While the internet has brought us countless conveniences, it has also created a new platform to carry out various crimes. When cybercriminals attack a business, they can shutdown computer systems, erase data, publish private information of employees and customers, and even take over social media accounts in order to extort an organization.
Cybercrimes have been escalating in the past years, and in 2018, almost 700 million people were victims of some type of cybercrime. In January 2019, 1.76 billion records were leaked from various data breaches around the world. According to Juniper Research, it’s projected that 146 billion records will be exposed in the next five years.
One of the biggest cyberattacks occurred in 2013, impacting 3 billion user accounts. Yahoo was in negotiations with Verizon when the data breach occurred, compromising the names, email addresses, birth dates and telephone numbers of its users. This data breach cost Yahoo an estimated $350 million off its sale price and sharply increased the legal exposure of its new owner, Verizon.
According to Cyber Security Ventures, by 2021, cybercriminal activity could reach $6 trillion in damages. And it’s not just the big businesses that have to stay vigilant against cyberattacks. According to Small Business Trends, 43% of cyberattacks have been aimed at smaller organizations.
What kind of information can cybercriminals get from your business?
If you know what kind of information a cybercriminal or hacker is looking for, then you’ll be able to protect those pieces of data better. These are the 5 most important data that cybercriminals want to get their hands on:
- Personally identifiable information (PII) of your customers, vendors and employees
PII refers to any information that can be used to identify a person such as their name, address, and social security number. With this data, they can transfer money, apply for loans/credit cards illegally, file fraudulent tax returns, or blackmail and extort your customers.
- Email addresses
While you might think email addresses wouldn’t be that valuable, cybercriminals have certainly found ways to put email addresses to nefarious uses. With an email address, they can gain access to online accounts, conduct a phishing attack that could enable them to control your company or personal devices, or even sell email addresses to businesses that send spam or unwanted marketing emails.
User credentials include passwords or any other information used to log in to an online account. Think about what someone who has your Amazon account can do with your credentials. With this information, they can purchase goods fraudulently and change the delivery address. And, if you have any credit card or payment information stored in your account, then they can very well gain access to your funds.
- Trade secrets or business plans
Hackers may also go after your business plans, ideas and other important intellectual property. New products, models, designs, formulas and even processes are a big commodity in the world of cybercriminals. Many unscrupulous entities would be willing to pay to get their hands on their competitor’s plans and either sabotage or copy them.
- Your business’ reputation
While a little more abstract, there is a way for hackers to “steal” a company’s reputation. Targeted reputation damage is fast becoming an issue for many organizations. Every time a cybercriminal successfully attacks a business, their reputation and brand takes a hit. After all, how can customers trust a business with their sensitive information if the business can’t properly secure their own brand against unwanted cyber attacks?
What kind of cyberattacks do you need to watch out for?
So how exactly do cybercriminals carry out their attack? There are many ways of hacking into an organization’s network or system. A hacker could use multiple kinds of attacks in order to find a business’ weak spots and breach its systems. Some of the most common types of cyber attacks are:
1. Denial of Service (DOS) and Distributed Denial of Service (DDOS). This type of attack floods a business’ systems, servers or networks with traffic so that the system will be unable to respond to legitimate requests. This attack isn’t meant for a hacker to gain access to any sensitive information. All they want is to bring down a company’s ability to conduct their business. Another purpose of a DOS attack is to take a system offline so a hacker can launch a different kind of attack.
2. Malware. Malicious software includes spyware, ransomware, viruses and worms. Malware attacks typically occur when a user clicks on a dangerous link or email, or installs risky software. It can also be considered a jumping point for other tactics or cyberattacks. Once installed, a malware can:
- Block access to a system or data (ransomware)
- Install additional harmful software
- Obtain information (spyware)
- Disrupt the system to make it inoperable
3. Man-in-the-middle(MitM) attacks. These are also known as eavesdropping attacks. A hacker will insert themselves into a two-party transaction in order to gain access to information. Two common tactics to breach a system would be through malware or unsecure public Wi-Fi connections.
4. Phishing and spear phishing. Phishing is when cybercriminals send an email that looks like it came from a trusted source so that users will click on it. Through phishing, hackers can gain personal information or influence a user to take an action such as visit a risky website or download malware.
Spear phishing is a more targeted form of phishing. In this case, an attacker will take the time to thoroughly research their targets and create an email that is personalized and relevant to the user, making it even more likely that they will click on the email.
How can you protect your business against cyberattacks?
Photo by Pixabay from Pexels (https://www.pexels.com/photo/men-working-at-night-256219/)
Now that you have a better idea of what cybercriminals are after and how they carry out their attacks, you’ll be better able to protect your business, your customers, and your employees against cyberattacks. Here are some steps you can take to secure your systems and network:
- Keep your software and security patches updated.
Any software that your company or organization uses should be the latest version. Older software and apps are vulnerable to zero-day exploits. Make it a habit to routinely check all major software for updates on at least a bi-weekly basis.
- Don’t ignore your physical security.
While cybercrimes occur mostly over the internet or network, it doesn’t mean you can be lax about your company’s physical environment and assets. In many cases, attackers are able to gain access to login credentials, business plans and trade secrets by being able to enter a building or your data center. Make sure to observe physical security best practices for your organization such as setting up surveillance cameras, using biometric devices, and proper screening of visitors.
- Partnering with secure third-party vendors.
If your business relies on any third party suppliers or services, then you will also need to vet their own security practices to make sure they’re aligned with yours. What do they do to protect their own systems and networks? How will they protect your business’ sensitive information? Are they following industry best-practices as well as regulations? Are they diligent about screening their own employees? Don’t put your cybersecurity efforts to waste by partnering with a vendor or supplier who will only put you at risk.
- Train your staff to think securely.
A cybercriminal will try to find many different ways into your system. An unsuspecting employee is vulnerable to such attacks as phishing and malware. Make sure to spend some time educating your team about what attacks they need to watch out for and ensure that they adhere to cybersecurity best practices and protocol. It’s also a good idea to set up strong security policies in your organization and encourage all members to adhere to them.
- Backup your data.
Whether it’s a cyberattack or just a hardware malfunction, you need to regularly back up your business’ data or else suffer an irretrievable loss. Ransomware attacks will block you from accessing your data so by having your own backup copy in a separate and secure location or network, you can stay a step ahead of the cybercriminal. A good rule to follow is the 3-2-1 backup rule: have three copies of your data, store them on two different types of media with at least one copy stored offsite as insurance against catastrophic events.
- Strong passwords and administrative passwords.
Many people are lax about setting up strong passwords, and they’ll often use the same password on different accounts too. Imagine how easy it would be for a hacker to gain access to all of your company’s assets thanks to someone using `123456` as their password. Make sure that you and your employees regularly change your passwords (at 60-120 day intervals) and adhere to best practices such as making a password at least 12 characters long, combining uppercase and lowercase letters and numbers.
Another way you can secure your system is to set up administrative passwords on an as-needed basis so that there’s a smaller pool of people who can access higher level security functions. Limiting the amount of people with access to your system means limiting the risk of someone (accidentally or intentionally) exposing you to an attack.
Cybercrime will continue to be a problem. Thankfully, there are tools available to you to combat these threats. However, it will always take due diligence, vigilance and continually educating yourself to protect your business.