Cyber security threats: What every business needs to know.

By Luke Smits - Founder & Operations Manager
Cyber security threats: What every business needs to know.

No matter the size of your business, every year, cyber criminals are hard at work coming up with new ways to steal from you.

With all the latest advancements in technology, from mobile and cloud to artificial intelligence, you can be certain that technology's bad guys have been there in the shadows making advancements of their own.

A worldwide shortage of trained, proficient cyber security experts only adds to the risk that you'll get caught up in a scam, hoax or security breach. And if you think your business is too small or insignificant to be targeted, then you need to think again.

Here's what your business needs to know about cyber threats for the year ahead.

Ransomware

What is it?

Most businesses by now have heard of ransomware. Cyber criminals gain access to your systems and lock you out, demanding a ransom in return for giving back your data. The threat of a ransomware attack has not gone away and cyber criminals have found new ways to penetrate and exploit your systems.

How can my business manage the risk?

Businesses should assume that it's not if, but when you will be compromised by a ransomware attack.

If you're targeted by a ransomware attack, even if you pay the ransom, there's no guarantee you'll get your data back. A situation like this could mean the end of your business.

Ensure you have a secure and tested data security plan that will minimise downtime in the event of an attack, and the expertise in place to recover quickly.

Mobile

What is it?

This year, it's expected that mobile platforms will become a primary target for phishing and identity threats. Traditional email platforms have become increasingly able to block malicious URLs and emails, so mobile platforms, social media, SMS, MMS and other mobile centric applications are being used for this type of cyber attack.

How can my business manage the risk?

Ensure that you and all the staff across your business are sceptical of requests for user details or personal information. This caution should also extend to your personal life as any compromise of a personal nature could also have negative consequences for the business.

Cloud

What is it?

As more and more business infrastructure goes to the cloud, cyber criminals will shift their focus to attacking cloud platforms in order to access data.

How can my business manage the risk?

Simply because there's a threat doesn't mean you should stop using cloud services. While the bad news is that attacks on the cloud will become more sophisticated and frequent this year, the good news is that cloud providers are also stepping up their countermeasures, making successful attacks more difficult than before.

If you're diligent in your IT security planning and policy enforcement, then you're in a good place to avoid a cyber attack on your cloud based systems.

The Internet of Things (IoT)

What is it?

The Internet of Things relates to everyday devices now being able to connect to the internet to send and receive data. Think your watch, your TV, your home assistant device and even your fridge.

IoT will be greatly accelerated by the rollout of the 5G network which will start to happen in 2020. The ever-expanding array of things that will be able to connect to the internet and share your information is going to increase.
How can my business manage the risk?

You need to make sure you're aware of how the Internet of Things will impact you both at home and in the workplace.

Just ticking yes to all the boxes and blindly agreeing to every privacy policy could come back to bite you. Make sure you know what information these devices are collecting about you, how your information is being stored and where it's being stored. Any device that's connected to the internet can collect and share your private information. While it's designed to make things easier and you might think you have nothing to hide, over time these devices will know you better than your closest family. And that might not be a good thing.

Phishing

What is it?

You'd be hard pressed to find anyone with a computer who hasn't experienced an attempted phishing attack. And cyber criminals are still using the practice of pretending to be a legitimate, trusted entity in order to get you to hand over passwords, bank account details and other confidential information.

How can my business manage the risk?

Unfortunately, phishing campaigns are getting more complex, increasingly relying on machine learning to automate and optimise their success. Landing pages and phishing lures are being tested by algorithms to improve conversion rates and new domains are being generated by AI in a bid to keep them live online for as long as possible. This means that while blacklisting of malicious sites is still happening, it's not happening as quickly.

As always, be suspicious of requests for personal or confidential information via email. If it asks you to click a link to provide this type of information, just don't. Big companies simply won't ask you to do this - any email that does is most likely a scam. Always login to your accounts directly by typing the URL into the address bar. And don't give out your personal details over the phone to anyone you don't know. If you're in doubt about who you're talking to, hang up and call the business back to be sure you're not handing over your bank account details to a cyber criminal.

Windows 7 End of Life

What is it?

Windows 7 has been given an end of life as of January 14, 2020. This means it will no longer be supported by Microsoft and this includes updates to security patches. It's expected that this year, at least one major attack will be launched at Windows 7, targeting vulnerabilities in the now unsupported platform. The same thing happened when Windows XP went end of life and the attack brought down critical infrastructure and public services globally.

How can my business manage the risk?

If you're still operating Windows 7 in your business NOW is the time to upgrade. Get in touch with your IT provider today and close this vulnerability in your business.

Insider Attacks

What is it?

With the rise of social engineering attacks, where cyber criminals use psychological manipulation to trick users into giving away sensitive information, we're also seeing a rise in unsuspecting employees being blackmailed into providing access to their company's systems for fear of their personal videos, images or information being released.

Even worse, employees are being paid large sums of money to provide access to their company infrastructure and bypassing the security protocols that have been put in place.

These are known as insider attacks.

How can my business manage the risk?

One way to mitigate against insider attacks is to implement even logging on all your critical systems. This will allow the business to see who has accesses what, and who has sent information to whom. You could also consider biometric access restrictions (like fingerprint or eye scan) to physical infrastructure such as server rooms and networking equipment. This will track who has been in which area and prevents unauthorised access to sensitive areas of the business. This might seem like you're living in a science fiction movie, but these days, these types of systems are considered mature technology, which means it's not as expensive as you might think.

What next?

Know the risk. Protect your business.

Cyber security is something all businesses need to educate themselves about. If you've read this far, then it's understandable that you'll be worried about how to protect your business from a cyber attack.

Awareness is a great start. Know the risks, assess where there might be gaps in your business and work with your IT service provider to put a cyber security risk management plan in place.