Technology may advance from year to year, but one thing that never changes is the number of people trying to take advantage of it for their own gain. This year's crop of cyber threats features some old friends, new acquaintances, and new twists on old exploits.
How bad is 2020 looking for cyber crime so far? Read on to find out.
There are three major types of cyber crime, but the percentages are far from even. According to a report released by Verizon, a little over half of all security exploits involved hacking. The remainder are split between phishing attempts (33 percent) and malware (28 percent).
These breaches cost business owners an average of $3.92 million last year, yet more than 50 percent of North Americans don't know what to do when their information is compromised.
Cybersecurity spending is expected to reach $133.7 billion within the next two years. Your internet service provider can't do much to prevent cyber crime, so it's up to us to inform you of the cybersecurity threats we're facing and offer solutions.
Attackers are also able to remotely control computers. In a few cases, the attacker doesn't actually have the code to unlock the database and give you back your information.
We haven't yet experienced the full financial and reputation damage caused by ransomware attacks because many go unreported. Companies are even advised by security experts to just pay up. Less than 10 percent of these digital kidnappers are ever caught.
Research by digital privacy group Privacy Canada shows that using a VPN can mitigate risks of phishing sites by up to ½ while ensuring that user anonymity and privacy is protected.
In order to prevent these exploits, you should ensure that your databases are hardened at every possible point of entry, that malware is installed and updated regularly, and that all of your databases are protected. Better yet, keep any sensitive data in a separate digital storage, preferably offline, and perform regular backups.
This means any website that collects personal or account information is a target. Be careful who you do business with online, and have a security expert perform regular pen testing to look for vulnerabilities and possible breaches. Follow cybersecurity recommendations to the letter.
When you;re being phished, an attacker will send out bulk faked emails that contain malicious code, hoping that at least a few of the recipients will take the bait. Spear phishing is when the attack is launched against an individual or company. Usually, it is conducted by someone with general knowledge of the company and activities within the company. This information is used to trick staff into divulging passwords or providing other information that lets the attacker into their databases.
Use a reputable email provider with a solid spam detection system, don't follow links or view video that's unsolicited, and double-check anything that seems suspicious. For example, if you get an email that purports to be from a co-worker or company exec claiming they forgot their password or lost the company credit card, a quick phone call is all it will take to verify this information. Most free antivirus software will also mitigate this kind of risk and block any nefarious third party phishing sites. Antivirus programs like AVG can also detect invalid SSL certs looking to route visitors to cloaked sites.
Source: Fortinet.
Apps are easily available that put the ability to create fake video of world leaders or enact revenge upon individuals and further erode trust, and it could put us in physical danger. Cyber stalkers are also using a form of smartphone surveillance to spy on people and gain enough information about their activities, lives, and habits to make a convincing altered video that could be released on social media within seconds. It's also a good way to gain the information necessary to launch a convincing phishing exploit.
Always be aware of who's around when you're using your smartphone, limit access to your devices, and never follow a link or download a file unless you're 100 percent sure of its origins and content.
We're more at-risk now than ever.
So, what is a website owner to do about the problem?
First of all, set policies for company use of BYOD devices, inside and out of the office, and harden your networks. These policies should extend to use of public or unsecured networks and unapproved apps. Use common sense about opening emails that are from unknown sources or contain attachments.
Next, you'll want to segment your main network, guest networks (which you should have set up already), and IoT devices to keep them on separate networks. This allows you to contain any breaches and protect the rest of your data.
You'll also want to have a backup and restore plan in place to minimize the effects of downtime and database penetration.
Last, but certainly not least, you'll want to make sure to update your hardware, device firmware, and antivirus apps. Check your firewalls to make sure that they're properly configured and all rules and exceptions updated.
Featured photo: FreePik
How bad is 2020 looking for cyber crime so far? Read on to find out.
Cybersecurity Stats
One of the most valuable assets we hold these days is information. Despite our knowledge of cyber crime, an appalling number of individuals and businesses aren't doing enough to protect themselves and their data. Last year alone, more than half of all companies surveyed reported finding sensitive files that were exposed to the entire staff.There are three major types of cyber crime, but the percentages are far from even. According to a report released by Verizon, a little over half of all security exploits involved hacking. The remainder are split between phishing attempts (33 percent) and malware (28 percent).
These breaches cost business owners an average of $3.92 million last year, yet more than 50 percent of North Americans don't know what to do when their information is compromised.
Cybersecurity spending is expected to reach $133.7 billion within the next two years. Your internet service provider can't do much to prevent cyber crime, so it's up to us to inform you of the cybersecurity threats we're facing and offer solutions.
