Fewer of today’s hackers are in it ‘just for fun’ or a challenge. Most are money motivated, highly organised and seldom work alone. Attackers are agile, while businesses can’t always say the same. Especially when they’ve just been ‘making do’ with security.
‘A hacker’s goal is to steal credit card information, email addresses, usernames and passwords. Anything that can be sold on to a higher bidder. How they do it may include some of the following techniques.
Attackers can hold businesses virtually hostage, with ransomware; a ruthless practice. Ransomware remotely encrypts your files without your consent. Some forms of ransomware are programmed to spread across the network.
Instead of requiring a recipient to open an email attachment or click on a link, current trends in ransomware—such as WannaCry, which began in May 2017—enable malicious code to be transmitted between networks without user interaction. “WannaCry is the first one to completely automate,” says Craig Williams, a senior security outreach manager at Talos, the security research arm of Cisco.
WannaCry affected more than 200,000 computers worldwide, and may cause an estimated $4 billion in losses. WannaCry gets installed through a vulnerability in the Microsoft Small Business protocol and is particularly effective in older Windows environments, such as Windows XP, Windows Server 2003 and Windows 8. Microsoft had already released a security update to patch this vulnerability, but not all users were automatically protected.
Fifty-two percent of the Small Businesses—participating in the Ponemon Institute’s 2017 State of Cybersecurity in Small and Medium-Sized Businesses (SMB) report—experienced either a successful or unsuccessful ransomware attack in a 12 month period. Once the infection is complete, a message will appear on your screen, demanding that you pay a ransom in bitcoins for the release of your data. A typical ransom can be anywhere from £200 to £10,000, but some victims have ended up paying a lot more.
Recent headlines show a new generation of threats going viral on a global scale and proliferating more quickly than ever. Cisco Talos threat research group uncovered a threat, called VPNFilter, that compromised more than 500,000 small office/home office routers and network attached storage devices around the world. Cisco devices were not among those affected. This complex threat allows the actor to inspect traffic that is passing through the devices, to steal files off network backup drives, and potentially pivot onto connected corporate networks.
Cyber criminals understand their targets — down to their likes and dislikes and how they conduct business. They know what they will pay for their data to be released, and they exploit any weakness they find ruthlessly.
Business email compromises (BEC) are 75% more profitable than ransomware. Despite that, they don’t get as much publicity.
BEC are targeted attacks, in which hackers use social engineering to trick people into transferring money to them. There is no malware, there are no attachments. Unlike ransomware attacks, they don’t take any data from their victims. It’s all based on lies and misdirection.
Typically, hackers spend some time researching their targeted company and start building a profile. After they know enough, they may send spear phishing emails to senior members of staff, often in the finance department. It needs to be someone with the authority to transfer the money. The bigger the company, the more money they can make. However, attacks targeting small and medium-sized companies are on the increase.
The bigger the company, the more money they can make. However, attacks targeting small and medium-sized companies are on the increase.
Data is at the heart of everything your company does: it’s your intellectual property, your next big break, your customer records, your revenue. A breach costs much more than just fixing outages and damaged systems.
Building a strong security posture can help protect your intellectual property and your reputation. On average, it takes organisations 191 days to detect a breach and 66 days to contain it. (Source: Ponemon Institute). Yet the key to damage limitation is early detection.
Cisco's median time-to-detection is 3.5 hours. If a breach happens, Cisco Incident Response Services experts are available within hours to help you contain it and fix the root causes.
Supply chain attacks are an emerging and growing cyber threat, which demonstrates how skilled cyber criminals have become. What happens is that the bad guys compromise the software update mechanisms of (otherwise legitimate) software packages. That then allows them to piggy-back on the distribution of genuine software.
Crucially, the cyber criminals will target a business in the supply chain with weak cyber security practices – especially when it comes to sharing information. This is why small businesses often get targeted.
Once they’ve identified the weak link, the attacker can then focus on the exploitation of the ultimate, intended target.
Don't let attackers sidetrack your business. Fight them at all the places where they try to get in. Our solutions protect you from the DNS layer to email to the endpoint. And they are backed by industry-leading Talos threat research.
If you have a place in a supply chain, ask your vendors/partners how they secure their supply chains. Ask them about their development practices and their internal security controls. How do they roll out patches and updates to their internal systems, and how often? How do they segment and secure their development, QA, and production environments? How do they vet their partners and vendors?
And be sure to ask all of these questions of your own organisation, or you could find that it’s your organisation that is the weakest link in the supply chain.
More info about supply chain attacks: https://gblogs.cisco.com/uki/protecting-against-supply-chain-attacks/
Some businesses just don’t have a clear cyber security strategy. They make do with a solution until it becomes a hindrance.
Others attempt to cover all bases and end up with a stacking problem. A stack of various point security solutions from different vendors, all in place at once. Both situations spell trouble.
The patchwork of incompatible security technology leaves gaps, creates management headaches and makes inefficiencies upon which hackers thrive. Each new security solution comes with another management interface. Each new solution demands human resources, management hours to set up, set policy, respond to alerts and it’s not always clear whether the extra security outcome you gain is worth all the extra effort you are putting into managing that solution - rather than focusing on bigger problems elsewhere.
You may have added complexity without much overall incremental effectiveness. This situation isn’t helped by the fact that security is still seen as primarily an ‘IT issue’. According to the Cisco Security Benchmarks Study, some organisations don’t particularly agree that line of business managers are engaged with security. The attitude is too often, ‘Security is IT’s problem.’ This is a real issue, because it means that security often gets ‘bolted on’ rather than embedded in a company’s ecosystem. Cutting corners creates more work.
Done right, security can be a business enabler. A platform for growth.
We work everywhere: at home, in the office, airports, coffee shops. Yet traditional security solutions still focus on protecting employees only while on the business network.
Picture the scene:
- Users are accessing your network from their own smart devices, from wherever they are - Your business apps, servers, and data are in the cloud
- Devices that don’t even look like computers are connecting to your networks (think smart meters, thermostats, printers, cameras...)
- And to thicken the plot, you need to figure out how to get security everywhere to secure this complex infrastructure
Shadow IT is the practice of employees using any applications they fancy, without getting the IT department’s approval. This can be anything from installing an instant messenger service onto a work device, to downloading their own file sharing software and using it to transfer sensitive data.
Of the respondents participating in the Ponemon Institute’s 2017 State of Cybersecurity in Small and Medium-Sized Businesses (SMB) report that experienced a data breach, 54 percent say negligent employees were the root cause—an increase from 48 percent of respondents in the previous year’s study.
Shadow IT can create huge security vulnerabilities, especially if you don’t know how far the problem extends. This kind of operation is like going for a swim in shark-infested waters wearing a meat suit. Yet it’s incredibly prevalent in businesses. So why does it happen?
In fairness to staff, it happens with best intentions. Workers want to improve their own levels of productivity and use the latest digital tools. Staff are not usually thinking about the security implications when accessing these applications. Sometimes, employees use Shadow IT tools because they were used to certain systems in their previous organisation. After all, it’s easier than learning something new.
It’s possible to turn shadow IT into a positive contribution to your business:
Robust passwords continue to play an essential role in small business cybersecurity. Yet 59 percent of respondents in the current Ponemon report—the same percentage as the previous report—say they do not have visibility into employee password practices, including the use of unique or strong passwords.
Respondents also say that password policies are not strictly enforced. If a company has a password policy (43 percent of respondents do), 68 percent say it is either not strictly enforced or they are unsure how well it is administered.