What’s your cyber security IQ?
Most business owners know a little about cyber security: Use strong passwords, don’t use the same one for multiple sites, and don’t click on links in emails from senders you don’t know. But cyber attacks are getting more sophisticated every day, and it can be challenging to keep up.
To improve you cyber security IQ, here’s the latest on the continuously evolving cyber security schemes designed to compromise your business.
Phishing is a way for cyber criminals to gain access to your computer network. Hackers send an email that looks legitimate and ask the recipient to either click on a link or perform some other action. Once the link is clicked, malware is deployed to your system.
Phishing is not new, but it’s seeing a resurgence in popularity. Global consultancy CGI’s Security Operations Center reported a 30,000% increase in phishing attacks related to COVID-19 scams.
When many companies sent their employees home to work, cyber criminals saw an opportunity to exploit the situation, and they jumped on it. The widespread use of virtual private networks (VPNs) has exposed their vulnerabilities. While phishing attacks have become more targeted, there has also been an increase in mass spam email campaigns which prey on easy targets.
Ransomware is a kind of malware that holds a company’s data hostage. The hacker demands payment from the victim company to regain access to their own data. In addition to being the most expensive kind of cyber attack, a ransomware attack can shut a company down until they can get their data back.
Ransomware continues to be profitable for cyber criminals and has seen an uptick as a result of the COVID-19 pandemic and the increase in the number of people working from home. According to a report from Hiscox and Kivu, a leading global cyber security firm, ransomware demands increased 40% across the US in 2019, compared to 2018, and have increased 470% since 2016. Ransom demands have also increased 200% in size – to an average of over $230,000 – in the first half of 2020 compared to the same period a year ago.
Doxing is when cyber criminals steal the data of a ransomware victim and threaten to sell it on the dark web if a ransom is not paid. This can be a double-dipping opportunity for hackers. Companies who are targeted often find that their data ends up on the dark web even if they pay the ransom.
Doxing attacks have also become more targeted, as the criminals who carry out these attacks are becoming increasingly sophisticated. As they target specific companies, these hackers know the value of the data they are hijacking and they price their ransom demands accordingly.
Defending against cyber attacks
Now that you know what the latest threats look like, the next step is to defend against them.
A cyber preparedness plan starts with preventing an attack before it happens. This means educating your employees, whether they’re working from home or are back in the office. Training employees to spot a phishing email is crucial. Many companies test their employees by sending out emails that resemble a phishing email to see who responds. This helps to identify if employees need more training on preventing an intrusion into your system. Creating a back-up strategy for your data also remains an important risk management tool. In 2019, the total claims cost for an insured without a back-up strategy was 3.5 times higher than it was for an insured who had one.
The next step is to detect an attack as soon as possible after it occurs.This can limit the amount of data that is lost and may help you get all your data back from a back-up, eliminating the question of whether or not to pay a ransom.
If you are attacked and thieves access your data, you’ll want to mitigate the damage. Having a plan in place and having cyber insurance will reduce the financial impact of a hack or a data breach on your company’s bottom line.
Staying on top of emerging cyber threats can seem like a full time job, but it’s critically important to keeping your company safe.