Greater success coupled with increased capability through advanced threat automation, means cyber crime is developing rapidly. There is a continual battle for supremacy between the security defence industry and the cyber criminals. It is important to continually review your defences to ensure an acceptable level of protection is in place.
Phishing is a very common method used to attempt a system infection or extract sensitive information from users. A large proportion of phishing attacks are delivered via email trying to persuade unsuspecting users to click on an attachment or a link.
Advanced techniques are being adopted to make the phishing email look increasingly authentic. The attacker will invest time learning about an organisation or the individual and personalise the communication. This is referred to as Spear Phishing which achieves a far greater hit rate. Senior members of the team are a particular focus in Spear Phishing attacks also known as Whaling.
Phishing is also executed via SMS or by phone, all with the intent to trick the recipient into doing something or divulging something sensitive. Social Media is a growing channel to deploy these same phishing exploits.
Compromising or attacking systems then holding a company to ransom is the most prevalent cyber crime. Its significant success is fuelling a staggering rate of growth. The most common one that is heavily targeted at small businesses is data encryption malware. These are generally invoked by a member of staff simply clicking on an email attachment or link.
Immediately the infection starts to automatically encrypt all the files it can see, this not only impacts the user’s computer but the entire business network. Any file that the infected user can access could be encrypted. An entire network can be rendered unusable within minutes of the infection taking hold. This infection is followed by a ransom demand for a few thousand pounds to get the key to unlock all of your data.
These ransomware attacks are increasing in sophistication. Malware may sit on your network undetected for weeks. During this time, it encrypts your backup. The infection then moves on to encrypt your live data. When a restore from your backup is attempted you find this data is also encrypted leaving you very little option other than to pay up or lose your data.
Phishing and Ransomware are just examples of the threats facing businesses today. To help you understand this important area, IT West has created free on line resources aimed specifically at helping business owners and senior managers initiate and drive this process forward.
Please visit: itwest.co.uk/cyber to access this information.
About the author: Phil Allatt is MD of Hayle-based IT support company, IT West.
This article was first published in the July issue of Business Cornwall magazine. To subscribe, click here
