Common Cyber Threats You Need to Be Aware Of

Uploaded on 2015-12-07 in Directors Reports

Whether you’re a small, medium-sized or large business, it’s time to face facts: your organization will be breached.

The sensitive information you hold is a gold mine for hackers: customer details, corporate information, and sensitive material that could be used for blackmail or to sell on. All information that is important to you, is valuable to a hacker.

There are believed to be around 117,339 cyber attacks a day, and with the average cost of a data breach now estimated at $6.5 million, all companies have cause for concern.

Below are some of the most common methods cyber criminals use to extract corporate data; make sure you’re aware of them and have suitable solutions in place to prevent their success.

Phishing emails

Every day, 156 million phishing emails are sent, 15.6 million make it through spam filters, 8 million are opened, 800,000 recipients click on the phishing links, and 80,000 people provide their personal information.

Sending phishing emails to an organization’s employees is one of the most popular methods cyber criminals use to get their foot through the door. It’s simple to do, easy to reach a large number of people, and, generally speaking, phishing emails deliver results.
The most-attacked industries are e-commerce (32.4% of all phishing attacks), banks (25.7%), and social networking (23.1%). Cyber criminals are getting increasingly clever, often imitating small companies that supply larger companies.

In November 2013, Target had 110 million customers’ credit card data and personal information stolen through an email malware attack on one of its suppliers, costing the company $148 million.

What can you do?

Although there isn’t a clear-cut solution for this one, you can make sure you have a number of hurdles in place to trip up cyber criminals:

  • Protect your network with a firewall, spam filters, and antivirus and anti-spyware software.
  • Educate your staff not to click on links, download files, or open attachments in emails from unknown senders, or to provide personal information. This can be done effectively through staff, management and director awareness training.

Outdated/Unpatched software

Software providers regularly update their products to fix bugs and security issues. Using out-of-date software can make your organization extremely vulnerable to an attack, so it’s best to update and patch as soon as possible.

Verizon’s 2015 Data Breach Investigations Report (DBIR) found that more than 70% of cyber attacks exploited known vulnerabilities that had patches available – with some exploiting vulnerabilities dating back to 1999.

Cyber criminals frequently scout the Internet for organizations that use outdated or unpatched software and are quick to exploit any that they find. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash.

Adobe is currently urging Flash users to update to the latest version of the software after a significant security flaw was discovered. According to reports, a Chinese hacking collective known as APT3 is already exploiting the vulnerability by sending phishing emails to companies in the engineering, telecommunication, and aerospace industries.

What can you do?

Run regular penetration tests on your network and web applications to search for vulnerabilities. This way you’ll spot the weaknesses and have a better chance at fixing it before cyber criminals can get a look in.  Find out more about penetration testing >>

DDoS attacks

A distributed denial-of-service (DDoS) attack occurs when a hacker sends a large amount of traffic to your website that your server can’t handle. As a result, your site server hangs and stops responding to any more requests – basically crashing the site.

With falling costs, it has become easier to engineer such attacks, and more businesses are being targeted. About 32% of information technology professionals surveyed said DDoS attacks cost their companies $100,000 an hour or more. More than 3.4 million DDoS cyberattacks were perpetrated worldwide in 2014, up more than 60% from 2.1 million in 2013.

What can you do?

The more you know about what your normal traffic looks like, the easier it is to spot when its profile changes. Most DDoS attacks start as sharp spikes in traffic, and it’s helpful to be able to tell the difference between a sudden surge of legitimate visitors and the start of a DDoS attack.

It also makes sense to have more bandwidth available to your web server than you think you are likely to need. This won’t stop it completely, but it will buy you extra time to help fix the problem.

it governance: http://bit.ly/20JRowJ

« Five Greatest Cybersecurity Myths
Enterprises Don’t Have Big Data - They Have Bad Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Steganos

Steganos

Steganos offers highly secure and easy to use software tools that protect and secure on and offline data.

PT Netmarks Indonesia

PT Netmarks Indonesia

PT Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

Cybriant

Cybriant

Cybriant Strategic Security Services provide a framework for architecting, constructing, and maintaining a secure business with policy and performance alignment.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.