In this high-level overview of cyber security, you will learn about the most common threats to watch out for, how to prevent data breaches on the Dark Web, 7 effective and affordable ways of reducing cyber attacks, and 4 predictions into the future of cyber attacks.
It has been reported that in 2019, UK businesses faced more than one cyber attack per minute – meaning that the average organisation was subject to 576,575 attacks. Attacks are increasingly becoming more intelligent and insidious as time goes on, meaning that it takes a lot of hard work and stress for organisations to stay ahead of the game.
So, what are you supposed to be on the lookout for in order to stop your cyber security being compromised?
According to the National Crime Agency, the most common cyber threats include:
- Hacking – including of social media and email passwords
- Phishing – bogus emails asking for security information and personal details
- Malicious software – including ransomware through which criminals hijack files and hold them to ransom
- Distributed denial of service (DDOS) attacks against websites – often accompanied by extortion
Today, cyber threats are expanding and developing into new ways of infiltrating an organisation’s systems and data. For example, attacks to Internet of Things (IoT) devices, typically used by manufacturing organisations, is on the rise – attacks to IoT devices surged by 300% in 2019, according to security researchers, F-Secure.
However, cyber attacks are a big worry for many industries. For example:
- 60% of UK manufacturers have been the victim of cyber crime, and a third of those have suffered some financial loss or disruption to business as a result.
- Cyber-incident reports from UK finance sector spiked by 1,000% in 2018.
- Over 60% of UK public sector organisations were targeted by cyber attacks in 2018 with eighteen percent of them suffering over one thousand attacks each in the calendar year. (if you’re a council, the National Cyber Security Centre has developed a range of security tools which are free for councils to use. Find them
Let’s explore some common cyber security risks and threats that you may face, and how you can protect your organisation against them.
Cyber attacks on your infrastructure are happening multiple times a day, but you might never know unless hackers find a vulnerability and exploit it – and at this point it is much harder to fix. A proactive, forward-thinking approach is far more effective against cyber attacks.
As the Telegraph reports, organised international gangs of cyber criminals have, for instance, been found to be using Saturn ransomware, a software so powerful it can be used to encrypt and completely seal off an organisation’s entire database, releasing the data only when the Bitcoin ransom demand is met and not always then.
With vulnerability testing, your network is probed in much the same way a hacker would, but in a safe way. Then you receive a personalised remediations report. Then you can decide the best course of action going forward to continually protect your systems against attack.
The Dark Web is a collection of websites that are only accessible using a particular web browser and using anonymity software called Tor (The Onion Router) or I2P (Invisible Internet Project). User’s IP addresses are hidden for anonymity, and sites can only be visited by Tor users. It can be extremely difficult to identify users who are browsing or hosting on the Dark Web.
The Dark Web is rife with data breaches from companies (such as leaks of identities, personal details, usernames, emails, and passwords) that can be purchased by cyber criminals. Once these details have been purchased, they can be leveraged against you in a cyber attack.
Research from last year found that over 21 million (21,040,296) credentials belonging to Fortune 500 companies were being sold or distributed on the Dark Web, of which over 16 million (16,055,871) were compromised during the last 12 months.
According to Hiscox, a business insurance expert, a breach in cyber security costs the average small business £25,700 every year in basic “clean up” costs.
To help you defend against these threats, you can undertake a one-off Dark Web scan of your organisation’s domain. You will discover any breaches and vulnerabilities for specific people or logins and gain advice on how to fix issues. You could also choose Dark Web monitoring, where your service provider will be automatically alerted should a breach occur, so that remediation can begin shortly afterward.
The National Cyber Security Centre has listed seven effective and affordable ways you can reduce your exposure to cyber attacks:
1. Boundary firewalls and internet gateways – establish network perimeter defences, particularly web proxy, web filtering, content checking, and firewall policies to detect and block executable downloads, block access to known malicious domains and prevent users’ computers from communicating directly with the Internet
2. Malware protection – establish and maintain malware defences to detect and respond to known attack code
3. Patch management – patch known vulnerabilities with the latest version of the software, to prevent attacks which exploit software bugs
4. Whitelisting and execution control – prevent unknown software from being able to run or install itself, including AutoRun on USB and CD drives
5. Secure configuration – restrict the functionality of every device, operating system and application to the minimum needed for business to function
6. Password policy – ensure that an appropriate password policy is in place and followed
7. User access control – include limiting normal users’ execution permissions and enforcing the principle of least privilege
We understand, however, that it can be challenging to achieve this with a small or busy internal IT team. If you would like the help of an experienced and certified IT specialist, learn more about our cyber security services.
Keep in mind, however, that even if you secure all of your critical business systems and infrastructure, the biggest threat to your IT security is your staff. Research shows that a staggering 99% of cyber attacks require human interaction to execute, and 52% of businesses believe their staff are their biggest weakness in IT security. Without the right training and guidance, phishing and hacking is surprisingly commonplace.
User awareness training for your staff is vital. Raising staff awareness of threats and helping them identify suspicious activity is an incredibly effective and cost-effective way of improving security. You can even run phishing campaign simulations, for a safe way for you to find out how a cyber attack would impact your business and what you can do to ensure your staff are alert and understand how to deal with potential incidents.
Cyber security is an ever-shifting landscape. As soon as you feel you’ve gotten a handle on it, attacks change course and get more intelligent, and then you’re back to square one.
It can be helpful to understand what could be coming your way. Four major predictions for the coming changes in UK cyber security include:
1. Spear phishing (well-researched and cleverly personalised emails) is on the rise.
2. SMEs are at the biggest risk of attack due to the cyber security skills shortage and the difficulty in hiring full time, in-house security specialists
3. GDPR is going to return as a focus for organisations, the ICO and customers, and we will discover how “repeat offenders” are being dealt with
4. Customers will more quickly and irreparably lose trust in those organisations that have been breached, and will readily move their loyalty elsewhere
To stay ahead of these issues, it is imperative to ensure you have the technology, people and processes in place to prevent vulnerabilities and protect against breaches.
We understand that breaches can be a huge stress and preventing them can be a massive burden on your time. Cyber attacks can cause a lot of embarrassment and reputational damage. If you want to reduce the headache of continually trying to maintain a high level of security within your organisation, and to ensure you are protected now and long-term, get in touch with us today to request a free cyber security consultation.
Partnering with Cybit for your cyber security needs means that you outsource not just the effort and continual monitoring, but also the headache of worrying when the next breach will happen. We take on the responsibility of securing your IT and maintaining it long-term. Our role is as your trusted IT advisor, to guide you with a roadmap of how to develop and improve. We focus on your IT so you can focus on your business and spend time on the projects that add value. Our friendly experts are here to translate your business needs and goals into technical solutions and to use our specialist IT services to ensure your people, technologies and processes are in place for an optimised and efficient organisation.