Certainly, global attacks such as May’s WannaCry ransomware
outbreak, which impacted the NHS among others, are more prolific than ever. And even incidents on a smaller scale, such as the myriad of attacks that have plagued companies from Wonga to Debenhams, are becoming an almost everyday occurrence.
One thing is for sure: cyber-crime isn’t going away, so educating yourself and your team on the different kinds of attack and ways of protecting against them should be an ongoing process. With that in mind, we thought it was time for a quick refresher on the most common types of cyber-attack
; what to look out for and what you should be doing to help prevent them.
Make sure persistence doesn’t pay off
An advanced persistent threat (APT) is a network attack in which an unauthorised person gains access to a network and stays there, undetected, for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organisation.
Usually gaining a foothold using socially engineered Trojans or phishing attacks, ATP attackers can compromise an entire organsiation in a matter of hours, and detecting and preventing them is no easy task. A good practice to get into that may help you identify an ATP is to take the time to start tracking your network flows, and get an understanding of what traffic should be going to and from where. Should your business be a victim of an APT it is highly likely that the attackers will attempt to copy large amounts of data between servers that do not usually communicate, which could alert you to their presence.
Stay safe while social
You’d be hard pressed today to find a business without at least one corporate social media account. Unfortunately, while these sites are invaluable in terms of extending a company’s reach to the its clients and others, they also increase the opportunities cyber-criminals have to work their way in where they don’t belong. Hackers love exploiting corporate social media accounts to glean passwords that might be shared between the social media site and the corporate network.
Implementing a social media policy within your organsiation is a good first step to avoiding a great many pitfalls. Limit the amount of staff who have permission to use the pages and include plenty of details about screening invitations, friend requests and applications. Finally, don’t be afraid to have a plan in place for if the worst should happen and a hack occurs; there’s no shame in being a victim but having staff trained in how to promptly report a hijacked account could save a lot of embarrassment.
Patch things up
In an ideal world, we wouldn’t need to put so much thought into the vulnerabilities of our software. However, while it can be tempting to postpone software patches and updates, doing so could effectively hand the keys to your business over to an attacker.
The solution to this one is simple: respond to update requests from your software in a frequent and timely manner. Pay particular attention to the programmes your business uses most often or that are most vulnerable.
Avoid phishing trips
It’s estimated that up to 70% of emails are spam, many of which are phishing attacks on the lookout for unsuspecting victims to dupe out of their login details. It can be easy to dismiss password phishing attacks as easy to identify and prevent with a dedicated spam filter, but unfortunately it isn’t always that simple.
Educating staff on what to look out for when it comes to phishing attacks is a good start, but an even better way of safeguarding your business could be to consider more stringent login methods. Popular alternatives to traditional passwords include biometics and two-factor authentication, and they’re worth looking into.
Be malware aware
Arguably the top form of cyber-attack at the moment, socially engineered malware is often led by data-encrypting ransomware. This year’s WannaCry attack is just one example. Users are tricked into running a Trojan horse program, seemingly originating from a website they trust, and subsequently giving an attacker full, unauthorised access to your network.
At the end of the day, the best form of defence against socially engineered malware has to be the ongoing education of users on what they should look out for and avoid during day-to-day computer use. An up to date anti-malware program is a given, but strong end-user education can help provide even better protection.
If you have any questions about how to keep your business safe in an online world, the team at Dynamic Networks is always happy to be of assistance and offer our advice.