James Bond would never have imagined threats that he could not confront in person but we all know they exist—in cyberspace. Indeed 2017 may be the year cyber threats top your business’s agenda in the areas of security and data protection.
That is why there is no more opportune time to review the different types of cyber threats and what they do. It isn’t just the world of politics (as recent news about email hacks show) that’s affected: you may be surprised at the range of cyber threats and how vulnerable your business may be.
A Trend Micro Report in Top Tech News warns that 2017 will likely bring an increase in IT-related threats: “We foresee the General Data Protection Regulation (GDPR) causing extensive data management changes for companies around the world, new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion.” Staying informed is the first key step in the battle.
Types of Threats
By now most will recognize threats like hacking, spam, and computer viruses. What about spyware? DDos? Botnets? They sound scary … and they are. Ask yourself how many of the following are familiar to you.
- Botnets: devices often connected to the Internet of Things (IoT) and used to carry out DDo attacks.
- DDos: distributed denial of service attacks. A huge number of “requests” are sent from an array of devices, directed at one targeted computer or network, which causes the target to shut down.
- Malware: a nickname for malicious software, malware simply is computer code intended to sneak aboard your computer or network and do harm. Spyware, viruses, and worms all are versions of malware. (Source: Symantec’s PCTools.com).
- Pharming: re-directs an employee or customer to a malicious but seemingly legitimate website, even when they type in the correct URL, where they are asked to provide confidential information. “This is often applied to the websites of banks or e-commerce sites,” according to Norton.com.
- Phishing: Norton.com refers to phishing as “an online con game.” An employee is lured to a malicious website via a spam email or link that is clicked on, and asked to provide confidential information. Perhaps the most famous phishing attack—to date—used the IRS Web site to redirect victims to a malicious web server..
- Ransomware: a form of malware or computer code intended for extortion.
- Spoofing: used as part of phishing and spam attacks, spoofing simply is using a legitimate email header to mask the real (malicious) source of an email message. (Source: TechTarget.com).
- Spyware: a form of malware or computer code intended to steal your data. According to Norton.com, “Some spyware … tracks the places you visit and things you do on the web, the emails you write and receive, as well as your Instant Messaging (IM) conversations. After gathering this information, the spyware then transmits that information to another computer, usually for advertising purposes.” Or perhaps for aiding a competitor!
- Trojans: based on the same idea as that infamous Greek equine surprise, it is not what it appears to be. It shows up often via email, perhaps in a cartoon or link to a malicious site, and seems helpful but instead wreaks havoc on your system. (Source: Norton.com).
- WiFi eavesdropping: listening in on someone else’s Internet activity without their knowledge. Public access WiFi stations and poorly secured private WiFi networks or mobile devices can result in a hijacking of your company emails, passwords, and unencrypted data in text messages.
- Worms: a form of malware or computer code that is particularly dangerous since it self-replicates and damages your system without needing the aid of a person or an off-site computer to do harm. According to Symantec’s PC Tools.com, “computer worms pose a significant threat due to the sheer potential of damage they might cause. A particularly notorious incident occurred in 1988. A computer worm since named the Morris worm caused hundreds of thousands, if not millions, of dollars in damage.” Click here to read more about the threat of worms.
Trend Micro’s alert notes that ransomware attacks against businesses will rise. Why? The most obvious reason: “they are cost-effective and relatively simple forms of corporate extortion.” Our blog, Data Security: Are you as protected as you think you are? details the ways hackers view access to your data and why even small enterprises are vulnerable.
- DDos, aided by botnets, are insidious and sizeable threats, especially for online retail sales. Forbes warns that these attacks block a customer’s ability to make a purchase online. “Hackers may also use DDoS attacks to distract IT while they simultaneously try to compromise other parts of a company’s network.” What is truly insidious is that these threats can take their time once inside your network to read what is there and plot a course of action to do the most harm. Forbes reports: “In one of the largest IoT hacks so far, a single network infected 15 million machines that had access to 20 billion devices. Hackers are turning security cameras into a massive network of botnets that launch DDoS attacks at banks, gaming companies and government agencies.”
- Ransomware threats are evolving. According to Trend Micro, “ransomware will likely branch out into IoT devices and non-desktop computing terminals, like point-of-sales systems or ATMs. New vulnerabilities against targets like Apple and Adobe are also expected to increase, as will new targeted attack methods designed to focus on evading modern detection techniques.”
- Malware attacks have landed in Android phones. According to Ciotoday.com, an Israeli IT security team just recently uncovered the “Gooligan” virus recently on more than one million devices which stole data and installed malicious apps. If your enterprise relies on mobile devices, it is key to make sure that your data security and prevention plan includes all mobile devices. Forbes reports that a Harvard study concluded the following: “45 percent of chief information officers and technology executives saw mobile devices as a weak spot in their company’s defenses. … Once attackers breach a smartphone, they can gain access to corporate emails, business secrets and authentication protocols.”
- Viruses have become the method of choice for some overseas criminals. Their device of choice? The simple USB drive, often made in China and pre-loaded with a virus that can introduce a virus into your system in less than 30 seconds of use.
Cost of Cyber Attacks
As you know, IT-related business costs may be measured in several ways:
- dollars spent on identifying and eradicating a cyber attack;
- opportunity costs of lost sales during down time;
- data losses;
- potential multiplier effects owing to a hit to your enterprise’s reputation and lost costumers and potential customers; and,
- time involved in recouping losses.
Important Lessons From Data Breaches in the News, outlines the cost of a data breach. Citing the Ponemon study, the article notes these costs for a single data breach:
- The average cost per breach for each record with confidential information in the healthcare industry now totals $355.
- In retail the average per-breach cost is $172.
- In the transportation industry, it is $129.
Yahoo had a major data breach in 2014 and another in 2013 which was only recently exposed, which affected more than one billion users. It is likely that the cost was magnitudes greater than an investment in preventive measures would have been.
One hacking, phishing, or DDos attack which may land in an employee’s business e-mail box for example, could cost $140,000 “by luring an innocent employee to transfer money to a criminal’s account” as Trend Micro states.
- A hack into a financial services system increases prospective costs exponentially to a whopping $81 million.
Phishing damages to an enterprise can be sky-high: “in excess of $4.5 billion annually”.
Considering what is at stake—intellectual property included—prevention is a better investment. The costs of cyber crime far surpass the costs of investing in the right tools to secure your data. When weighing options, consider that cyber security experts agree that the threats are growing exponentially each year, along with an increase in the use of business-related mobile devices and an explosion of connectable (IoT) devices including automobiles.
As you review your system’s security with these threats in mind, when questions arise, you can pivot to a leader in multi-faceted, end-to-end approaches to data security, Tie National, LLC. We can assist you to secure your data, and your company’s bottom line. Contact us to learn more.