Recently, we had our Digital Transformation Summit and Tom McNash with Cyren presented on the threats of modern malware and phishing. Here’s a recap of his presentation.
WannaCry, Not Petya, Ethereum, Equifax, Yahoo, GitHub … these companies serve as examples of massive, incredibly damaging and expensive cyber crimes.
Small companies are at risk, too. Seventy percent of organizations have experienced at least one attack. Savvy, young criminals, 50 percent of whom are under age 24, use computers as the objects of their crimes and as the tools to commit crimes.
Cyber crimes often involve stealing information to exploit business or trade secrets for personal gain or malicious purposes. Such attacks include hacking, phishing, spamming, child pornography, hate crimes, stalking and data theft. In 2018, a conservative estimate of $1.5 trillion was lost to cyber crime.
How Attacks Occur
With internet capabilities and constant inter-connectivity, someone halfway around the world can swipe information, muck up your operating system, bring down your office network or use your computer(s) for their own nefarious purposes. Their code may mimic legitimate enterprises to trick you into giving them your bank account and other personal information. Click on the wrong thing and suddenly your computer suffers from a virus you inadvertently downloaded.
Even the most wary of computer users fall for the ever-growing sophistication of these criminals. According to CSO, "The number of unique ‘cyber incidents' in the second quarter of 2018, as defined by Positive Technologies, was 47 percent higher than the number from just a year previous. And those attacks are becoming increasingly precise: 54 percent are targeted, rather than part of mass campaigns."
What Can Companies Do?
"An ounce of prevention is worth a pound of cure," as Benjamin Franklin is often quoted. What was true in the 1700s hasn't changed. Mitigating loss and thwarting criminals means preventing criminal activity.
Here are some ways you can protect yourself and your business.
•Diversify security vendors. In other words, don't rely on one security vendor to adequately protect you from all types criminals. Every vendor has a specialty; hire them for that.
•Use multi-factor authentication. This security measure only grants user access after presenting two or more pieces of evidence verifying that the user has legitimate authority to use the system.
•Protect user web and email traffic. From scanning incoming and outgoing messages to establishing lists of approved or unapproved websites, monitor and regulate what system users may or may not access, receive and send.
•Protect Internet of Things and personal devices. Employees work off-site, but need access to your company's on-site data. Use well-defined on-boarding processes, assessment and monitoring tools, and policies, guidelines, and awareness to combat cyber crime.
•Identify, penetrate, test, respond. Hire a red team to break into your system (penetration testing), pay them to fix it, and then test the fix. Use a "blue team" to identify oversights in your security and devise proper responses and defenses to attack and train your employees the proper actions to take. Many cyber security vendors offer this service.
You can't eliminate cyber crime entirely, but you can thwart it. At BDX, our mission is to help builders sell more homes and provide educational resources about technology, marketing, and industry trends.