With cyber-attacks now a common occurrence in daily business life, it is vital that your company is protected from any external threats.
“UK businesses face one cyber-attack every 50 seconds” – declared a cyber-security magazine in July 2019. In the same month, another site shared that “97 out of 100 largest banks in the world are vulnerable to web and mobile attacks enabling hackers to steal sensitive data.”
Let’s be clear, the moment you start trading, your company is subject to various threats and risks relating to the business interests. They can be anything from strategic risk to financial attack. Often these threats can be, and have been, effectively handled or mitigated through a combination of procedure and policy. However, cyber-attacks are one modern threat to the health of all businesses that are pervasive, unrelenting and extremely direct.
In recent years, the advancement of hardware and software ensures that the cyber threat to companies has never been higher. Now with advanced phishing kits available on the dark web and hackers using Artificial Intelligence to avoid detection, we cannot stress how important it is for every business which relies on technology to have watertight cyber-security measures in place.
In this article, the corporate security and the digital forensic teams at Blackhawk Intelligence put together a comprehensive piece of content pertaining to cyber-attacks, explaining what they are, what to look out for, and how to best protect your company from cyber-attacks.
Why do cyber-attacks happen?
While it is easy to get suckered into thinking that hacking is just something that happens as a result of political disenfranchisement towards governments and their agencies, the stats show that nearly four out of five cyber-attacks are motivated by financial gain. While the majority of these attacks are being performed by criminal organisations, they can also come from within.
In 2019, it is estimated that the global cost of cyber-crime is going to exceed US$2 trillion, a staggering sum of money. And it is not going to stop either – with costs predicted to reach US$6 trillion by 2021.
Data breaches are also a major concern for all businesses and organisations. While there can be a number of reasons that contribute to breaches – such as human error and glitches in systems – it is thought that nearly half of all breaches are as a result of cyber-attacks.
But perhaps the most alarming stat of all is that a study of 4,000 organisations across the UK, Germany, Spain, the Netherlands and the US found that 73% of businesses are not prepared to deal with, and respond to, a cyber-attack.
What is a cyber-attack?
A cyber-attack is when either one or multiple computers attack another individual or multiple computers or network(s). The goal is generally to either access data on the target computer(s) or network(s) – sometimes to obtain admin privileges and access – or to knock the target computer(s) or network(s) offline.
Individuals, criminal organisations and country-affiliated groups that engage in cyber-attacks are consistently developing new strategies and approaches to enable these attacks. Generally speaking, we can group these attacks into several categories:
- Malware: Malicious software (or malware) – such as viruses, worms, ransomware or trojans – that has the purpose of damaging a computer, server or network. The purpose is to stop the target from working, or to grant the hackers access to the target in order to remotely control the system.
- Denial of Service: An attempt to stop an online service from working. This can either be achieved by sending a huge amount of traffic to overwhelm a website, making it inaccessible to genuine customers or visitors, or to overwhelm a database so that it cannot function. A form of this, known as a distributed denial of service (DDoS), is when a number of compromised, hijacked computers (often via malware) are used to push traffic towards the intended targets.
- Phishing: When the attacker sends fake emails to targets in order to trick them into clicking a link or downloading malware that will either install malware or trick the target into giving out personal information. Often sent to a vast array of targets, it can also be directed at a targeted individual.
- Man in the Middle: This is when attackers lodge themselves between a user and a service – such as an attacker setting up a fake Wi-Fi hotspot to trick a user into logging into this network. Once they have, the attacker can steal sensitive personal information.
- SQL Injection: The attacker exploits a software vulnerability to gain control of the target database by exploiting poor programming.
- Cryptojacking: Attacker either installs malware or hijacks browser of target computer to generate cryptocurrency for them through a process called cryptomining.
- Zero-day Exploits: The exploitation of software vulnerabilities that have yet to have been fixed – often occurring after software has been updated (hence the name).
While there are many smaller cyber-attacks happening globally on a daily basis, high profile cyber-attacks in recent years have included:
- WannaCry: A ransomware attack that utilised the UK’s National Health Service (NHS) computers to demand payments from users to continue using their own computers.
- Yahoo email attack: Although having happened back in 2013, it came back into the news in 2017 when it was revealed that three billion Yahoo email addresses had been affected – with passwords, among other sensitive details, stolen.
- GitHub: A denial of service attack in 2018 that knocked GitHub – ‘the world’s leading software development platform’ – offline for 20 minutes. GitHub is used by 36 million developers worldwide, making this a significant attack.
Why every business needs to be wary of cyber-threats
It is easy to be fooled into believing that cyber-attacks are only felt by larger companies with the resources to thwart any threat – but that is not at all how it goes. It is thought that somewhere between 40% to 60% of cyber-attacks are directed at small to medium-sized businesses, and many of the incidents are not covered in the media.
Why is the case? Because cyber criminals know that small businesses often have less cyber-security measures in place than larger corporations, making them the ‘soft targets’. To smaller businesses, these cyber-attacks can be absolutely devastating – funds can be stolen and a data breach can result in reputational damage with the business losing confidence from clients and partners.
There are also implications as a result of the introduction of the General Data Protection Regulation (GDPR) in 2018. With law-makers now looking at businesses and how they manage their data, the consequences for poor data management and cyber-security may result in government fines.
How to defend against cyber attacks
In order for businesses to counteract cyber-attacks, they need to develop a cyber security policy and enforce that policy. This enforcement is not just through tools or software, but it is through training staff too. Many phishing and social engineering attacks rely on human error within your organisation and training can help to mitigate these risks. Successful training programs should also be part of a holistic shift in your business towards cyber security policy, protocol, practice and procedure.
The upshot of it is you need to ensure that your business is not only safe from cyber-attacks, but it is meeting its legal obligations towards secure data management. To achieve this, seek out expert advice from corporate intelligence specialists, such as our teams at Blackhawk Intelligence.
How Blackhawk Intelligence can help your company pertaining to cyber attack
At Blackhawk Intelligence, our corporate security and digital forensic teams work with organisations (large and small) to tackle cyber threats. The majority of our work focuses on preventative measures. As attacks often occur as a result of a weak link in a company’s cyber security measures, we work with companies to remove these weak links and replace them with strong, robust defensive measures. But once an attack has taken place, our digital forensic team will be ready to assist in preserving any evidence which you can use in litigation.
We would like to emphasise that there isn’t a ‘one size fits all’ approach to security. Every situation is unique, and therefore how your company implements its security measures should be unique too. To learn all about our cyber security services and how Blackhawk can protect your business from the threat of cyber-attacks going forward, call us on +44 (0)20 8108 9317 or use our online form to get in touch.
This post is intended to provide information of general interest about current business issues. It should not replace professional advice tailored to your specific circumstances.
If you liked this article, you might also like: