The Top 5 security Threats to Your Business
(Excerpted from an article published in the dark reading by level III communications with annotations by BBSYS.)
“Cyber security breaches are more common now than they have ever been. While they don’t all make news headlines, the effect numerous businesses every single day.” One analysis showed that in 2014 one out of every 244 businesses suffered a successful cyber-attack. Those are not odds that I would care to accept.
I. Network and application layer attacks
“These attacks represent the disruption or suspension of servers and network resources connected to the Internet. They are easy attacks for anyone to launch and very difficult for businesses to resolve on their own. DDoS attack packages are available to anyone on the black market for very little money.” Use Google or Bing to search for DDoS packages and find one or more in about 15 minutes.
II. Social Engineering
“Fake emails or other electronic communications are used to acquire access or information. These attacks are difficult to detect and often the source appears to be legitimate. Critical information about your business can easily fall into the wrong hands.” One type of attack is called spear phishing whereby a hacker obtains your specific email address and sends an email that appears to be from a reputable organization with an attachment. A specific example would be an email from an employment site with a resume’ attached. The payload is hidden in the attachment and would attempt to exploit one or more known vulnerabilities within your word processor when you inadvertently opened the resume’. The payload would then attempt to exfiltrate company information from the immediate Workstation and any servers connected thereto.
III. Advanced Persistent Threats
“A ‘backdoor’ to your systems is established using one or more vulnerabilities” in hardware, software, networks or applications, undetected. [The cyber-criminal(s)] “gather administrative credentials and exfiltrate data”. [The] “attackers use custom malicious code, [and] remain undetected as long as possible to continue to do damage.” Rather than attempt to exfiltrate an entire master file of, say, customer information including credit cards, the attackers will monitor and exfiltrate individual transactions that still contain customer information and credit card numbers, but in small batches on a daily basis. In many ways this bypasses cyber security protections on database information established post-Target and post- Home Depot data losses.
IV. Organized Cybercrime
“Risk of intellectual property theft, confiscated bank accounts, and loss of customers as a result of business disruption. Ultimately easier to prevent than to fix, cyber criminals specialize in selling personal information on the black market, using ransoms and blackmail.” From personal experience with one of my clients, ransomware could have been a very effective tool to extort money, or literally cripple or destroy a business. Keep in mind, wherever business goes and becomes successful, organized crime is sure to follow, in very short order.
V. Major Data Breaches
“Through a variety of methods, sensitive information about enterprise companies in every industry is exposed. Business is disrupted, customer and company data is compromised, and recovery costs are enormous. Financial, media and entertainment, health care, retail and many more are vulnerable.” Access to one enterprise company in a particular industry does not have to be direct. Access to a smaller vendor of that enterprise company could easily lead to access the enterprise company indirectly and from there to other companies in that industry simply because they all interact. As an example, no one financial organization functions in a vacuum; it has dynamic conductivity to most all companies in the finance industry. The same holds true for all the industries mentioned above. Obviously, if the attacker enters the enterprise industry through a smaller vendor business, the reverse traffic can also take place, putting all the vendors in harm’s way.
With the Internet, everything is connected.