Get to Know Your Tribe

Tribe-Contact-white

 

    4 min read

    Cyber Security Threats: Prepare, Detect and Respond

    It is always interesting monitoring the WatchGuard quarterly security reports to look at the live security landscape data. It gives you a feel for what is happening, but more importantly, shows you how quickly the cyber threat landscape is evolving.

    Hackers Don’t Hack the Same Way Anymore

    When we talk about hackers, it’s reasonable to think of a person wearing a dark hoodie in front of a computer madly typing away. That is often how the media and modern entertainment portray them. That may have been the case in the old days (well, 10 years ago) but now things are much more complex.

    Two key security weaknesses we see today involve malware/ransomware and email.

    Many ransomware attacks are now fully automated. Platforms exist that will run ransomware campaigns for you (pretty wild, huh?). They often take a share of the profits.

    It's a very lucrative industry.

    What Can They Look Like?

    Scams often start with an email asking you to do something.

    This can look something like this:

    • “Your password has expired – click here to reset it”.
    • “Update your payment information here”.
    • An email that includes an attachment or a link that sends you to a bad website.

    Be on the lookout for these messages and requests. Don't click on the attachment unless you know where it's coming from and are expecting it.

    If you follow through with what it asks, your credentials can be captured, or software can be downloaded onto your machine.

    Keep in mind that any downloaded attachments can also have hidden malware code inside of them that then runs on your machine. This code could be from an ad, on another website. If from a website, the website can contain malware code that gets downloaded into your browser.

    Antivirus and Employee Training

    If you’re thinking, “but I have an anti-virus installed…”, that’s great. However, antivirus is only one part of the solution – and it’s a part that only kicks in when the malware is trying to run on your machine. Ideally, you don’t want to even get to that stage.

    Security awareness training for staff and end users is critical. It does not take long and should be done on an ongoing basis. Training often uses short, easy-to-understand videos explaining common cyber-attacks and teaching viewers how to recognise them.

    This includes:

    • Password reset emails: are they really from the company in the email?
    • Going to bad websites: does your staff know that site? Why would they need to go there?

    Do not be a business that fails to invest in end-user security awareness training. The people in your organisation are your frontline of defence.

    Blog - Inner Image 1-Aug-01-2022-02-19-40-58-AM

    Things Will Get Through, Though

    Modern malware can bypass common AV tools. Developers spend a lot of time working out how to get into systems undetected. How?

    Let’s say a new vulnerability is discovered in the software that you use. The software developer puts out an update for it. The existence of this update tells everyone in the world that there was a problem. Hackers use this information to quickly develop software that takes advantage of that flaw to get into systems – from where they can break in. Once they’re in a system, the possibilities are endless for them.

    Install malware. Look at all the data. Send all the data somewhere. Encrypt all the data.

    To avoid this happening, it’s essential to keep all of your systems patched and up to date.

    BEC: The Extremely Costly Scam

    Email attacks are also quite prevalent. These fall into the Business Email Compromise (BEC) category.

    A BEC is where an attacker has discovered your user ID and password, and then seizes control of your email account. Once in, they can send emails (acting as you) to your finance team – usually asking for quick payments of funds into a new bank account.

    Yes, this happens - and it is far more successful than you would like to think.

    In fact, there’s been a new statement issued by the FBI: USD $43BN of funds have been lost to these BEC scams. This is a great amount of money. You need to be on high alert. The best approach is to not allow the email account to get compromised in the first place.

    A Secure Way Forward

    When it comes to protecting your business, anything is better than nothing. Start small and continuously strengthen your cyber security stance.

    MFA

    To start, make sure you have multi-factor authentication (MFA) turned on for your accounts – everywhere possible. This is a process separate from your user id and password that helps to authenticate you. An additional code is required to ensure you are who you say you are. The code is often stored in an authenticator app on your phone but could also be a number that is sent via SMS that you must enter.

    This is the ‘multipart of multi-factor authentication. If your credentials are compromised, it is unlikely the hacker has access to your phone as well, meaning you’re still protected.

    When setting up MFA in applications, use an authenticator application in preference to SMS. The SMS approach has known weaknesses - such as SIM card cloning. It’s not really considered ‘safe’ anymore but is still better than nothing.

    Login Attempts

    Modern applications will also let you know about unsuccessful login attempts. If you know it was not you trying to log in, then it’s a good indicator that someone else is! Time to change your password.

    Password Manager Tool

    Do not use the same password everywhere. This is an issue from the 1980s that is bound to get you into trouble. You can use a password manager to create complex passwords for you. There is no need to remember them. The password manager application stores them for you.

    It’s quite easy to have different let’s say 24-character passwords for every website or application you have a login for. This will help secure your accounts.

    The things listed here are not the only things you need to do to secure your business. They are just a start, but they do cover the basics which can help protect against some of the automated attacks.

    Remember: Spend a little bit of time on security. It is worth it in the long run.

    Let's Strengthen your Stance Together

    If you’re looking to better protect your business, talk to us today about our Cyber Security services. We provide the best defence for your business through specialised tools and solutions, giving you peace of mind that your data, networks, and people are out of harm’s way.

    Protect Your Business Get in Touch

    Cyber Security Threats: Prepare, Detect and Respond

    It is always interesting monitoring the WatchGuard quarterly security reports to look at the live security landscape data. It gives you a feel for...

    Read More

    How to Implement an Effective IT Strategy

    Creating an effective IT strategy is so important for businesses. You want your IT investment to reach its fullest potential so that your business...

    Read More

    7 Mistakes to Avoid When Automating Your Business

    It wasn’t long ago at all that people were sitting in a factory screwing caps onto toothpaste bottles. Fortunately, we now have machines to automate...

    Read More