Don’t let your business sleep with the “phishes” – Improve your cyber security

There are countless high-profile cyber-attacks every year, and many stories of individuals who suffer immensely from the effects of hacking. But many of us still carry that dangerously oblivious opinion: “it won’t happen to me.”

Online security is an imperative for any business. You only have to look at the range of terrible outcomes for those targeted. From ethical hacking, to ransomware, to good ol’ fashioned IP theft – the digital landscape is too unpredictable to make any assumptions about your cyber wellbeing. There are precautions that you can take to recognise and avert potential cyber crises, but no orgnisation is without flaw and no system is impenetrable. Being aware of cyber weaknesses and the damage that these weaknesses leave you susceptible to will open your eyes to the value of cyber security improvements. Beware – there are some horror stories ahead.

 

Gone Phishing

Any cyber security experts in the room, please stand up. Now stay stood up if you would agree that human error is among the biggest weakness to any organisation’s cyber security. We’re assuming that there are a lot of people who remain standing. Opening an Email attachment from a colleague’s compromised Email address carries with it the almost total certainty of malware or ransomware entering your device – in fact, as many as 97% of phishing emails deliver ransomware. For those that aren’t aware, ransomware encrypts files in an attempt to extort money from the victim, with the threat of permanent asset deletion being not uncommon as a result. The price to recover information locked by ransomware ranges from around £150 to £10,000, with a quarter of those who pay the ransom never retrieving the information. The data and monetary loss combined is enough to significantly set any business back, potentially crippling smaller organisations. So double check the legitimacy of that adorable snoring cat video before downloading it. Hilary Clinton’s campaign chairman probably wish he’d done the same before he was phished, leaking 60,000 emails.

In conducting regular security and awareness training for employees you can reduce the likelihood of breaches, but in reality, there is no staff training that will guarantee an unassailable network. Not without durable, capable groundwork done to improve the cyber infrastructure concurrently. An example of this would likely be an email security scanning layer that could have the standard function of blocking spam and any vehicles for viruses, but also have the advanced capability of protecting system users from phishing emails (as well as other cyber threats). Technology capabilities such as URL filtering, attachment sandboxing, and safe-file conversion are vital; a cyber specialist capable of installing and maintaining this technology is equally integral.  

Less than 20% of IT decision makers feel completely confident that they have taken every precaution regarding cyber resilience capability. It's impossible to achieve a state of outright impenetrability, meaning that cyber capability should be constantly reviewed and revisited to maximise protection. Being less proactive than this should spark a reassessment of system and network security. 

 

Not having a whale of a time

Get the harpoon ready – we’re going whaling! Anyone in a senior position is potentially a “whale,” for reasons you can likely guess. Business directors, senior team leaders, CEOs, CFOs. They’re all examples of big fish. Hackers can fetch a high price for the intellectual property, market information or mission critical projects among other well-guarded secrets kept by top level executives. Whaling threats have increased by 67% this year, signalling a need for businesses to combat this menace.

Whaling is encompassed by the terms social engineering and is essentially high stakes spear phishing (targeted phishing). The difference is in message curation done specifically with high level targets in mind. The scam emails in this case are typically sent from executives from relevant external organisations, or another source that represents an authority figure. The content of the emails is most effective when they report a fabricated company-wide concern, or will display an example of confidential information to gain confidence. The information that can be lost in these cases can be incredibly sensitive and holds the power to destroy the reputation of the hacking target should a catastrophic leak occur.

A separate and secure copy of any such sensitive data is good practice in cyber resilience – if only internal information is stolen, then at least it won’t be gone for good. The business can continue to function. As long as the data is spread between micro and macro zones, and hardware is separated according to network importance, then it is likely that the breach will not be too damaging. But a knowledgeable cyber specialist will need dedicated maintenance of such a network.

 

How to improve cyber security:

  • Analyse. Have a clear understanding of the losses and damage that could occur in the case of altering cyberattacks. A measured security plan can be put in place, and budget allocations can be put to ideal use.
  • Engage. Leaders in the business should be made to engage with cyber security. It’s not purely the responsibility of the IT department to create a secure cyber environment, as they often don’t have the capacity to make the necessary big picture decisions.
  • Invest. When the threats outlined in this piece have been proven to be so costly, almost no amount of defence can be worth less than its investment. Training technical staff to have skills such as those found in our suite of cyber courses will be conducive to nearly any business environment.

 

Phishing, whaling, cyber security is full to the brim with nautical terms. To avoid being a small fish in a big (and hugely dangerous) pond and to train your staff up, get in touch with us today!