Recognize and Prevent CybercrimeSecuring your Data from Theft
From digital bank heists and sensitive information leaks to alleged meddling in democratic processes, the threat of cybercrime is at an all-time high. What can you do to protect your data from the hackers lurking in the shadows of the Internet?
What is a Cyber Attack?
Cyberattacks can be broadly divided into two types. Usually criminals will either aim to disable a network or computer, or they will try to access the target’s data. Some ways they do this are:
Malware – Malicious software is installed, allowing criminals to steal data or encrypt it and demand money for its return.
Denial of Service – A torrent of bogus web traffic is sent to a server, with the intention of overwhelming it and causing it to fail.
Phishing – Emails are crafted to fool victims into disclosing personal information or performing some other harmful action.
The cost of damage inflicted by ransomware alone in 2017 will be $5 billion.
CyberSecurity Ventures, a researcher of the global online economy, estimates that the cost of damage inflicted by ransomware alone in 2017 will be $5 billion, up from $325 million just two years ago. By 2021, the annual global cost of all cybercrime will be a staggering $6 trillion.
Signs You’ve Been Attacked
Some attacks are obvious, but hackers are devious, and often fly under the radar of all but the most vigilant of businesses. Here are some things to watch for:
Ransom Notes – If security is compromised, you may get a message demanding online currency to regain control. It’s possible that it may be “scareware”, or malware that demands money, but doesn’t actually lock your data. Either way, it shows that your system has been breached.
Bogus Antivirus Messages – A fake virus scan is a threat to unpatched software. Often, it will report back a phony list of viruses it has found, and will direct you to a site where you can pay to fix the problem. However, this too is a scam–it’s a lure to get your banking information.
Redirected Internet Searches – Hackers can profit by sending your Internet browser to wherever they wish. This can be hard to spot as the malware redirects your search through anonymous servers. An indicator of this can be a newly installed browser tool.
Online Passwords Don’t Work – Entering an online password correctly but being unable to log in is a bad sign. Sometimes, a site may be experiencing a technical difficulty, but if the situation persists then a criminal may have changed the password to freeze you out.
POS: Point of Swindle?
Criminals love to target point-of-sale (POS) systems. High profile retailers have fallen victim to this, including Kimpton Hotels and Wendy’s. Hackers breach the remote access services that control payment processing. Sometimes, they’re able to do this thanks to easy-to-guess passwords, but the malware they use is usually hard to detect. It can slip by antivirus protection and firewalls to extract payment data. Months can go by, with a huge number of credit cards being compromised.
Should you Outsource Data Security?
According to a high-profile security expert, businesses have to take a more proactive approach instead of reacting to threats. In his presentation at the International Cyber Security and Intelligence Conference in November, Nik Alleyne, Senior Cyber Security Manager at Forsythe Solutions Group, confirmed, “The reactive strategy has failed.”
He suggested that businesses should hunt for threats, using predictive analysis to narrow down the wide array of attacks. Assessing your online defences should also be carried out regularly, along with penetration tests to see just how vulnerable you are.
This is highly specialized work, and businesses that don’t have the resources to do a thorough job may need to outsource. Not only would this allow them to actively hunt for threats and conduct a full analysis of a hack, but also track its timeline. For example, should you restore your data from yesterday’s backup, or is that compromised?
Outsourcing can prove to be expensive, so what can you do yourself to foil a hacker?
Ransomware – If you have a recent data backup that you’re sure is sound, restore it. Otherwise, consider contacting a security expert before you consider paying a ransom, as you still may not recover your data. It’s important to have multiple up-to-date back ups of data, kept in separate places such as a cloud storage service, to fix this problem.
Businesses have to take a more proactive approach instead of reacting to threats.
Fake Antivirus Scans – Power down your computer immediately after saving anything you need to, and reboot it in “safe mode”. This will allow you to remove any recently installed programs, which may carry malware. Then, test your system in regular mode to make sure the fake warnings no longer appear. Follow this up with an antivirus scan.
Password Hacks – Contact the online service to tell them that your account may have been compromised. Notify your contacts that you may have been hacked, and if your login information is used on other sites, be sure to change those passwords too.
Preventing Data Theft
Thankfully, there are some steps you can take yourself that can minimize the need to call in outside help:
Redirected Searches – Check your browser tools, and remove any that are new or unwanted. Safer still, reset your browser to its default settings.
Update your Software
– Running outdated software means having gaping security holes in your system. Hackers constantly scan for such vulnerabilities, and they greatly increase your chances of being targeted.
Create a Security Policy – Having a formal plan in place can limit the chances of an attack. For example, use a password creation program to generate random passwords. These are tougher to crack and you should change them every 60 days or so.
Educating your Employees – Your staff should be aware of the signs that you’ve been hacked. Teach them to recognize the signs of a security breach, such as random browser pop-ups from a website that doesn’t usually generate them or unexpected software installs, and educate them on staying safe when using your computer network.
Hackers are determined, so taking the time to run a drill of your response to an attack can really pay off. Not only will your staff learn to recognize one quicker, but it also gives you the chance to refine your procedures for containing it efficiently.