Common Cyber Threats You Need To Be Aware Of (£)

Whether you’re a small, medium-sized or large business, it’s time to face facts: your organization will be breached.

The sensitive information you hold is a gold mine for hackers – customer details, corporate information, and sensitive material that could be used for blackmail. All of this information is important to you, which makes it valuable to a hacker.
There are believed to be around 117,339 cyber attacks a day, and with the average cost of a data breach now estimated at $6.5 million, US companies have cause for concern.

Below are some of the most common methods cyber criminals use to extract corporate data; make sure you’re aware of them and have suitable solutions in place to prevent their success.

Phishing emails
Every day, 156 million phishing emails are sent, 15.6 million make it through spam filters, 8 million are opened, 800,000 recipients click on the phishing links, and 80,000 people provide their personal information.
Sending phishing emails to an organization’s employees is one of the most popular methods cyber criminals use to get their foot through the door. It’s simple to do, easy to reach a large number of people, and, generally speaking, phishing emails deliver results.
The most-attacked industries are e-commerce, 32.4% of all phishing attacks, banks (25.7%), and social networking (23.1%). Cyber criminals are getting increasingly clever, often imitating small companies that supply larger companies.
In November 2013, Target had 110 million customers’ credit card data and personal information stolen through an email malware attack on one of its suppliers, costing the company $148 million.
What can you do?
Although there isn’t a clear-cut solution for this one, you can make sure you have a number of hurdles in place to trip up cyber criminals:

  •     Protect your network with a firewall, spam filters, and antivirus and anti-spyware software.
  •     Educate your staff not to click on links, download files, or open attachments in emails from unknown senders, or to provide personal information. This can be done effectively through staff awareness training.

Outdated/Unpatched software
Software providers regularly update their products to fix bugs and security issues. Using out-of-date software can make your organization extremely vulnerable to an attack, so it’s best to update and patch as soon as possible.
Verizon’s 2015 Data Breach Investigations Report (DBIR) found that more than 70% of cyber attacks exploited known vulnerabilities that had patches available – with some exploiting vulnerabilities dating back to 1999.
Cyber criminals frequently scout the Internet for organizations that use outdated or unpatched software and are quick to exploit any that they find. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash.
Adobe is currently urging Flash users to update to the latest version of the software after a significant security flaw was discovered. According to reports, a Chinese hacking collective known as APT3 is already exploiting the vulnerability by sending phishing emails to companies in the engineering, telecommunication, and aerospace industries.
What can you do?
Run regular penetration tests on your network and web applications to search for vulnerabilities. This way you’ll spot the weaknesses and have a better chance at fixing it before cyber criminals can get a look in.

DDoS attacks
 A distributed denial-of-service (DDoS) attack occurs when a hacker sends a large amount of traffic to your website that your server can’t handle. As a result, your site server hangs and stops responding to any more requests – basically crashing the site.
With falling costs, it has become easier to engineer such attacks, and more businesses are being targeted. About 32% of information technology professionals surveyed said DDoS attacks cost their companies $100,000 an hour or more. More than 3.4 million DDoS cyberattacks were perpetrated worldwide in 2014, up more than 60% from 2.1 million in 2013.
What can you do?
The more you know about what your normal traffic looks like, the easier it is to spot when its profile changes. Most DDoS attacks start as sharp spikes in traffic, and it’s helpful to be able to tell the difference between a sudden surge of legitimate visitors and the start of a DDoS attack.
It also makes sense to have more bandwidth available to your web server than you think you are likely to need. This won’t stop it completely, but it will buy you extra time to help fix the problem.

IT Governance: http://bit.ly/20JRowJ

« Getting Workers To 'buy-in' To Cybersecurity
Industrial Control Systems Vulnerable »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Secunet Security Networks

Secunet Security Networks

Secunet is a leading cyber security company offering a combination of consultancy and products, delivering the highest level of security for data, applications and digital identities.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Level39 (L39)

Level39 (L39)

Level39 is the world's most connected tech community, with over 200 tech startups and scaleups based onsite.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Clear Thinking Solutions

Clear Thinking Solutions

Clear Thinking is an IT Solutions company specialising in secure & compliant technical services.

ShieldApps

ShieldApps

ShieldApps comprehensive suite of products is designed to protect your personal devices from privacy threats, including hacking attempts, online tracking, fingerprinting, phishing, malware, and more.

Armolon

Armolon

Armolon provides comprehensive data breach and cybersecurity, as well cybersecurity audits and certifications, and disaster recovery/business continuity services to clients.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.