Ransomware is Still Big, and Getting More Sophisticated
It seems like cyber criminals are one step ahead of security experts. As we learn more about the ways and means of their attacks, they pivot and change how they do things. This particular exploit is mainly launched against companies who collect and store high-value data like banking and health information, holding it for ransom.Attackers are also able to remotely control computers. In a few cases, the attacker doesn't actually have the code to unlock the database and give you back your information.
We haven't yet experienced the full financial and reputation damage caused by ransomware attacks because many go unreported. Companies are even advised by security experts to just pay up. Less than 10 percent of these digital kidnappers are ever caught.
Research by digital privacy group Privacy Canada shows that using a VPN can mitigate risks of phishing sites by up to ½ while ensuring that user anonymity and privacy is protected.
In order to prevent these exploits, you should ensure that your databases are hardened at every possible point of entry, that malware is installed and updated regularly, and that all of your databases are protected. Better yet, keep any sensitive data in a separate digital storage, preferably offline, and perform regular backups.
Supply Chain Attacks are Also on the Rise
These are mostly launched against banking and other financial institutions, and they originate from malicious code inserted into the coding used to power your website. Although cryptocurrency uses blockchain technology, hackers are finding ways to penetrate it's defenses.This means any website that collects personal or account information is a target. Be careful who you do business with online, and have a security expert perform regular pen testing to look for vulnerabilities and possible breaches. Follow cybersecurity recommendations to the letter.
Phishing, Spear Phishing, and Other Social Engineering Exploits
These exploits are similar, but not identical. However, the ways to prevent them work uniformly across the board. Social engineering is a generally targeted attack that relies on sheer numbers to make it work.When you;re being phished, an attacker will send out bulk faked emails that contain malicious code, hoping that at least a few of the recipients will take the bait. Spear phishing is when the attack is launched against an individual or company. Usually, it is conducted by someone with general knowledge of the company and activities within the company. This information is used to trick staff into divulging passwords or providing other information that lets the attacker into their databases.
Use a reputable email provider with a solid spam detection system, don't follow links or view video that's unsolicited, and double-check anything that seems suspicious. For example, if you get an email that purports to be from a co-worker or company exec claiming they forgot their password or lost the company credit card, a quick phone call is all it will take to verify this information. Most free antivirus software will also mitigate this kind of risk and block any nefarious third party phishing sites. Antivirus programs like AVG can also detect invalid SSL certs looking to route visitors to cloaked sites.
Source: Fortinet.
The Rise of Deep Fakes
This may sound ominous, like something from a sci-fi novel, but the threats and implications for deep fakes are very real. In an era of fake news, the possibilities of making trouble with falsified images and video will lead to more chaos and confusion in the future.Apps are easily available that put the ability to create fake video of world leaders or enact revenge upon individuals and further erode trust, and it could put us in physical danger. Cyber stalkers are also using a form of smartphone surveillance to spy on people and gain enough information about their activities, lives, and habits to make a convincing altered video that could be released on social media within seconds. It's also a good way to gain the information necessary to launch a convincing phishing exploit.
Always be aware of who's around when you're using your smartphone, limit access to your devices, and never follow a link or download a file unless you're 100 percent sure of its origins and content.
How to Protect Yourself From Cyber Criminals
It's estimated that more than 80 percent of companies are currently using cloud computing platforms for at least part of the business function and storage. Between this, more distributed networks, IoT, and increased reliance on smartphones and mobile devices in our everyday lives, the threats aren't going to diminish any time soon.We're more at-risk now than ever.
So, what is a website owner to do about the problem?
First of all, set policies for company use of BYOD devices, inside and out of the office, and harden your networks. These policies should extend to use of public or unsecured networks and unapproved apps. Use common sense about opening emails that are from unknown sources or contain attachments.
Next, you'll want to segment your main network, guest networks (which you should have set up already), and IoT devices to keep them on separate networks. This allows you to contain any breaches and protect the rest of your data.
You'll also want to have a backup and restore plan in place to minimize the effects of downtime and database penetration.
Last, but certainly not least, you'll want to make sure to update your hardware, device firmware, and antivirus apps. Check your firewalls to make sure that they're properly configured and all rules and exceptions updated.
Final Thoughts
Awareness of cyber threats is only the first line of defense. You can further protect your online surfing time by using common sense and the latest antivirus/anti-spyware apps and keeping all of your devices, networks, and software updated.Featured photo: FreePik