Cybercrime is no longer just a problem for online or big business. The threat is real and imminent for all businesses that collect or use data and operate in the connected world.
Hackers are moving away from larger organisations to focus on small to medium enterprises (SMEs), which represent an easy target - often described as “low-hanging fruit” - compared to larger entities protected by complex security7 measures.
In January 2016, 38.6 per cent of all detected phishing attacks (where an email appears to be from a known individual or business, but is actually from a criminal hacker wanting to steal personal data) targeted organisations with fewer than 250 employees, according to the latest Symantec Monthly Threat Report.
The most targeted sectors were identified as “finance, insurance and real estate”.
Cyber-exposure is set to increase as technology becomes more integrated with the internet.
Over time, more electronic systems - from those in cars to building infrastructure - will be networked. This will grow the number of data pathways, giving more opportunities for cybercrime in unexpected places.
What are the threats?
Some common forms of cybercrime include:
- Ransomware and extortion: This usually involves malware infecting the company network, which locks all access to systems, with a ransom message demanding payment in order to regain access to systems.
- Financial transfer phishing: The target is any form of financial transaction between entities, for which the hacker will send a fake communication with incorrect bank details in an attempt to direct the transaction to the hacker’s account.
- Data exfiltration: Once a hacker has infected an entity with malware, they maydecide to be more discreet, stealing as much confidential data as possible without detection. The stolen data can then be sold or used to commit financial fraud.
- Internal threats: Simple human error with no malicious intent, for instance losing a company laptop containing client data, can have serious repercussions. Malicious attacks by disaffected employees can also be devastating.
- Common software exposure: One of the scariest threats from an industry standpoint is the systemic exposure posed by attacks on common forms of software used by an entire industry group. One example of this scenario involves exploiting a security loophole in a common system - such as a piece of bookkeeping software — resulting in data from thousands of practices being locked and held to ransom.
How to defend against this ever-evolving threat?
Detection and security go hand-in-hand when dealing with the threat of cybercrime. There isn’t a one-size-fits-all solution, but basic risk management includes:
- Ensuring security software is patched and updated regularly. Quite often, companies set and forget their IT security systems. An outdated system is unable to detect new threats, so updating software regularly is essential in a climate where new threats are identified daily.
- Focusing on physical security in addition to network security. All the software in the world won’t help if there is unrestricted access to your office space.
- Making sure that there is a strong focus on people when designing IT security measures. Human error is often the weakest link in any IT security system, which is why it’s so important that all staff, right across the business, understand the IT security measures and escalations that are in place.
- Encrypting sensitive data. While not unbreakable, encryption is a good habit to get into when data is being transferred or stored. It adds another layer of protection.
- Not storing unnecessary data. Only keep what is required for business and regulatory purposes. Storing unrequired data represents unnecessary exposure.
- Implementing two-factor security measures where appropriate. An example would be a password and PIN combination This space will evolve as biometric technology becomes more accessible.
- Maintaining a balance between prevent and detection. Without measures to detect anomalies in the system, a breach may go unnoticed for months.
- Restricting administrative privileges. Reduces the number of targets and decreases the probability of a large-scale breach occuring if a hacker obtains employee credentials.
- Drafting a cyber-specific business continuity plan. This is essential to ensure your breach response is well-planned and the recovery process can begin as soon as possible. The Australian Cybercrime Online Reporting Network has an online reporting tool that can help you assess whether an event should be referred to law enforcement as well as further resources on cyber even and reporting.
Source: InPractice May 2016
Please Note: Many of the comments in this article are general in nature and anyone intending to apply the information to practical circumstances should seek professional advice to independently verify their interpretation and the information’s applicability to their particular circumstances.