The sharp spike in cyber security threats is nothing short of alarming.
In 2022 there was an unprecedented number of cyber attacks and more sensitive data was lost than ever before. According to Check Point Research, cyber attacks increased 50% year on year, with each organization facing 925 cyber attacks per week globally. As per the statistics, businesses witnessed 50% more attacks per week in 2022 compared to 2021.
In 2023 this will continue to be a challenge, requiring increasingly sophisticated security measures to be implemented.
Cybercrime poses an enormous threat to companies, and with evolving security breach tactics, cyber-attacks are becoming more sophisticated. As financial gains remain lucrative, the industry is set to grow.
5 Security Risks
1. Phishing Attacks
Phishing is the most common cyber attack as it does not require sophisticated technology.
A cyber attacker sends a fake message to mislead someone into giving up important information.
The cyber attacker may steal sensitive data such as personal information and access to credit card numbers. These data breaches can cause substantial financial and reputational damage to businesses.
There are various types of phishing:
- Spear Phishing – A cyber criminal targets an individual in the business with access to confidential data and poses as a trusted source to gain access.
- Smishing – Compelling text messages are used to manipulate employees into following a link or revealing personal details such as their username, password, or pin to gain access to the business.
- Vishing – The attacker poses as a reputable company, making phone calls or leaving voicemail messages to persuade the employee to reveal details about the company to gain access to financial accounts.
- Business Email Compromise (CEO Fraud) – The attacker gains access or impersonates the email account of a high-ranking individual in the business.
- Social Media Phishing – Attackers use social networking sites like Facebook and Twitter to obtain victims’ sensitive data or lure them into clicking on malicious links.
- Search Engine Phishing – The user may receive messages inviting them to visit a fake website that instead swipes the user’s personal data.
According to ID Agent, fewer than 40% of businesses experienced at least one cyber-attack in the past, but in the last 10 years, that percentage has increased to more than 86.2%.
ID Agent states that 43% of cyber-attacks are on SMBs (small and medium businesses), and that 60% of SMBs will go out of business six months after a cyber-attack.
Large companies are not immune to phishing. A phishing campaign defrauded Facebook and Google of $100 million. Using a series of fake invoices and pretending to be employees of a supplier from Taiwan called Quanta, the cyber attackers tricked Facebook and Google into handing over millions of dollars.
The CEO supposedly sent an email to an accounting team associate requesting funds for a new project.
The unsuspecting employee transferred $61 million to fraudulent accounts.
How to Prevent Phishing Attacks
- Think Before You Click. Always check the source and sender of emails. For large sums of money, call the client to check payment details.
- Take Cyber Security Awareness Training. This will help your employees understand different phishing scams and the steps they need to take to protect the company.
- No matter your industry, most cyber insurance policies recommend cyber security awareness training.
- Prevention is key. Make sure all accounts use multi-factor authentication and never share your account information.
At Sorbis we offer you protection by:
- Auditing our customers’ accounts regularly and addressing and resolving potential security issues.
- Creating and implementing a plan to protect against phishing scams which includes educating your employees.
- Monitoring and testing your backups regularly.
2. Malware Attacks
Malware (short for ‘malicious software) is a blanket term for viruses, trojans, and other destructive programs used to infiltrate and infect systems to gain access to your business’s sensitive information.
The malware executes unauthorized actions on the victim’s system. Within this category are threats such as:
- Ransomware is the most common type of malware that limits or blocks users from accessing their system, most commonly by encrypting the employees’ company files and preventing access to them. Ransomware targets the company’s network, doing as much damage as possible.
- Viruses – A virus is a program that enters your computer and damages, deletes, or corrupts your files. Viruses can replicate themselves. Before downloading anything from the internet, be sure it is safe. Don’t download a file or software you’re unsure about before looking for it on a trusted website, and avoid downloading anything from third-party sources.You can also check that the web address is authentic by finding the https in the web address. File extensions are another indicator: a .pdf file needs Adobe Acrobat, an .mp3 file needs a music player program, and a .doc file needs Microsoft Word.
- Worms – This standalone malware computer program duplicates itself in order to spread to other computers.
- Trojans – a malicious form of software that looks legitimate but can take control of your computer and damage, steal or disrupt your network or data. A Trojan acts as a legitimate application to trick you.
Let’s look at a few examples of the damage a malware attack can do. First up is the Colonial Pipeline in the U.S., which covers more than 5,500 miles and transports in excess of 100 million gallons of fuel daily.
The attack’s impact was considerable; The pipeline was shut down for several days, causing a nationwide fuel shortage.
