Cybersecurity Update - Are You Ready for 2019?

Hacking, malware, phishing, identity theft, ransomware and viruses have been around for many years now and you might think that you have a handle on it. However cyber security threats are evolving, and methods deployed by cyber criminals are becoming increasingly sophisticated.

According to the Ponemon Institute’s 2018 Cost of Data Breach study for IBM, the average cost of a data breach for companies worldwide was $3.86 million (in US dollars). The cost of the average data breach to a US company was $7.91 million.

Additionally, a 2018 study from Juniper Research found that cybercriminals will steal an estimated 33 billion records from businesses in 2023 - compared with 12 billion records in 2018. This includes confidential client information such as names, addresses, credit card details and social security numbers. Juniper also expects that by 2023 half of all the world’s data breaches will occur in the USA because of the amount of consumer and corporate data stored by businesses in this country.

It’s not just big, rich, multinational corporations that cyber criminals have in their sights either: some 43 per cent of data breaches affect small businesses.

In fact, cyber security is such a concern that the President has pledged to spend $15 billion on cyber security in the Budget for 2019 - a four per cent increase on the previous year.

Data breaches can be an absolute disaster for a company. Not only can money be stolen, but remedying some cyber attacks such as malware can be extremely costly. Plus there’s the loss of business for the duration of time when your systems are crippled and inoperable. Your business’ reputation can be damaged irreparably, with loss of good-will and trust among your clients and customers. There’s even the very real risk of legal action being taken against you by anyone whose data you have failed to protect.

One cyber breach can be all it takes to put you out of business altogether. In fact, it is estimated that 60 per cent of small companies will go out of business in the six months following a cyber-attack.

Installing and activating firewalls, patching software and using anti-virus and anti-malware software are a good start but are often not enough to keep your company data protected. It’s critical that you take all necessary steps to protect your business from cyber-attacks including being vigilant about phishing attacks, educating your employees, communicating quickly when there is a new and emerging threat, and even investing in cyber liability insurance.

Training and educating your staff and communicating quickly when there is a known threat are essential in the fight against cyber crime - such as by using DeskAlerts for training and education and urgent communication purposes. Employee error is thought to account 54 per cent of all data breaches, and are the number one cause of data breaches overall, according to a study from Ponemon Institute and Keeper Security.

Some of the vulnerabilities that criminals exploit to target your employees are getting more and more sophisticated, and this is only going to continue next year.

Emerging threats include:

More sophisticated social engineering scams

This is when criminals trick an employee into trusting them. Socially engineered email messages are sent as part of “spear-phishing” campaigns and are designed to get a user to perform specific actions. This could be opening an attachment, visiting an unsafe website, divulging account credentials, disclosing sensitive information, or sending money to a recipient.

The criminal sending these messages often goes to great lengths to make them appear as though they are work related. They may be posing as a senior manager in the organization who needs information or money. Or they may be purporting to be from another business, such as when fake invoices are sent.

Phishing

When emails are sent to a user purporting to be from a legitimate institution, such as a bank or from a software company, asking for details to be entered into the username and password fields. Criminals are able to capture this information and use it for their own means.

Mobile devices

If you have employees who are out of the office a lot or who have a company issued smartphone and/or tablet, you are at increased risk of your data falling into the wrong hands.

According to the Ponemon Institute, more than 50 per cent of American companies have sensitive data that can tbe accessed on an employee’s tablet or smartphone. Coupled with poor password policies and a rise in attacks targeted at mobiles, there is a real potential for disaster here.

Hacking

While there is no doubt many cyber threats are much more elaborate than they have been in years gone by, you should not discount the presence of the “traditional” computer hacker. According to SophosLabs 2019 Threat Report, manual hacking is on the rise.

Sophos says that many hackers prefer a more “hands-on” approach to their craft. Manual hacking can be harder to detect and doesn’t always follow a predictable pattern.

Ransomware

SophosLabs also says that businesses can expect more targeted ransomware attacks in 2019 - this is when malware is released intended for a specific victim which can steal sensitive data, and demand payment from the victim in order to get the data back, or to regain access to their systems.

Ransomware attacks are getting more sophisticated in the ways they attempt to extort money from victims and to try to stay ahead of the solutions many companies have in case they are ever targeted in this way. This can include doing things like wiping backups of data so that the business feels it has no choice but to pay the price.

Cryptojacking

This is the process where cyber criminals gain access to computers in order to mine cryptocurrency so they can profit from the gains. It is believed that millions of computers are taken over in this way every year.