Businesses used to be able to easily understand the threats they faced: financial liquidity, changing customer behaviour, and staff morale. However, while these threats will always exist – and still pose a significant threat to businesses to this day – cyber threats are now a factor for virtually every business. The two attacks described in this article, DoS and Phishing, are not new: however, they are still important to understand and mitigate against for all businesses.
Denial of Service attack (DoS)
A denial of service attack, or a distributed denial of service attack, is the name given to an attack which overwhelms a computer system. The most common form of DoS attack is through a coordinated effort to disrupt the service of a website, by instructing automated bots – sometimes referred to as bot nets – to target web hosting servers with repeated requests. This leads to the hosting servers becoming overwhelmed and failing for all users who are legitimately trying to access the website.
The threat of these attacks can best be mitigated through a dedicated IT support team which can respond in real time to DoS attacks. IT professionals can blacklist the threat coordinators and bots from accessing the servers, limiting any impact on the website.
Phishing attacks are among the most common cyber attacks businesses face in the modern age. They work for one very simple reason: they rely on human beings as the last line of defence.
In a phishing attack, a cybercriminal will attempt to fraudulently gain access to a computer system using social engineering or electronic manipulation. One particularly common method involves a criminal spoofing an email address, making it appear legitimate to the recipient. The email would usually include a link to a website which prompts the receiver to enter sensitive data, such as their username and password. Once the criminal has the sensitive data, the damage they can cause to a business system is immeasurable.
The best preventative against these attacks is education around cyber threats and how email spoofing works. This can be delivered most effectively through a dedicated IT support team, who will have the knowledge to share with colleagues best practices and what steps to take if they suspect a phishing attack is taking place.
Cybercrime is a big part of business. However, business leaders of companies of all sizes make many assumptions about cybercrime. Here are some of the biggest misconceptions about cybercrime. If you know the true extent of the threat, you’ll be better at defending your business.
1. Knowing a threat exists doesn’t protect you
Employees know that emails from unknown sources aren’t trustworthy. In addition, they know that they shouldn’t investigate the links in the emails to see where they lead, but that doesn’t stop 78% of employees from clicking on them.
Just because you know a threat exists, it doesn’t mean your business is protected. You need to actively pursue ways to enforce your cyber security that will protect your computer networks and servers. For instance, your business should install firewalls, anti-virus software and continuously educate staff to follow proper network security.
2. Protecting yourself is all you need to do
While protecting your computer networks is a good start, that doesn’t mean your computer networks are defended. Third parties that you work with, who might handle your data, can be a weak link, and this is where cyber criminals sometimes gain access. This was the case with Universal Music Group when a contractor left an Apache Airflow server open to attack.
Ensure when you speak to third parties, that they have the right protection in place. This should include email encryption, firewalls and other measures to protect sensitive information you both have access to.
3. Cybercriminals are really clever people
The truth is that the tools to commit cybercrime and infect your computer networks are readily available online. Those wanting to attack your business can buy the tools for very little, if anything. Plus, many of the most successful cybersecurity threats to your business are really simple, they just require a file attaching or link inserting into an email.
You should also remember that cybercriminals can be anyone. While there’s a lot of news about cybercriminals in Africa and Asia, anyone, even those in your own business, could be a cybercriminal. A study by IBM found 60% of cyber attacks are inside jobs. So, you’ve got to be vigilant.
Restrict access to data, servers and IT networks to anyone who doesn’t need access. Limiting access can be one of your strongest defences.
4. You’ll never be a target
All companies, of all sizes, have been attacked in recent years. Sony had a Denial of Service attack that prevented players to access online game areas, Facebook had a breach where information for 50 million users was stolen and NASA had employee information taken by cybercriminals.
Your business has a lot of value in it and criminals can, and will, target you at any time.
Always assume that you’re a target and adjust your cyber security initiatives with this philosophy in mind. You’ll be better prepared for what may come, than if you believe there’s no danger.
Whatever your business, cyber security is a major part of your operations. If you’re not sure about how you should protect your business’ computer network, you should outsource your IT needs. Professionals in IT support companies are experts in offering computer security services and can ensure you’re less at risk from cybercriminals.