It’s not just big business that is under attack. SMEs need to watch out too! Did you know that 50% of small businesses have been breached in the past 12 months, according to a report by Keeper Security and the Ponemon Institute.
The problem is that SMEs have become an easy target for hackers and such like. They have more digital assets of interest to a criminal than an individual, but less budget for security than a medium or large enterprise. And it’s not just budget that causes the problem; it’s also time. Put simply, even if some SMEs are actually aware of the risk they are in (and many aren’t aware they have anything worth attacking or stealing) they are just less careful about security because they don’t have a person dedicated to it. Policing these things takes time.
What types of cyberattack should you be watching out for?
As a starting point, it pays to understand what a hacker’s motivation is in the first place. In almost every case, the primary goal of a cyberattack is to steal and exploit sensitive data. It could be customer credit-card information, contact details, or even information that is used to affirm a person’s identity. All this data, and more, is of value to a cybercriminal.
It’s also worth knowing that techniques and strategies employed for cybercrime are changing and updating all the time. Ensuring you have someone within your organisation, or an outsourced partner, who is responsible for tracking this, therefore, is critical.
There are, however, several approaches which are frequently used in attacks, and these serve as an excellent starting point when getting to grips with this subject.
Distributed Denial of Service Attacks (DDoS)
This occurs when a web server is targeted by cyber attackers who intentionally overload it with traffic (requests). The server’s defence is to shut down, and thus the website, or online system, goes offline.
Attack From Within
An attack from inside tends to occur when someone with administrative privileges, usually from within the organization, abuses their permission rights to gain access to confidential company information. Employees who have handed in their notice, and even former employees, can present a threat. It’s important, therefore, to ensure a policy and procedure is in place to revoke all access to company data immediately when an employee leaves.
Malicious software, often referred to as ‘malware’, is a very broad category but basically covers any program that enters a system or computer with the intent of causing damage or gaining unauthorized access to data.
Password attacks come in three main forms, though there will always be variations. These are: a generic attack, that sees a hacker simply guessing passwords until they gain entry; a dictionary attack, which is a systematic attack run by a program which tries different combinations of dictionary words; and keylogging, which employs software to track a user’s keystrokes.
Phishing often arrives via email, with the intent of collecting sensitive information like logins, passwords and credit-card details. It will appear to be a legitimate website or email. And although in the past the grammar and spelling of such attacks his been obvious and amusing to the extreme, those behind phishing are becoming more polished. It’s worth reading our article on how to deal with suspicious emails for more details on this. Click here.
Ransomware is malware that gets downloaded onto your device and then encrypts files on your hard drive. This you means you’re no longer able to access those files, and they’re usually exactly the files you want. To find out more about ransomware, check out our articles on the subject. Click here.
So if you’d like to understand more about how you can protect your business from the types of cyberattack we’ve outlined above, call Blue Sky Computer Solutions now… we love a challenge!