were to happen, to be well prepared to deal with it with minimal damage. The above points are a decent starting point, however, it is important to remember that as protective tools expand and develop, so do the tools used by malicious actors. Cybersecurity is not a one-time effort, but an ongoing process of vigilance and adaptation. By making staying on top of latest cybersecurity trends a priority and investing in strong defensive mechanisms, there is a good chance that if a criminal knocks at your glass door, you will detect them quicker and have effective tools and procedures to act accordingly.
Reference List:
https://cypfer.com/how-can-i-protect-my-company-from-cyber-attacks/
https://www.ncsc.gov.uk/collection/small-business-guide
https://www.axios.com/2024/08/16/ransomware-payments-price-record
https://www.techtarget.com/searchsecurity/tip/The-biggest-ransomware-attacks-in-history
The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.
In late July 2022, Twitter confirmed that it had suffered a data breach, after a threat actor appeared in a popular underground forum selling the data of 5.4 million Twitter users. Read more
Read moreThere is a clear path of progression for a bad actor to go from unknown and uninvolved, to standing shoulder to shoulder with the internet's most sophisticated criminals. In this article we attempt to answer the question of how bad actors are made.
Read moreNews of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.
Read moreThe cyberattack that at the beginning of May targeted and caused the shutdown of the Colonial Pipeline, the largest fuel pipeline in the US, was a powerful example of the threat posed by the rising number of ransomware attacks, and the detrimental effect they can have not only on businesses but on national critical infrastructure.
Read moreYou have probably noticed that all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional. Find out why.
Read moreHome networks are an essential part of all our lives, however, a network that is not properly secured can put your personal and financial information at risk, as well as open doors for cyber criminals to access and exploit other devices on your network.
Read moreRansomware attacks show no signs of slowing down. Discover 5 of the most severe attacks that occurred in 2022.
Read moreSubscription-based models in cybercrime allow hackers to offer stolen data in private clouds, reducing risks and boosting profits. For victims, this means greater threats as data becomes more accessible and exploitable over time.
Read moreAPIs play a key role in our fast-paced digital landscape as they are incredibly useful to facilitate interactions between software communications. At the same time, they harbor many vulnerabilities that can compromise security. This article explores the most common ones and their potential consequences.
Read moreThe increased reliance on VPNs made the latter an attractive target to cybercriminals. In particular, threat actors began exploiting one of the known weakest links in the chain: users’ passwords.
Read morePlease fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!