As the tools of this nefarious trade become more widespread and easy to use, businesses have to be on much higher alert for cybercrime and hacking. The statistics on the costs of such threats are staggering. Just to name a few:
In 2016, 3 billion Yahoo accounts were attacked in one of the biggest breaches of all time
In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers.
In 2017, 412 million user accounts were stolen from Friendfinder’s sites
All in all, according to Accenture statistics gathered in 2017, there are over 130 large-scale targeted breaches in the U.S. each year. This number is expected to grow year by year, at rates as high as 27 percent. More worrisome is, according to cybersecurity Giant CIsco, as high as 31 percent of organizations have experienced a cyber attack on essential technological infrastructure used for day-to-day business operations.
While these statistics mainly point to threats faced by larger, often Fortune 500 companies, small to medium sized businesses are actually at greater risk. According to Verizon, 61 percent of breach victims in 2017 were businesses with under 1,000 employees. Due to lower perceived threat, less investment in the proper tools to prevent cybersecurity, and the fact that it is more profitable for hackers to hit a great number of small businesses than a small number of larger businesses, these small to medium sized businesses face the greatest risk in cyber security.
Along with the increased risk of cyber attacks obviously comes an increased financial burden. According to Accenture, in 2017, cybercrime costs grew rapidly with various companies and other organizations paying on average $11.7 million dollars due to breaches and loss of company confidence following the breach. This is a nearly 23 percent rise from 2016. Worldwide, the cost of cybersecurity climbed over 27 percent in 2017, and this rate is not expected to slow down any time soon.
In order to prevent the loss of millions, largely due to loss of information and the confidence of shareholders and consumers, companies must know the most common forms of cybersecurity risk they face, and know what action to take accordingly to minimize said risk. The most common risks faced by most small businesses are as follows.
- Weak Passwords
- Employee Negligence
- DDoS Attacks
- Man in the Middle Attacks
- Phishing Attacks
Many of the most important cybersecurity measures are free, requiring little more than due diligence on the part of the companies. One way is to frequently change passwords. This is a widespread problem, as a report done by Varonis shows that as high as 65% of company computer systems have over 500 users with passwords that never expire. Attackers will often crack commonly used passwords and put them in large stores on the Internet, where they can be sourced in order to attempt to hack into sensitive company data, so it it makes sense to update passwords at least twice a year. In fact, of the people surveyed in the Varonis report, nearly one half mentioned the main reason they change a password is because they’ve forgotten it. A further 20% mention they change their passwords in light of a serious hack affecting multiple systems. Changing passwords is a simple yet effective step in reducing the risk of a security breach.
This failure to change passwords is, however, a small part of the overall problem of employee negligence. How often do you leave your computer unlocked and/or unattended? How often do you work from home or a public, unsecured Wi-fi connection? How often do you write things down by hand, and then leave out in the open on your desk? These can act as entry point for cybercriminals into a company’s most sensitive data. Employee negligence can be avoided through education. Companies need to invest in research on the best practices for security, including avoid some of the mentioned practices. Companies need to invest in institution wide training, keeping employees up to date with the best practices. Companies need to invest a company-wide, coherent policy on remote access, as remote access jobs become more common in the future.
Denial-of-service (DoS) and Distributed Denial-of-Service (DDoS) attacks are attacks which, as the name implies, impairs a company’s ability to function and perform its services by overwhelming its resources. A typical example of such an attack is the use of a botnetor a network of computers running software which will make repeated requests known as SYN packets, of a website for certain information, without responding to these requests, until the website’s bandwidth and resources are overwhelmed. This leads to a server crash and a denial of this organization to perform their service. This common form of DoS/DDoS attack is known as a Transmission Control Protocol SYN (TCP SYN) flood.
For some attackers, this outcome is sufficient for whatever their goal is. However, DoS/DDoS attacks are just one step in a larger scheme to cause damage to an organization.
Such kinds of attacks are preventable with a firewall that blocks inbound SYN packets until they can be analyzed and processed.
Another common form of attack is known as a Man in the Middle (MitM) attqack, where an attacker inserts themselves at a midway point in communications between two parties, thus intercepting and viewing sensitive information. The attacking computer replaces its own IP address with that of the client, making the server believe it is still in communication with the client. This method is known as IP Spoofing. Another method is a Replay, whereby an attacker will intercept the transmission from a server to the client, and then after copying the information, transmit that information along the line to whoever is supposed to receive it. This sort of attack is avoidable through session timestamps corroborated by how long the transmission is supposed to take, based on bandwidth, download speeds, etc.
Currently no technologies exist to defend specifically against MitM attacks. However, through the use of verification certificates and keys, these sorts of attacks can be monitored and avoided. Keys are ways of encrypting and decrypting messages, whereby one key, known as the public key, is used to to encrypt a message, and the private key, which is only to be held by the original sender and the intended recipient, is used to decrypt the message. They keys can be shared using a certificate script, to ensure proper transfer and receipt of of sensitive keys.
Probably the most common cybersecurity risk faced by all companies, small and large, are phishing scams. Phishing is an attack on human psychology, where hackers will send an email that appears to be from a trusted source, requesting sensitive information or asking for a certain service upfront. Spear phishing is a very targeted version of this, whereby hackers will research targets and make their phishing emails appear as directed, and therefore legitimate, as possible. Spoofing is the most common form of phishing, whereby a phisher will copy an email header, or even an entire company’s website to make their communication appear more legitimate. These sorts of attacks can be tricky and difficult to defend from. To reduce the risk of falling for one of these scams, it is important to:
Critically analyze each email you receive, to make sure everything contained is legitimate. Rather than let yourself be overwhelmed by a busy schedule an and inbox full of emails, really take time to sit down and analyze each one.
Hover over links, so that the true destination can be displayed. Do not click on a link you don’t trust! Simply hover over it and decipher whether or not the true destination is trustworthy or not.
Email headers are also a dead giveaway. The email reply-to and return-path parameters of an email should be the same. If not, something is likely amiss.
This list is by no means exhaustive. However, in protecting from these very common cyber attacks, that old saying is true; the best defense is a good understanding of the offense. Understanding how these attacks are carried out, and what bugs or loopholes in the technology they exploit is paramount to establishing a good defense. With the proper cybersecurity tools, and diligence on the part of workers, many of these attacks and more can be protected from.