In 2017 one of the worst ransomware attacks was carried out by WannaCry. The estimated value was USD 4 billion in losses. WannaCry spread this through email scams (phishing).
More than 200,000 people and companies, including FedEx, Telefonica, Nissan, and Renault, were affected.
To this day, phishing emails from WannaCry are still circulating. If you receive a plain email with no files, be alert.
How to Prevent Malicious Software Attacks
- Install technology security such as antivirus and anti-spyware software.
- Use secure authentication methods such as strong passwords and multifactor authentication whenever available.
- Use administrator accounts only when absolutely necessary or required.
Keep software updated with the latest available vendor updates.
- Implement email security and spam protection.
- Monitor for suspicious activity.
- Educate your users with regularly scheduled cyber security awareness training.
- If you use Microsoft 365, install Microsoft Defender for 365.
3. Insider Threats
Insider threats in cyber security are threats posed by individuals in an organization who have access to information such as:
- Current or former employees
- Business associates
Common reasons behind insider attacks are:
- Employee negligence
- Aim for personal gain
- Malicious actions of employees
- Susceptibility to social engineering
Since the outbreak of Covid, employees across industries have been laid off or furloughed and this has caused widespread distress.
Laptops used by employees at home or away from the office are more vulnerable to attack by employees seeking to harm the company.
In March 2020, Christopher Dobbins, a former medical device packaging company employee, committed a cyber-attack upon the business. He hacked into the company’s computer network, gave himself administrator access, and edited and deleted 120,000 records. This resulted in significant medical equipment delivery delays to healthcare providers.
And in 2019, a researcher from Comparitech noticed that about 250 million Microsoft customer records were exposed on the web.
This meant that the personal information of up to 250 million people—including email addresses, IP addresses, and location—was accessible to anyone.
This negligent insider threat left Microsoft customers open to scams and phishing attacks because Microsoft employees did not secure the databases properly.
Fortunately, Microsoft secured the information within 24 hours of being notified about the breach.
All your employees should be well-educated on the best practices of cybersecurity. It is not only disgruntled employees that have intentions to carry out a malicious act—some employees pose a threat due to lack of knowledge and negligence.
Insider threats may arise when an employee leaves a device unattended or falls victim to a scam. Employees who are not educated about cybersecurity may click on an unsafe link that could infect their office computer and the business’s whole network with malware.
For example, you could be sent a counterfeit email from Microsoft or Google, or your company’s IT department stating that your account will expire unless you take immediate action by clicking on a link. When you do this, the hacker gains access to your computer.
Dropbox has grown in popularity in recent years, but so too have copycats—hackers who create a counterfeit version of Dropbox.
A Dropbox phishing email usually informs a user that the ‘file’ emailed to them is too large and needs to be opened with a quick “click on this link.”
This takes the user to a fake Dropbox landing page, waiting to harvest your personal details.
What Sorbis Does
There are several cyber threats facing businesses at the moment. The best way for companies to protect themselves against cyber-attacks is to:
- Have a well-defined process for on-boarding and off-boarding employees and vendors.
- Monitor for suspicious activity and audit user accounts regularly
- Utilize security awareness training to ensure that users are aware of security threats and how to prevent them.
4. Accidental Sharing
Accidental sharing is when a server or computer that contains personal information is connected to the internet so that staff, management, and even customers can access information remotely. However, many of these systems are not appropriately secured. Instead of authorized access, hackers can get their hands on all the records, copy them and use them in identity theft or other cyber crimes.
Accidental sharing occurs when:
- Employees fall prey to phishing attacks, and the cyber attacker obtains confidential data (such as login access) by impersonating someone whom the staff trusts.
- Password security is weak—staff create weak passwords, share them or write them down, allowing access to unauthorized people.
- Employees download infected software without the IT department’s knowledge, which may spread across the whole network.
In 2016, Snapchat apologized profusely for a data breach that exposed the payroll information of about 700 current and former employees.
This occurred when a cyber attacker pretended to be the company’s CEO and duped an employee into emailing the information.
The First American Corporation Data Leak, which took place in 2019, is an example of corporate negligence. Ben Shoval, a Washington state real estate developer, came across approximately 885 million files containing customer data dating back to 2003.
Many of First American Corporation’s exposed records were communications between property buyers and sellers and contained account numbers and other financial information.
The data leak occurred because of a website configuration error, Insecure Direct Object Reference (IDOR), which allowed customers to see private information without any authentication. Fortunately, none of the company’s records were stolen.
What You Can Do to Prevent Accidental Sharing
- Password protect your documents – only authorized personnel should have the passwords.
