In 2019, cyber-attacks are increasingly sophisticated, and much more organised than the proverbial teenager sitting in a dimly lit room seeking notoriety. As we transition from 2019 to 2020, more devices will enter the workforce, bringing with them more connectivity demands alongside more mission-critical applications and data. What does this exponential growth create?
Among other things, it creates more opportunity and potential entry points for cyber-crime.
One of the greatest challenges to protecting an organisation in the digital era is the ‘shape-shifting’ nature of security threats.1 New and unknown possibilities enter the threat landscape on a daily basis, highlighting why security is such a prevalent area of focus for organisations.
The Office of the Australian Information Commissioner recently released the Notifiable Data Breach Statistics Report for the period 1 April to 30 June 2019, and the findings highlight one thing; the large majority of data breaches occur at the hands of malicious or criminal attacks.
So, in the spirit of Cyber Security Month, we thought it pertinent to highlight three rampant threats that are contributing significantly to these numbers.
Phishing is the digital form of social engineering. In a phishing attack, the attacker or entity seeking to obtain sensitive information poses as a seemingly trustworthy source or organisation, and leverages email and malicious websites.2
For example, a staff member receives an email from their bank, or perceivably from their bank. The email prompts the staff member to follow a link before entering their personal banking details owing to a ‘technical error that wiped customer data’ or something of that ilk. Once entered, those details are compromised and can be used for fraudulent activities, or your data/computer may become corrupted with ransomware or some other form of malware. If a compromised password is a common one that the staff member uses across multiple accounts, then the potential damage is even greater.
The key component to a phishing scam is the aesthetics, they’re designed to appear as legitimate pieces of communication from the sender, including branding and logo. They also send you to a seemingly legitimate website, but it’s actually slightly different. For example, the real web address might be ‘www.nab.com.au’, the phishing site might use an address like ‘www.nabb.com’.3
As mentioned above, ransomware can appear through a phishing scam, but can also weave its magic through illegitimate websites and web-attacks. Ransomware is a form of malware that prevents users from accessing their system or personal data and holds it hostage until a ransom payment is made via credit card or virtual currency. Once payment has been made the user is once again granted access.4
Malware, as you might expect, is short for malicious software. We touched on one form of malware just before in ransomware, but there are many other forms as well, including viruses, trojans, spyware and essentially any other toxic piece of software with ‘ware’ at the end.5
All forms of malware are intentionally designed to cause damage to a device or network.6 They traditionally infect through web-based attacks but aren’t immune to doing so through USB drives or a compromised network connection – typically a public and freely accessible one.
So, what can I do to protect my business you ask?
MicrotechDPS recommends every organisation puts these safety measures in place to best mitigate against the above threats:
- Up to date endpoint devices. Leverage built in security tools that help proactively protect against cyber threats. We partner with HP and Intel® who house the world’s most secure portfolio of PCs courtesy of the Sure Suite of embedded technology.
- Employ strong password protection strategies. If you use the same password for more than one account, you are putting your data at risk.
- Improve staff awareness of the threat landscape. Educate them on how to properly detect a phishing scam, as well as illegitimate websites and potentially malicious download files.
- Employ a wider reaching security strategy. No one aspect of cyber security is more important than the other. With new threats emerging daily, your security strategy must be a holistic one.
If you would like to discuss your organisation’s security strategy, please don’t hesitate to reach out and give us a call.
1 Cyber-Security Special Edition, HP Innovation Journal, Copyright © 2018 HP Development Company, L.P.
4 The Cyber-Security Field Manual: Ten steps every business should take to protect against cyberattacks, Copyright © 2018, HP Development Company, L.P.
Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.