Cybercrime is constantly evolving, and the threats being created and disseminated are becoming increasingly sophisticated. So much so, that they are starting to look like correspondence from legitimate and trusted sources.
The end user becomes the human firewall - and sometimes, either through lack of awareness, education or understanding of the risks, may inadvertently be the primary cause for viruses making their way through organisations.
Ransomware and lock-key viruses are currently the biggest threat to companies, and ultimately lockdown businesses, and force business owners to pay a ransom, normally in untraceable bitcoins in order to get access to its own data.
The way in which these threats find their way into organisations, and we have come a long way froom the ‘ILOVEYOU’ virus of the early 2000’s. If people thought they needed to be conscious of the URLs they clicked on in the past, today, they need to be aware of viruses embedded inside of attachments or documents, that would ordinarily have been deemed from a trustworthy source.
They might not even know there is a virus until it is too late.
The impact to business is significant, because they will suddenly not have access to shared documentation, data could be leaked to the public and sensitive information compromised, leading to potential reputational risk. Businesses can come to a complete standstill until the issue is resolved - a process that can take up to a week, depending on how clued up the organisation’s IT department or ISP is.
When we discuss security with our clients, we always recommend an ongoing education and awareness programme. Gone are the days where security breaches, viruses and malware is solely the domain of the IT department. All end users, business executives or owners, IT managers and any resource that has access to the network or company email needs to be informed about viruses, and the various shapes and forms that they take - the weakest link need no longer be the human element.
The second piece of advice we offer is to take the necessary steps to protect your business. These steps include backups of your environment, so that if you are held to ransom, you can start up in a clean, virus free environment and carry on operating. Putting measures in place to prevent others from getting back in. Too often, businesses think that they've paid to retrieve their data, and that it won't happen again. Unless preventative measures are taken, businesses risk being hit two, three or four times in a row, before they take it seriously
Other measures may include:
- Changing passwords regularly
- Backup data so that data can be restored in clean environment - consider an offsite or cloud based backup solution
- Ensuring that staff is aware of the threats in the market, and what to look for
- Have the right security measures in place - firewalls, endpoint and email. Make sure that nothing gets in or out of the business
Ransomware and lock-key viruses target your network and endpoints, while spear-phishing and whaling target the mail environment and links in documents and attachments that you would otherwise consider to be from trusted sources.
Perhaps an easier way of looking at your environment, is understanding what protects what:
- A firewall protects your network
- Endpoint security protects the devices that are connecting into your network
- Ensure that where your email comes into the business, has the right gateway in place, that eliminates the possibility of malicious content getting to the end user.
The flipside of not having enough security, is adding too much into your environment. It brings a layer of complexity that could lead to a lack of clarity on which elements work together, and which are not working optimally - again leading to vulnerability.
We suggest starting with a 360 degree view of your business, and it could be as easy, as starting with your ISP. Where there is a consulting arm within your ISP, you can ask them to provide an analysis of your network, the design thereof, and identify potential loopholes.
Cybercrime is no longer about being opportunistic, or a hit and miss approach. Cybercriminals are testing what is possible, access and breaking points across a range of organisations and seeing the level of security in place. Once they know where these vulnerabilities are, they make a concerted and targeted effort to gain access to as much data as possible.
Organisations should be checking how much information they have made available to the outside world - sophisticated cybercriminals know who you are as a business, and they know who the people within your organisation are.
If you don’t know that the cybercriminals know about your business, the question to ask is, do you back to security basics, and when is it time to implement more advanced measures?