Multiple reports have been published recently covering the cyber threat landscape for businesses, including the Verizon 2016 Data Breach Investigations Report and McAfee Labs 2016 Threats Predictions. These reports have unveiled some of the major cyber threats businesses face today, as well as why human error is such a big issue. For example, 63% of confirmed data breaches involve using weak, default, or stolen passwords, and 26% of miscellaneous human errors involve people mistakenly sending sensitive information to the wrong person! As technology advances, the cyber attack surface will only expand and these statistics will become increasingly unacceptable. It’s more important than ever to, at the very least, implement basic defenses and avoid human-based vulnerabilities as much as possible. Let’s look at some of the common threats today:
Phishing continues to be an effective tool for attackers, as it can very quickly compromise a business network, and attackers can target specific people or organizations. Phishing is a primary method of infecting victims with malware, working by spreading as a trojan whose payload is disguised as a seemingly legitimate file, often coming to the user from a spoofed email address that looks like a legitimate sender. The email tends to carry a malicious attachment or instruct users to click a link that allows a virus to enter their machine. A huge issue here is the human error because many business users are unable to identify phishing emails. In the past year, 30% of phishing messages were opened by users, and 13% of those went on to click to open a malicious attachment or link!
Ransomware is a growing threat, with attackers wanting fast cash. This effective type of malware restricts access to a user’s PC, applications, or files and demands that the user pay a ransom to the malware operators to remove this restriction – it also works on a business-wide level, impacting an entire network. Crypto ransomware encrypts files on the hard drive and requires payment of the ransom for decryption, while locker ransomware locks the system and displays messages to scare the user into paying. Criminals often attack Microsoft Office, Adobe PDF, and graphics files, which are typically found in business environments. These targets will expand in coming years.
With extortion hacks, attackers threaten to release sensitive company or customer information if the victim doesn’t pay. Even with backed up data, this presents a threat to a company whose reputation and customers are suddenly at risk. Common examples of extortion hacks include the Sony, Ashley Madison, and InvestBank hacks. This method works because it creates fear. Organizations fear the exposure of private information, which could lead to angry customers and lawsuits, and even executives losing jobs.
What can you do?
These reports have made it clear that no system is impenetrable, and difficult-to-detect attacks are growing more common. However, even the most basic defenses deter cybercriminals, who will often look for an easier target. But you don’t have to stick to the basic defenses – in fact, we suggest you move beyond those. There are many tools businesses can use to better prevent, detect and respond to attacks. Reports like these have allowed us to find patterns and better understand how cybercriminals operate. The Verizon report offered some useful tips for protecting a business against these growing cyber threats:
- Research and familiarize yourself with the common attack patterns in your industry
- Use two-factor authentication for your business systems and applications
- Monitor all inputs
- Patch promptly
- Encrypt business data in flight and at rest
- Train staff on the threats and steps they can take
- Know what data you have, and protect it accordingly
- Limit who has access to what – not everyone needs access to everything
How HTG Can Help
Many security experts have designated crypto ransomware as the greatest security threat to organizations today. HTG’s Cloud Backup solution can protect against this and is a reliable way to recover files following an attack. The solution provides organizations with a seamless and secure backup of their data to HTG’s cloud. HTG takes care of all the management, monitoring and dependability of the customer’s backed up the environment. Cloud Backup is secure, encrypted, scalable and efficient.
Any business continuity plan should have the file-level backup, but another key component is disaster recovery. Cloud Recovery is designed for large-scale failures and true disasters, rather than single-item restore – depending on the extent of the situation, this solution may be necessary. Together, Cloud Recovery and Cloud Backup can create a well-rounded business continuity plan for a cyber attack.
HTG delivers nothing but the highest quality protection for customer data and information. We have equipped ourselves with government-grade facilities to hold sensitive information for safe, encrypted storage in SAS70, SSAE 16 Tier 3, Class 1 data centers. Every one of these data centers features on-premises security guards, keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitor access. The facilities are engineered to the highest of standards in order to ensure customers’ businesses are running 24x7x365.
Previously posted on HTG Blog:
HTG – HTG 360