Damage from cyber crime is projected to reach $6 trillion per year by 2021, which represents double the 2015 figures. The widening glut of cyber-security professionals means that most companies are ill-equipped to face what IBM has termed the”greatest threat” to companies worldwide. While much of the discourse around cyber-crime focuses on data points, raw numbers can leave companies feeling discouraged when it comes to compliance and cyber security.Given how wide spread the threat is, some may feel there is nothing they can do — that a cyber-attack is inevitable. This is counter-productive and false: Risk assessments can show your company where you are vulnerable so you can protect against vulnerabilities.
Think of these like a road-map to better business data-security. So you comprehend (and can act upon) the outcome of your risk assessment, it’s important to understand what types of attacks you might expect to face. Review the most common cyber security breaches before upcoming risk assessments to get the most from this investment in cyber security.
Small businesses suffer 58 percent of malware attacks, even though attacks on their corporate counterparts may get more press. In a malware attack, malicious software infects the computer or network. An employee may download something, thinking it is legitimate,and unintentionally infect the workplace network.Once the malware is unleashed, it will harm the business by sending spam, wiping out business data, or stealing business credit card credentials, for instance.
While some criminals may be targeting more small businesses on purpose, the rise in malware attacks on small businesses is likely due to the patchwork protection of many cyber security systems.
You may be able to prevent malware by educating employees around detecting and deleting suspicious E-mails, since over 90 percent of malware comes via E-mail. Firewall protection helps by filtering malicious E-mails before they reach the inbox.
Estimates indicate that 60 to 70 percent of email is spam– and much of the spam consists of phishing attacks. Phishing emails attempt to trick readers into giving up login credentials or other personal information.
Many phishing emails appear legitimate to readers. They may mimic a bank, credit card company, or another trusted service provider. In many cases, phishing E-mails are so convincing that they pass your firewall, spam filter, and anti-virus.Phishing is one of the oldest forms of cyber attack,and these scams have come along way since their beginnings in the 1990’s. Notable examples of phishing include the iCloud nude celebrity photo leak and the Clinton campaign manager, John Podesta, sharing his Gmail password.A new report indicated that 76 percent of businesses faced phishing attacks in 2017. These businesses saw a roughly 9 percent click rate on phishing emails across all email types. Online shopping and business email improvement emails saw click rates close to 90 percent, a scary data point to consider.Pass around examples of phishing emails, so employees can recognize malicious emails. Consider rewarding employees for forwarding suspicious emails to IT to keep motivation high.
Distributed Denial of Service (DDoS)
Distributed denial of service or DDoS attacks a re-coordinated efforts to bring down your site or network. Money is often a motivator for DDoS attacks, but these cyber attacks an be politically motivated too. Consider the threats to “take down” the opening ceremony for the Winter Olympics in PyeongChang.
In rarer cases, DDoS attacks have a personal component, for instance if a disgruntled former employee decides to take revenge on the company that let him go.
In a DDoS attack,compromised assets (such as bots) flood your website or service with traffic. Your website becomes overwhelmed with requests for connections or messages until your site crashes.
The rise in Internet of Things devices spells trouble for businesses, as it means that connected Things — all those personal assistants and fitness trackers — can be turned against business websites.
While your site is down, legitimate customers cannot access your website. The damage in lost revenue is potentially huge, especially when you consider that the longest DDoS attack lasted for 12 days.
Training does not work for these cyber attacks, since you cannot predict if or when you will be targeted. To defend against these cyber security threats, you must identify where your cyber security is weak and improve protection in critical areas. Monitoring the network and applying patches efficiently further reduces your risk.
AGMN is offering a promotional cyber risk assessment, which is the perfect chance to understand your position vis-a-vis the set op cyber security threats. When you know where you are protected and where you need to reduce risk, you can take the appropriate actions to safeguard your digital assets from attack.