The number of UK businesses that fall victim to sophisticated cyber-attacks year upon year is concerning. According to the Cyber Security Breaches Survey 2019, 48% of UK businesses identify at least one breach or attack every month. It’s often the case that the damage is done before organisations even know what the threat is.
October is Cyber Security Month, a campaign that aims to raise cyber awareness and promote methods that people and businesses can adopt to defend themselves against cyber threats.
To help do our part, today we are outlining some of the most common cyber threats that we all face today.
The term ‘phishing’ was first coined in the mid-1990s amongst hackers who tried to trick AOL users into giving away their login details. Today the scam is still rife (especially amongst businesses) and the aim today is still the same – trick the victim into giving away personal information unwittingly. This is often achieved by getting people to click on hyperlinks which lead to malicious websites. The deception is that these sites often look legitimate enough for people to feel confident that they are providing information to someone they can trust.
Phishing attempts often begin with an e-mail, however fraudsters can also attempt this type of scam with a phone call (known as vishing) or a text message (known as smishing). Lancaster University fell victim to a suspected phishing scam in July this year when a hacker sent fake invoices to undergraduate applicants. The result? Students and undergraduate applicants had their personal data stolen.
To a well trained eye, phishing attempts are easier to spot. You should be especially wary of e-mails with poor spelling, syntax or grammar. If you are being asked for your personal information in return for something which seems too good to be true, chances are this is also fraudulent. In any case, requests for personal information should at first be met with distrust. If you’re concerned about any request – even if it is accompanied with some type of threat – you should instead make contact with the purported organisation through alternative and official means.
Short for ‘malicious software’, malware is the umbrella term used to cover a variety of intrusive software such as viruses, ransomware, or spyware, i.e. programs that are created to secretly enter or damage a computer and steal information.
Cyber viruses are very much like living viruses – they attach themselves to healthy files and infect other healthy files, spreading quickly. A virus will attack a computer system’s core functionality as it corrupts files and will often render computers unusable.
Ransomware attacks involve hackers gaining access to computer systems, locking an organisation’s data with encryption and then demanding a ransom to restore access. Even the NHS has been a victim of ransomware in what was known as the ‘biggest ransomware offence in history’. In 2017, a highly sophisticated hacking tool resulted in hospitals and doctors’ surgeries in parts of England being forced to turn away patients and cancel appointments.
The clue is in the name. Spyware runs quietly in the background and ‘spies’ on what a user is doing and collects sensitive information, from credit card details, to login information, all without the user noticing.
Phishing attacks are a common way to spread these types of malware. In addition to making sure that you have robust anti-virus software installed and that you keep it up to date, you should always be very cautious when you are asked to click on e-mail attachments and hyperlinks. If you are at all uncertain that these are legitimate and harmless, then the best advice is “just don’t click”.
Distributed Denial of Service (DDoS) attacks typically involve disrupting the traffic of a targeted server, service or network with a torrent of internet traffic. DDoS attacks aren’t necessarily about stealing data, so what exactly is the point of them?
DDoS attacks often aim to make a network inaccessible. It’s also thought that DDoS attacks are a way to distract organisations from malicious actions that are happening elsewhere. Like most cyber-attacks, the consequences for a business which has suffered a DDoS attack can be huge, such as lost time and money – and not forgetting the loss of trust and reduced confidence among customers.
Employees and former employees
Understandably, employers prefer to trust their people. So much so, they may not even have considered there is a risk of employees stealing data and other digital assets. This may happen after an employee leaves a business, if access to systems is not revoked. It may happen before an employee leaves a business, perhaps during a notice period. It may even happen when an employee is working for a business and has no plans to leave.
Around 24% of UK businesses have experienced data breaches caused by ex-employees. The most sensible course of action to avoid this is to make sure your business has processes in place to remove individual access rights the moment an employee is no longer employed.
For employees that still work for your business, the answer is more sophisticated and it’s all about context, i.e. continuously monitoring activity across your network, uncovering anything that is unusual or unnecessary and automatically denying access.
Talk to us at NVT Group about Concepta Security Services, which is our range of managed service offerings that protect your company’s digital assets, negating the need to fund your own specialist cyber security department.
Concepta delivers Security as a Service, incorporating advanced monitoring, deep analytics, machine learning and automated response. We will identify threats and issues that need to be remediated and work with your IT team to resolve them. More information about Concepta Security Services is here: www.nvtgroup.co.uk/conceptasecurityservices
You can also talk to us about our Blue Rock cyber defence services. Blue Rock combines cyber awareness training, with ethical hacking to uncover password weaknesses across your organisation, followed by regular auditing to make sure your business stays one step ahead of cyber-crime.