The views of this article are the perspective of the author and may not be reflective of Confessions of the Professions.
Common Cyber Attacks In CyberSecurity
Are you aware that your company could still be prone to cyber-attacks despite implementing advanced technologies to counter the vice? This is true if your employees aren’t on board with the importance of cybersecurity and how to mitigate attacks.
Cyber-attack statistics in the workplace are on the rise, which could spell doom for many companies around the world. Juniper, a top research analyst, predicts that global cybercrime losses will amount to upwards of $2.1 trillion by the end of 2019. This figure is four times what it was in 2015.
Why is cybercrime on the rise?
You may wonder why data breaches keep on rising yet developers are continuously creating advanced technologies for protection. The reason lies in the fact that illicit activities are very profitable for the cybercrime underworld.
According to a Bronium research led by Dr Michael MacGuire, hackers are raking in huge profits. The 2018 study took about 8 months and the findings were that criminals in cyberspace are making upwards of $1.5 trillion annually.
The following is a breakdown of the profits as compiled by McGuire:
- Ransomware – $1 billion
- Crimeware service $1.6 billion
- Data trading – $160 billion
- Theft of IP/trade secrets – $500 billion
- Illegal online markets- $860 billion
Top cyber breaches, and how to get employees on board
This is the easiest and most common type of attack in office environments. Malware presents itself in the form of a seemingly harmless instruction to either:
- Open an attachment
- Click on a link
- Download a program
An employee unknowingly initiates the launching of malware by performing either of the above activities. Malware consists of ransomware, worms, spyware and viruses that monitor a user’s keystrokes. The malicious software takes control of a computer or network and can do either of the following;
- Steal sensitive data from a hard drive and send it to a hacker’s home base
- Makes it impossible to use a system
- Block users from accessing a network’s key components
- Ensure that your employees undergo regular training on why they should avoid opening suspicious emails, downloading or opening attachments.
- Assign user rights where you limit user access, rights, and privileges
Phishing involves a hacker imitating someone that you would normally receive communication from, such as a credit card company. The hacker then steals sensitive data such as passwords or login details.
- Carrying out regular phishing simulations
- Implementing two-factor authentication which every employee must follow
- Instructing your employees to report any phishing attempts
- Creating secure connections by using HTTP
- Using dependable spam filters
Man in the middle (MitM)
Man in the middle is also synonymously known as MitM. MitM is similar to eavesdropping. Imagine a scenario where an eavesdropper taps the phone and listens to conversations between you and your service provider.
The same happens in these kinds of attacks where criminals intercept crucial data that they then use to launch attacks. Hackers have successfully been able to carry out such attacks using fake public WIFIs or after malware installation.
- Instructing your employees to avoid using public WIFIs. As much as WIFIs are becoming common in places like malls or hospitals, some could be malicious.
- If your employees have to use public Wi-Fi, they’re better off accessing it using a Virtual Private Network (VPN)
Internet of Things security (IoT) issues
IoT is what connects computer networks across the World Wide Web. Examples here could be video conferencing software or even smart devices like modern vending machines.
According to Kaspersky IoT attacks were 9 times more in 2019 (about 12 million attacks) than they were in 2018. Cybercriminals hack into IoT systems by either;
- Mimicking a device
- Simulating a service that a company would offer
- A hybrid of device mimicking and service simulation
- Companies should instruct employees to change their passwords often.
- Passwords should also incorporate letters, numbers, and symbols, to make them harder to hack.
Form jacking is common in e-commerce websites, and involves the deployment of malicious programs on product order forms. Before a user hits “submit”, the criminals have already lifted sensitive data such as names or card details.
- Running penetration tests and vulnerability scanning to identify vulnerabilities
- Only dealing with large sites with tight security as smaller ones are prone to attacks
The good news is that most cybercriminals rarely invent the wheel, and instead use the same tactics to hack into organisations. Therefore, it helps to train your employees on top attacks, to help them know what to look out for. Involving your employees helps in creating a safe cyber environment in your company.