It feels like we've already lived several years in 2020, but we're only half-way through arguably one of the worst years in living memory. With a second wave of COVID-19 looming and further restrictions in place, cyber-criminals must be licking their lips at the chaos plaguing business.
Staying alert when it comes to safeguarding your business online is now more important than ever. The threatscape is broader, sophisticated and, in some cases, only detectable when it's too late. Below is our list of the most common forms of cyber-attack that hackers are using to target business and individuals alike in 2020.
Ransomware and Malware
There are multiple methods by which ransomware and malware can gain access to your network. The most common delivery systems is via email, either masquerading as an attachment or requesting you to download a file from what you assume would be a trusted source. The result of such attacks is data loss across the network, or in some cases a complete compromise and loss of your IT systems.
Once they're downloaded and opened, ransomware and malware can take over your computer, especially if the virus has built-in social engineering tools that trick you into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without requiring any deception.
Phishing and Credential Theft
Credential theft via phishing emails has become more widespread through the Covid-19 pandemic. Spoofed sites (such as government departments or law enforcement agencies) are designed to obtain your credentials and from there these are used to either compromise your business or even your personal accounts and finances. ffff
It only takes a moment for a hacker to identify the senior staff of a company through a company website, trade publication or LinkedIn profile. The hackers then set up an email account using the same name and send fraudulent requests to other employees. These attacks are highly targeted and generally harder to detect.
Insecure Remote Connections
Any form of remote access is an entry point into your network. Certain ports open on your firewall is an invitation for a cyber-attack. This coupled with a weak password policy is a recipe for disaster. Once a cyber-criminal is inside your network the damage that can be done is limitless.
How to Safeguard Your Business Against Cyber-Attack
A detailed understanding of your IT systems is essential in preventing a cyber-attack on your business. Whether an internal IT department or an external Managed Service Provider, your approach to security needs to be urgently reviewed.
- Are you taking a multi-layered approach to security? Endpoint protection alone will not protect a business.
- Is your endpoint protection software up-to-date and adequate?
- Does your business have secure remote connections?
- Is your user base aware and educated in the latest threatscape?
Taking a relaxed approach and an "it won't happen to me" attitude to online security can result in complete loss of your business critical data. Be proactive and take action now before an attack cripples your operation. Preventative measures can save your business from having to completely start over.
- If remote access is required, then do so via an encrypted VPN
- Enable multi-factor authentication
- Strengthen passwords governed by a password policy
- Ensure gateway level email filtering is in place
- Enforce IT security policies and procedures
- Frequent update and patching of servers and workstations
What Happens When an Attack Occurs?
There is no if. When a cyber-attack occurs, the result will be devastating and often there is nothing to do except rebuild your network environment from the ground up.
- Does your business have a documented disaster recovery plan?
- Are you aware the cost downtime will have on your business?
- Is data backed up in multiple places?
- Do you have an incident plan to follow?
- Is there a cyber-insurance in place?
After the recent cyber-security breaches to Australian institutions, small business can no longer remain complacent when it comes to online protection. The rush to get everyone working remotely has left some businesses dangerously exposed, with many having already been exploited causing irreversible damage. You cannot allow 2020 to land another devastating blow to your business.
If any of the information above has not been addressed by your business or there is an aspect you feel needs addressing, then it's critical that you speak to a Managed Service Provider before it's too late.