Just because you’re not as large as Target doesn’t mean your business is not a target when it comes to cyber attacks. In fact, being a small or medium-sized business makes you at least as much as a target because, at least from the attacker’s perspective, you are probably less prepared and are thence easy pickings.
Cyber attacks aren’t just inconvenient and annoying, they can be extremely expensive to your business, due to the loss of data, the cost of its recovery and the cost of your downtime caused by the attack.
How costly? Just to give you an idea, according to the Financial Times, the average cost of a data breach in 2016 was $3.6 million and of each lost record, $141. Bear in mind, that’s an average among companies — not just large companies.
And for another scary statistic, 60 percent of small businesses struck with cyber attacks fold within six months of the attack, according to the National Cyber Security Alliance.
So what kind of attacks are we talking about?
Here are seven cyber attack types most common to businesses and how to protect yourself.
Advanced Persistent Threats. These types of attacks are like the proverbial foxes eating the grapes — basically you know something is happening but it’s hard to figure out what exactly. APT attacks are small but continual attacks made in multiple phases, first starting with reconnaissance, then moving on through entry and so on until the perpetrators achieve their goal — harvesting sensitive data.
Defense: This kind of attack can be prevented by staying on top of your software updates and by continually monitoring your network . Going back to the foxes and the grapes, this would be like patching the holes in your vineyard’s walls, raising their height and setting a watchman in the vineyard tower.
This is a method by which perpetrators gain access to your network via email or other web-based social engineering schemes. Again, the goal is to steal private information. In this kind of attack, for example, the perpetrator might send an email bearing a link that once clicked introduces malware into your network. The malware could be ransomware, locking up your files until you pay a fee, or some other form of virus.
Defense: This kind of attack can be prevented by educating your network’s users about phishing attacks and teaching them how to avoid becoming victims. You can also protect your network by installing a data back-up and recovery system (BDR) so that in case you are attacked and your network affected, you can bring your network back to an earlier state where it was not affected.
A distributed denial of service attack is an attack where multiple web-accessing devices overwhelm a website, server or other internet-connected device with data or requests, causing it to fail.
Defense: If you buy printers, web-cameras, surveillance cameras or other IoT devices, to keep them from being turned into “zombie-bots” and used to launch a DDoS attack, make sure to change the default passwords. Most attacks use devices where the passwords have not been changed and, as such, are easily hacked and conscripted into the zombie horde.
These are attacks made from within your organization by employees, contractors or other individuals with access to your network. Perhaps they are disgruntled and their attack is intentional or maybe they unintentionally infected your network by using an infected USB thumb-drive.
Defense: Again, this is where education is important as well as perhaps adopting a policy concerning the use of thumb-drives with your network. Also, network monitoring coupled with a BDR system could also help to minimize damage and downtime.
These are attacks whereby an automated system attempts to breach a network or gain data access by effectively picking the lock, the password, if you will. The “lock pick” is either brute force method, guessing the password until eventually the program gets it right, the dictionary attack, where the program uses a combination of words from the dictionary to beat the password, or through keylogging, where a program records the user’s keystrokes, IDs and passwords and uses the information to gain entry.
Defense: This where it is key, no pun intended, to use password best practices such as these, including changing your passwords every few months.
This form of attack, mentioned earlier in our discussion about phishing, is a kind of malicious software that, once in your network, locks up your files by encrypting them, making them inaccessible to you until you pay the perpetrators their stated ransom fee. Here's more information on ransomeware. Ostensibly, once you pay the fee, you’ll regain access to your files, but then, you may not, causing you more expense as you attempt to retrieve them. So, how to get around this?
Defense: Again, educate your networks users about phishing attacks and how to recognize and avoid them … and invest in a BDR system.
Zero Day Attack
This kind of attack exploits unknown vulnerabilities in software and can remain hidden for quite some time.
Defense: The best thing you can do here is to make sure your software is up to date and to monitor your network, that way you can fix the issue once it comes to light.
Now that you know what you’re up against, don’t wait until you are attacked to implement cyber security measures to protect your business. That’s like closing the barn door after the horse has left. Educate your network’s users, update all your software, implement a system for monitoring your network for malicious activity and invest in a BDR system. Taking these actions should help keep your business safe from cyber attacks or put you back on your feet quickly in case you are brought down.
If you want to learn more about protecting your business, network security and monitoring, BDR or other network services, contact us by calling us or click the red button below and we'll be sure to get back to you.
About R.K. Black, Inc.
R.K. Black, Inc. is an Oklahoma City-based, family-owned leading provider of office technology solutions to small and medium-sized businesses in Oklahoma and Kansas. We specialize in everything business technology from copier, fax, printer and scanner technology to document management, onsite paper shredding services, VoIP phone systems and managed IT support to video surveillance solutions.
If you want to learn more about us, feel free to explore the website, read our other blogs or click the button below to be contacted by one of our reps and tell you! Also, be sure to keep watching our social media channels on Facebook and Twitter for more business tips from our blog.