Multiple reports have been published recently covering the cyber threat landscape for businesses, including the Verizon 2016 Data Breach Investigations Report and McAfee Labs 2016 Threats Predictions. These reports have unveiled some of the major cyber threats businesses face today, as well as why human error is such a big issue. For example, 63% of confirmed data breaches involve using weak, default, or stolen passwords, and 26% of miscellaneous human errors involve people mistakenly sending sensitive information to the wrong person! As technology advances, the cyber attack surface will only expand and these statistics will become increasingly unacceptable. It’s more important than ever to, at the very least, implement basic defenses and avoid human-based vulnerabilities as much as possible. Let’s look at some of the common threats today:
Phishing continues to be an effective tool for attackers, as it can very quickly compromise a business network, and attackers can target specific people or organizations. Phishing is a primary method of infecting victims with malware, working by spreading as a trojan whose payload is disguised as a seemingly legitimate file, often coming to the user from a spoofed email address that looks like a legitimate sender. The email tends to carry a malicious attachment or instruct users to click a link that allows a virus to enter their machine. A huge issue here is human error because many business users are unable to identify phishing emails. In the past year, 30% of phishing messages were opened by users, and 13% of those went on to click to open a malicious attachment or link!
Ransomware is a growing threat, with attackers wanting fast cash. This effective type of malware restricts access to a user’s PC, applications, or files and demands that the user pay a ransom to the malware operators to remove this restriction – it also works on a business-wide level, impacting an entire network. Crypto ransomware encrypts files on the hard drive and requires payment of the ransom for decryption, while locker ransomware locks the system and displays messages to scare the user into paying. Criminals often attack Microsoft Office, Adobe PDF, and graphics files, which are typically found in business environments. These targets will expand in coming years.
With extortion hacks, attackers threaten to release sensitive company or customer information if the victim doesn’t pay. Even with backed up data, this presents a threat to a company whose reputation and customers are suddenly at risk. Common examples of extortion hacks include the Sony, Ashley Madison and InvestBank hacks. This method works because it’s creates fear. Organizations fear the exposure of private information, which could lead to angry customers and lawsuits, and even executives losing jobs.
What can you do?
These reports have made it clear that no system is impenetrable, and difficult-to-detect attacks are growing more common. However, even the most basic defenses deter cyber criminals, who will often look for an easier target. But you don’t have to stick to the basic defenses – in fact, we suggest you move beyond those. There are many tools businesses can use to better prevent, detect and respond to attacks. Reports like these have allowed us to find patterns and better understand how cyber criminals operate. The Verizon report offered some useful tips for protecting a business against these growing cyber threats:
- Research and familiarize yourself with the common attack patterns in your industry
- Use two-factor authentication for your business systems and applications
- Monitor all inputs
- Patch promptly
- Encrypt business data in flight and at rest
- Train staff on the threats and steps they can take
- Know what data you have, and protect it accordingly
- Limit who has access to what – not everyone needs access to everything
How RapidScale Can Help
Many security experts have designated crypto ransomware as the greatest security threat to organizations today. RapidScale’s CloudBackup solution can protect against this and is a reliable way to recover files following an attack. The solution provides organizations with a seamless and secure backup of their data to RapidScale’s cloud. RapidScale takes care of all the management, monitoring and dependability of the customer’s backed up environment. CloudBackup is secure, encrypted, scalable and efficient. Learn more about how backup in the cloud works in our course: Data Storage and Backup.
Any business continuity plan should have file-level backup, but another key component is disaster recovery. RapidScale’s CloudRecovery is designed for large scale failures and true disasters, rather than single-item restore – depending on the extent of the situation, this solution may be necessary. Together, CloudRecovery and CloudBackup can create a well-rounded business continuity plan for a cyber attack. Learn more about disaster recovery in our course: Disaster Recovery and Business Continuity.
RapidScale delivers nothing but the highest quality protection for customer data and information. We have equipped ourselves with government-grade facilities to hold sensitive information for safe, encrypted storage in SAS70, SSAE 16 Tier 3, Class 1 data centers. Every one of these data centers features on-premises security guards, key card protocols, biometric scanning protocols and around-the-clock interior and exterior surveillance monitor access. The facilities are engineered to the highest of standards in order to ensure customers’ businesses are running 24x7x365. Learn more about the state of security in our course: Cloud Security.