There is no avoiding the large piles of pumpkins or witch’s costumes in the supermarkets that can mean only one thing – Halloween is upon us.
Aside from the trick-or-treaters banging on doors, what scary threats should businesses be fearing at this spooky time of year?
Ghosts: The Unseen Threat of Hacking
Like ghosts who never seem to show up regardless of how many paranormal shows we put on televsion, hackers lurk in the shadows unseen. With the emergence of the connected world, access to devices and systems continues to increase. From the Ashley Madison attack that exposed very sensitive data people would have preferred to remain secret to banking hacks revealing customer account information, the scale, tenacity and complexity of the attacks are increasing.
Businesses need to become more vigilant and start taking steps to ensure these threats are mitigated. There are a few simple steps that businesses can take to help protect against these spooky threats. Protect yourselves from cybersecurity horrors:
1. Change default passwords to something more secure.
2. Understand where you may have entry points for hackers and start to protect these.
3. Run attack and penetration testing to identify and fix vulnerabilities.
4. Configure security settings and install regular updates across the business.
5. Use security protocols such as two factor authentications to protect systems such as email.
Zombies: The Threat of DDOS Attack
Recently, leading companies Netflix, Airbnb and Twitter were taken offline by a distributed denial of service attack (DDoS). These DDoS attacks are on the increase; targeting smaller businesses as well as the large companies. Well-orchestrated attacks – such as the Talk Talk attack of 2015 – can be very damaging. While employees were firefighting the attack, ghoulish attackers were siphoning data with a view to blackmail.
DDoS attacks use a huge collection of infected computers known as zombies to create a botnet that hits their target with huge amounts of data; causing a catastrophic failure to online services.
It is estimated that 5 to 10 percent of all domestic computers are enrolled as zombies to a criminal network. Who knows? Your innocent-looking desktop at home may be a zombie waiting to rise from its slumber to wreak havoc.
But don’t be afraid! there are steps you can take to try and mitigate risks from such attacks. Ensure you have reliable router and firewall in place. Once configured, this can help to control traffic through the network. In addition, unified threat management can help mitigate risks and manage security in real time by inspecting data and traffic to identify malicious activity and threats. Furthermore, increasing bandwidth can help as success of the attack is dependent on you or your customer’s ability to handle the amount of traffic coming through. One solutions can be to use load-balancing to share traffic between different Web servers and locations. Having some redundancy in bandwidth can be also be advantageous in helping to stave off the impact of the zombie apocalypse.
Vampires: Sucking the Money by Phishing
Like vampires praying on mankind, extracting blood to survive, phishing emails draw people into taking actions to fulfil criminal desires. Using advanced tactics such as social engineering, these blood suckers learn about the company by presenting information in ways that look normal and you wouldn’t necessarily question.
A great example is the boss email that for all intent and purpose appears to be a legitimate email from the boss or CEO asking the team to transfer funds into a seemingly legitimate bank account. This belongs to the fraudsters. In addition, there has also been a rise in fraudsters claiming to be a supplier, asking for all invoices to be paid into a different account. These methods have proven to be successful. In the U.S., the FBI Internet Crime Centre has been tracking email compromise scams and estimates that around 7,000 companies have been defrauded; with criminals making off with more than £508 million. Even tech-savvy companies can fall foul. Wireless network manufacturer Ubiquiti Networks transferred $39.1 million to a fraudsters account.
While a silver bullet, garlic or carrying a crucifix cannot help us against cyberthreats, we can start to arm ourselves with the tools, processes and education to combat some of the common threats.
CompTIA Premier Members receive 50 free annual licenses to Cybersecure, an online learning program designed to raise awareness and educate employees or your customers on the threats of cyberthreats. This self-paced learning program is a valuable weapon in the fight against cyber-risks. You can claim your CyberSecure licenses and find out more here. Tucked away in our crypt, we also have a plethora of information and research available to members and registered users to help educate and understand threats. Why not add our International Trends in Cybersecurity research to your arsenal and help your customers? From all the team at CompTIA, we hope you have a spookily great Halloween.