- Encrypt your documents – your documents will be password protected and therefore safer.
- Educate your employees – awareness training is an excellent form of prevention.
What Sorbis Recommends
- Use complex passwords that are not simple or easy and use multi-factor whenever possible.
- Change your passwords frequently. Usually every 90 days.
- Secure your removal media. By this, we mean Never store critical information on removable media like flash drives, external hard drives, or other mobile devices that could easily be stolen and the data leak.
- Measures to protect your database are constantly changing, so ensure you and your employees get regular training.
5. Network Perimeter and Endpoint Security
Although Covid restrictions have been lifted in a number of countries, many workers will not be returning to their offices.
Some companies have already announced that they are switching to a permanent remote workforce, making good network perimeter and endpoint security critical for years to come. Endpoint security refers to preventing security breaches on desktops, laptops, and mobile devices, whereas network perimeter security refers to tools used to protect the corporate network from cyber-attacks.
The laptops of employees who work remotely may not be as well-armed against cyber threats as those who work in the office.
As more and more workers have switched to remote work, these security issues become bigger targets for hackers.
Stolen laptops can lead to serious company data breaches, so it’s vital to ensure that all company laptops are encrypted.
In 2018, Raley’s experienced a data breach affecting 10,000 pharmacy customers. The data on the laptop included patients’:
- First and last names
- Date of birth
- Medical conditions
- Healthcare plans
- Identification numbers
- Prescription drug records
- Raley’s pharmacy visit dates and locations
How to Prevent Network Perimeter and Endpoint Security Attacks
- Don’t take the bait. Cyber-attacks can be prevented with well-layered defenses such as a DNS firewall, which can neuter links to malicious software.
- Secure your Internet of Things (IoT) devices. Make sure you protect all devices on your network, especially IoT. Consider placing your IoT devices on a segmented network with carefully chosen access control policies. Monitor IoT connections and only allow access from trusted IP addresses.
- Keep your browsers up to date. Some cyber attackers prefer to go after easy victims instead of well-defended targets. To reduce your risk of attack, keep your web browser and extensions up to date with the latest security patches.
What Sobris Recommends
- Audit your permissions. Be aware of the degree of access you give to applications and cloud services. To safeguard against a cyber-attack, grant the lowest level of privileges required for the application to function. Many high-profile breaches occur because cybercriminals obtained elevated permissions. Limiting the ability of attackers to get those permissions may prevent a successful breach.
- Secure your deployments. As you deploy new infrastructure, take time to think about the level of network access you give it. Never expose resources to the internet that are not designed for public exposure. Instead, use a VPN or a clientless VPN access portal as an additional layer of protection.
Other Ways to Avoid Security Risks
Secure Your Workstations
- Turn the computer workstation firewall on.
- Do not use the same local admin for all workstations on your network. Microsoft has a tool called LAPS that will automatically randomize and change the local admin passwords for computers on the network.
- When patches come out that resolve major security issues they should be deployed as soon as possible.
What Sorbis Does
We use various dark web reporting tools to monitor our clients’ data. No one is safe. We keep multiple backups of our client’s data, which we test regularly. If there is a breach, we always have the option to restore from backup. Processes, standards, and strategies developed with your IT provider deliver far better results for protecting your network.
Insurance companies look for ways not to cover claims. They have a forensic team that will go through your network, and if any of the boxes you checked as true can’t be proven, not only will your policy not cover you, but the implications could escalate if fraud is involved. We assist our clients in the process of insurance company compliance.
The Final Word: Cyber Security Insurance
Attacks are on the rise, and putting your business at risk is costly. It is also essential to consider the amount of downtime and productivity lost due to a cyber-attack.
If you have 100 computers and the new one you purchased does not have the proper security settings allowing attackers into your network, that is a problem.
It could mean downtime and a loss of business. However, your cyber insurance company will have your back in the event of a cyber incident.
Insurance companies never want you to need to cash in on your policy. That is why the application for cyber security insurance lists several questions related to procedures to help prevent an attack.
Closing Tips from Sorbis
- Work closely with your IT provider to ensure every box you are checking as ‘correct’ can be validated.
- Engage with your IT provider and review the insurance forms and best practices set out by the government. Keep your team engaged. Test your backups often. Ensure that they are encrypted.
- We advise all our clients to get Microsoft Defender. It will check your emails for bad links, provide warning messages, and block web pages that can lead to phishing attacks.
- Remember, hackers, are smart. It takes a sophisticated framework of policies, applications, monitoring, and training to stay ahead of them.