Cybercrime is on the rise, there is a good possibility it has already affected your business, halting production and bringing your offices and manufacturing facility to a standstill. In 2016, cybercrime incidents became far more common place.
For today’s companies, falling victim to one of these attacks is no longer a question of “if” but “when.”
So what are the main threats and how can you be prepared to combat them?
This guide contains practical advice and easy tips for training employees on cybersecurity and industry best practices with real-world examples. We also outline the essential solutions designed to help today’s businesses defend against and recover from a cybersecurity incident.
The Big One: Ransomware
Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data rendering it inaccessible and demands payment for the decryption key. Ransomware has the ability to encrypt data across a computer network, attacking servers that the victim accesses data from and also rendering them inaccessible, not just to the victim but to anyone on the network.
Ransomware by the Numbers
In a study by the security company Malwarebytes that surveyed 540 UK companies found the following results:
• 54% of companies were hit by ransomware
• 58% paid the ransom fee
• 28% lost business critical data
• 63% experienced severe business downtime
How ransomware is spread
Email is the most common method for distributing ransomware. It is generally spread using some form of social engineering; victims are tricked into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click and is not normally noticeable until an attempt is made to access data on the victims’ computer or network server.
5 Types of Email Social Engineering Scams to Know:
Phishing
Phishing is the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.
Spear phishing
Similar to phishing, this is an e-mail spoofing fraud attempt that targets a specific organisation, seeking unauthorised access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by criminals out for financial gain, trade secrets or confidential information.
Spoofing
A form of spear phishing, occurs when a cyber-criminal targets a particular business or individual with an email that appears to come from either themselves or someone within their own business. The email domain name is spoofed by the attacker, giving a false sense that it is from an extremely trustworthy source.
Whaling/CEO Fraud
This is when a hacker creates a false sense of trust between themselves and the end user by impersonating a figure of authority within the company in order to gain access to private data or for financial gain. For example, a cyber-criminal may send an email to a member of the Finance team posing as the Finance Director requesting that an urgent payment be made to a supplier, whose bank account details have been included in the email for quick payment.
Baiting
Baiting involves offering something enticing to an end user in exchange for private data. The “bait” can come in many forms, such as a music or movie download. Once the bait is taken, malicious software is delivered directly into the victim’s computer.
Must–Have Solutions for Cyber Protection: Layered Security
Antivirus Software
Cybersecurity technology starts with antivirus software. Antivirus, as its name implies, is designed to detect, block, and remove viruses and malware. Modern antivirus software can help protect against ransomware, key loggers, backdoors, rootkits, Trojan horses, worms, adware, and spyware. Some products are designed to detect other threats, such as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial of service (DDoS) attacks.
Access control
Restrict access to your system to users and sources you trust. Each user must have and use their own username and password. Each user should use an account that has permissions appropriate to the job they are carrying out at the time. You should also only use administrator accounts when strictly necessary, for example for installing known and trusted software.
Password Policies
A brute force password attack is a common method of attack, perhaps even by casual users trying to access your Wi-Fi so you need to enforce strong passwords, limit the number of failed login attempts and enforce regular password changes and complexity. Passwords or other access should be cancelled immediately if a staff member leaves the organisation or is absent for long periods.
Firewalls
A network firewall is essential. Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules—separating your secure internal network from the Internet, which is not considered secure. Firewalls are typically deployed as an appliance on your network and in many cases offer additional functionality, such as virtual private network (VPN) for remote workers.
Patch Management
Patch management is an important consideration as well. Cyber criminals design their attacks around vulnerabilities in popular software products such as Microsoft Office or Adobe Flash Player. As vulnerabilities are exploited, software vendors issue updates to address them. As such, using outdated versions of software products can expose your business to security risks.
Anti-Spam
As most cyber threats are now delivered via email it is critical that you adopt a cloud based Anti-Spam product in order to remove threats before they hit your organisation, spam filters built into anti-virus no longer cut it as they work after the email has landed in your inbox. An Anti-Spam product that offers advanced threat protection such as re-writing URL’s in emails and scanning attachments offline before delivering them to the end user. Office 365 is not exempt from attack and therefore a third party spam filter should be used in conjunction with it.
User Awareness Training
According to over 1,000 IT service providers, the lack of cybersecurity awareness amongst employees is a leading cause of a successful ransomware attack against an SMB. That being said, employee training is a top component of a successful cybersecurity protection program and most likely the only way to ensure all staff understand the cyber threats they face and, most importantly, what they should look for in order to avoid falling victim to them.
These measures protect against a wide array of cyber-attacks. However, because threats like ransomware are always evolving, security solutions are just one part of an effective defence strategy. You also need solutions in place that enable you to return to operations quickly if you do suffer a cyber-attack. Data protection technologies are an essential second layer of defence against cybercrime.
The #1 Solution for Cybersecurity Protection:
Backup and Recovery
Taking frequent backups of all data considered critical to your business is vital. The exact frequency of backups will vary based on your business’ specific needs. Traditionally, most businesses took a daily backup, and for some businesses this may still be suitable. However, today’s backup products are designed to make incremental copies of data throughout the day to minimize data loss.
When it comes to protecting against cyber-attacks, solutions that back up regularly allow you to restore data to a point in time before the breach occurred without losing all of the data created since the previous night’s backup. In a busy manufacturing business, it is recommended (and very possible) to back up your data every 15 minutes by using the correct product.
Some data protection products can take image-based backups that are stored in a virtual machine format—essentially a snapshot of the data, applications, and operating system. This allows users to run applications from the backup copy. This functionality is typically referred to as instant recovery or recovery-in-place, it provides business continuity and is perfect for an ‘always on’ manufacturing environment.
Certification
So you have read the above guide, but how do you know you are following industry best practices and have helped mitigate risk to your business?
In 2014 the government released a scheme called Cyber Essentials (www.gov.uk/government/publications/cyber-essentials-scheme-overview). The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice and the ability for businesses to earn a certification through following these best practices and implementing controlled security measures where possible.
By focusing on basic cyber hygiene, your company will be better protected from the most common cyber threats.
This document was drafted for Business Micros by DuFeu IT Solutions Ltd. DuFeu IT are our preferred partner and are responsible for the security at Business Micros.
To properly secure your business and become Cyber Essentials certified contact DuFeu IT Solutions Ltd @ The old pump station, Furnace Lane, Finedon, Wellingborough, Northamptonshire, NN9 5NZ or telephone 01933 426162