Critical Cyber Security Threats & Solutions For Business

Uploaded on 2020-11-05 in NEWS-News Analysis, FREE TO VIEW

Cyber security breaches are threats to any size of businesses, but some businesses lose a greater proportion of the growth when they are hacked. In the last ten years, hackers attempted to break into business networks every 39 seconds. Global spending on cyber security has rocketed up from $3.5 billion in 2004 to a staggering $120 billion in 2017. This is not going to go down, with an estimated $170.4 billion expected to be the figure by 2022.

A  cyber security threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, Denial of Service (DoS) attacks and other attack vectors. 

UK Government 2020 statistics show that 46 per cent of firms have reported cyber security breaches in the past 12 months. A sizable 32 per cent said they were experiencing attacks once a week vs 22 per cent in 2017. 

  • Attacks are becoming more sophisticated with 86 per cent of businesses experienced phishing attacks, 26 per cent were impersonated (purporting to be from someone that the victim trusts) and 19 per cent had malware infections. 
  • Businesses lose an average of £3,230 from missing data or assets after breaches and 20 per cent of firms report lost staff time in dealing with the breaches.

From 2010 to 2020, roughly four billion business records were stolen in the UK, according to figures from the cyber protection experts at Bullet Proof and there are several important actions that can be made to prevent a disaster for your company.

Seven Critical Cyber Security Threats & Remedial Action

Malware Infections: You may be familiar with malware already. It’s short for malicious software and can include ransomware, spyware, viruses and Trojans. In a more general sense, malware is classed as an unwanted action to the victim which will benefit the criminal. Antivirus technology and a reliable firewall are key in fighting these menaces. Spend the time to research trusted antivirus programmes and firewalls and make sure they are kept up to date. Allowing automatic updates is best as bugs can be fixed in the background while you and your staff work.

Phishing Attacks: Phishing attacks make employees vulnerable to sensitive data being stolen, often through email. It’s one of the most common ways malware is brought into a business. Spear phishing is when a targeted email comes through which looks like it’s from someone that you know. Emails can contain links which, once clicked, release ransomware into your computer and into the broader network. The idea is that you get your data back by paying a ransom, regularly costing thousands of pounds. To combat this, businesses should be backing up their data. You can back up data on an external hard drive. Alternatively, some computers have auto back-up features these will back up your data little and often, which is the best approach to take.

The British  National Cyber Security Centre recommends that companies should be encouraging open communication with staff so that when employees report phishing emails, they should be able to admit that they clicked on a phishing link without receiving blame for doing so.

An Inadequate BYOD Policy: Unsecured devices could be carrying any number of viruses. A BYOD policy is a set of rules about how employees’ own devices can be used for work, this could be smartphones, tablets, laptops or other devices. It should also outline what responsibilities lie with the employee and what responsibilities lie with the employer, such as repairs.
Remember to include what counts as acceptable use, what the company will and will not pay for in relation to the device, security protocols like passwords and the risks and disclaimers of using your own device. 

Having a clear BYOD policy reduces the vulnerabilities associated with staff using their own devices such as data loss. It also sets out what should happen if data security is compromised. 

Website Weaknesses: Website weaknesses can leave you vulnerable to attacks, like Structure Query Language (SQL) injections. An SQL injection is where an attacker adds a SQL code to make changes to a database and gain access to unauthorised resources or make changes to data. Businesses should ensure that they’re using the most up-to-date versions of software to protect themselves from this. Previously discovered vulnerabilities may not be patched in older versions of software. If you haven’t already, you can get a Secure Sockets Layer (SSL) certificate from your web host. 

Insider Threats: There’s a chance that ex-employees might, knowingly or not, compromise your cyber security, especially if they have access to your networks. Reduce the chances of this happening by having specific accounts for people with privileges and ensuring that you remove employees from your network when they leave the company. Understanding where your data goes and what needs to be protected. This will allow your business to develop ways to detect these behaviours.

An effective insider threat program is built on trust between employees and their organisation and being aware of how attackers could target staff. They may offer them incentives for useful information, approach those facing career uncertainty to carry out specific actions or try to solicit information that would help identity IT security vulnerabilities,

Lack of Cyber Security Knowledge, Training & Awareness: Education will help safeguard your cyber security strategy. By staying on top of your employee training and keeping updated with technological changes and emerging criminal trends, your business is more likely to be able to detect and recognise potential cyber-attacks and threats.

Distributed Denial of Service (DDOS) Attacks: One area you should know about are Distributed Denial of Service (DDOS) attacks. Hackers will try to make a machine or network inaccessible to its primary users. There may be a perfectly legitimate explanation for the surge in traffic which has caused your service to be interrupted. Before responding to a DoS you should confirm that this is actually what you are dealing with but you should do this quickly.DDOS attacks result in heavy web traffic which slows down the site and can force services offline. Attacks can last for up to 24 hoursMake sure not to neglect your regular security monitoring during a DoS attack.

Those whose business offering is predominantly based online are the most vulnerable and those businesses can potentially reduce the severity of an attack by being well prepared. Quickly responding to a DDoS attack depends upon a well defined response plan in place that has a clear path in response, from confirming that an attack is happening to monitoring and recovery. 

Business should design your service, and plan your response to an attack, so that the service can continue to operate, albeit in a degraded fashion.

Whatever measures you decide to take, make sure your staff, be they based at work or remotely, are aware of, and properly trained to deal with, cyber security risks. It is tempting to divert all available security and network personnel into dealing with the attack. However, some adversaries may use a DoS or DDoS attack as a "smoke screen" for a penetrative attack into your networks. Make sure not to neglect your regular security monitoring during a DoS attack.

Growth Business:       UpGuard:       Bulletproof:     NCSC:   Image: Nick Youngson / PicPedia

For a cost effective  Cyber Audit Report on your organisation’s cyber security and training requirements please contact Cyber Security Intelligence.

You Might Also Read:

Blame The Boss For Cyber Attacks:

 

« British Military Gets A Defensive Cyber Security Platform
US Cyber Command Were Running An 'Election Special' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

BitDam

BitDam

BitDam is an innovative network-based cyber solution that protects organizations from targeted attacks hidden in malicious files and web content.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

CyberClan

CyberClan

CyberClan’s carefully selected team of experts is capable of solving complex cyber security challenges – keeping your data secure and your businesses running as usual.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

LiveAction

LiveAction

LiveAction provides end-to-end visibility of network and application performance from a single pane of glass.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

Intelligent Technical Solutions (ITS)

Intelligent Technical Solutions (ITS)

We help businesses manage their technology. Intelligent Technical Solutions provide you with the right technical solution, so you can get back to running your business.