News > i3

How to Spot and Combat Cyber Threats


Here is a guide to several frequently encountered types of cybercrimes that organizations should be equipped to spot and fight back against.

Cyberattacks and crimes such as the recent Equifax breach and this summer's rash of WannaCry ransomware outbreaks are skyrocketing. In fact, they have increased by nearly 400 percent since 2015, according to application security testing firm Checkmarx and may cost enterprises more than $2 trillion annually within the next two years. Anticipated to become a bigger concern as more organizations embrace virtualization and big data, it’s vital to watch for signs of trouble and be proactive about preparing your enterprise to defeat them. Here is a guide to several frequently encountered types of cybercrimes that organizations should be equipped to spot and fight back against.

Ransomware

This software is designed to hold a computer system or network (and the data contained within it) hostage. Often taking the form of a virus or Trojan, it’s effectively crafted – when accidentally installed, clicked on, or activated by an unsuspecting party – to hijack sensitive information or files, until a payment is made to the hacker behind the attack. According to online safety provider Symantec, the average cost of ransoms is $300 per computer – costs that can quickly add up unless you learn to play it safe up-front.

Hacking

This is an intrusion or unauthorized entry into a computer, system or network by another party. Others may choose to hack your company’s infrastructure for the purpose of obtaining sensitive information, disrupting operations, compromising secrets or sources of competitive advantage, engaging in acts of malice and a myriad of other reasons. Among today’s most common cybercrimes, hacking is a felony in the U.S. and carries stiff penalties. Unfortunately, its consequences can also be highly costly and damaging for businesses, especially in terms of brand reputation, should incidents become public.

Attacks on Computer Systems

Instead of simply trying to invade systems and monitor for activity, cyber criminals may alternately enter them with more nefarious goals, including attempting to disrupt operations or permanently disable them. A few tricks troublemakers may employ range from trying to cripple servers by bombarding them with massive bursts of information or activity, exploiting glitches or vulnerabilities in software or implanting harmful programs designed to harvest information or cripple your organization’s online activities. Be forewarned: Attacks on major brands are becoming more commonplace and should be anticipated with both low and high-tech safeguards (as well as multiple contingencies, backups and fallbacks) put in place at every level.

Malware is short for malicious software and describes apps and programs designed to negatively impact computers, mobile devices or other high-tech solutions. These troublesome apps, which often are unknowingly and accidentally spread by users in viral fashion, may also be used to track personal information, monitor activity and expose sensitive data (e.g., finances or trade secrets) to unwanted parties. Some typical types of malware include viruses (damaging to systems and designed to spread rapidly), spyware (which eavesdrop on your online exchanges and activities), and bots (computer code that automatically performs tasks – especially of the unwanted variety).

Phishing

A form of con in which others are tricked into inadvertently giving out information, typically by being fooled into mistaking a false source or contact for a legitimate one. For instance: When your customers are sent an email that links to a site that appears to be an official online channel, but instead is a duplicate designed to steal their personal information. Many forms of phishing exist including popups, false links and fake e-mail inboxes, but all are designed to part victims from sensitive data that they’d otherwise hold private.

Identity Theft

The practice of stealing another party’s identity for purposes of making illegal transactions, registering or applying for unwanted services, causing harm to brand equity or gaining access to trade secrets. With more data shifting online and to the cloud, and these growing treasure troves of information becoming increasingly valuable, instances of identity theft are on the rise. It’s vital to build in a system of checks and balances when validating users and running security clearances since you never know what may happen going forward.

Social Engineering

A type of con in which criminals attempt to part others from information, resources or insights they shouldn’t. This is often attempted by criminals posing and pretending to be something they’re not. Here’s a simple illustration: A criminal posing as an IT support professional might contact someone in the finance or legal department requesting login and password information to private networks. (For purposes of security or fraud prevention, in their words.) As you might imagine, human error is the single biggest vulnerability in security systems today. To avoid falling prey to it, train colleagues to be healthy skeptics, follow predetermined processes/procedures for validating identities and ask a lot of questions. Of course, to spot the gaps in criminals’ stories, it’s also important to train employees to be able to think fast on their feet as well.

Web-Based and Denial of Service Attacks

These attacks rank among today’s most damaging cybercrimes, costing upwards of six figure sums on average to address. Average recovery times range between 30 to 60 days – a costly amount of time to be offline. To help to avoid suffering from these attacks and dealing with the associated costs (including legal expenses, blows to brand equity and potential productivity hits), plan for them in advance. Thankfully, numerous online and network security providers offer security services, backups, and flexible solutions for rolling with the virtual punches.

Scott Steinberg

Tagged

Related