Cyber criminals have switched tactics and are now attacking many more smaller businesses.
Big businesses have invested a lot in cybersecurity and are now difficult to attack, although a few high profile businesses that did not invest in cybersecurity have been attacked recently. Now the criminals are attacking smaller businesses with data theft, extortion and ransomware. The criminals are able to attack many smaller businesses because they have automated the cyber attack process using ransomware-as-a-service providers.
Cyber criminals are attacking businesses to steal money and in most cases three methods are used, these are:
Data theft; information is stolen from the business and sold via the dark Web. Credit card theft and personal data for identity theft are examples.
Extortion by locking the business data and preventing access, then demand a payment to provide the key that unlocks the data. This is called a ransomware attack.
Blackmail by stealing sensitive data then threatening to put this data on the Internet unless a payment is made. This type of attack is common for medical businesses where patient records are stolen, and educational institutions where student personal information is stolen.
Cyber criminals have switched from attacking big businesses to attacking smaller businesses. Big businesses have invested in cybersecurity protection and are difficult to attack. Many smaller businesses have little of no cyber protection and so are easy to attack. Cyber criminals demand payment in crypto currency that is hard to trace.
There are three common methods of attacking a business to steal money.
Direct attack, the cyber criminal will attack the business computers from the Internet. This type of attack is blocked by a firewall. Many businesses do not have a firewall and they are susceptible to attack. Direct attacks are responsible for 25% of successful cyber attacks.
Password theft is done through social engineering. The cyber criminal will get the profiles of employees using Linkedin or similar and then use that information to trick the business to provide the password. The criminal will then login remotely to the business network. Password theft bypasses the firewall. Password theft is responsible for 10% of successful attacks.
Phishing is a method of cyber attack where fake emails that pretend to be a well known business, are sent to a companies staff. The staff emails are obtained from the company website of from a social media website. The message has a link which when licked will install a software called a Trojan virus on the staff computer. The Trojan virus will give the cyber criminal remote access to the staff computer and then attack the data servers. Phishing bypasses the firewall. Phishing is responsible for 65% of successful attacks.
The firewall is essential to block a direct attack, however it does not protect the business against password theft or phishing. Protection from password theft and phishing requires Zero Trust cybersecurity such as products manufactured by Authonet.
Even when a business has the best cybersecurity protection plan there is still a small risk of a cyber attack. A ransomware attack is especially difficult to deal with and all businesses should have a ransomware recovery plan in place. The alternative is to pay the ransom, which will cost much more, with a 35% risk that the key won’t be provided to unlock the data after the ransom has been paid. There is also a 10% risk that after the ransom is paid the criminal will demand an extortion payment to prevent the business data being put on the web.
The most important part of the ransomware recovery plan is frequent offsite data backups, daily or hourly. The backup must be offsite to prevent the criminal getting access to it to prevent it being encrypted. A historic record of backups must be kept, maybe for a month or more because the most recent backup files will be encrypted and therefore cannot be recovered.
Prepare and test the ransomware recovery plan by following these steps.
Write a ransomware attack recovery procedure and plan a budget.
Initiate the backup business data daily or hourly to offsite storage.
Keep 1 to 3-months of backups for a recovery history.
Have multiple drives prepared to install on computers, SSD drives are recommended.
Have all users store all information in a cloud storage account so that the information can be accesses after the computer storage drive has been replaced.
Have the IT service provider ready to initiate a recovery if an attack occurs.
Test the procedure periodically, every 3 or 6 months.
If a ransomware attack occurs proceed as follows.
Disconnect the network from the Internet.
Replace all the server and workstation drives with the pre-prepared replacements.
Restore the data from backups.
Do not connect the network to the Internet until the point of attack is found, the cyber criminal will try to attack the restored system.
The method of access may have been a user computer that has a Trojan virus installed, but this is difficult to identify. By changing all the computer storage drives, servers and workstations, then the Trojan virus will have been removed. All passwords should be changed for the case that the cyber criminal has chosen passwords during the attack.
Smaller businesses don't have access to the latest cybersecurity information like the big business IT departments do. We are here to help you. Questions are free so take advantage of our support service. Don't stay in the dark and risk getting attacked by a cyber criminal, act now to protect your business.