Cyberattacks are a serious threat to businesses and consumers, with large-scale attacks having nationwide effects, thus making national security a serious concern.
Kaspersky Lab’s investigation reports that more than 100 banks across the world suffered up to $1 billion losses from a cyber attack back in 2013, including financial institutions from Russia, the United States, China, Germany and Ukraine. Carbanak, the malware used in these attacks, infiltrated and extracted data and exploited weaknesses in Microsoft Office files sent through emails.
The 2017 Ponemon Cost of Data Breach study revealed that the global average cost of a data breach is $3.62 million, making breaches some of the most expensive threats organizations can face.
Cybersecurity Ventures predicts that by 2021, cybercrime damages will cost up to $6 trillion annually.
Forms and Impacts
Different forms of malware have existed throughout the years, and the most recent variants are much stronger and more aggressive than before. Here are some recent examples:
Ransomware is a type of malware that locks the victim’s system, extracts data and encrypts it. The hacker will then threaten to publish the data or keep it in a perpetual lockdown unless the victim pays a ransom.
Recent examples are WannaCry and Petya. WannaCry shocked the world when it infected more than 200,000 computers in more than 150 countries. Within the initial hours of the attack, 48 National Health Service organizations in the UK had to turn patients away or delay medical procedures. In the U.S., FedEx delivery services were delayed. Spain’s major telecoms and gas companies also suffered, as well as France’s Renault. Even the Russian Interior Ministry and Megafon, a telecom company, were impacted. The hackers reportedly ransomed more than $1 billion, not including damages.
Petya was first discovered in 2016 and resurfaced in 2017, using designs from WannaCry to effectively target systems. While giant businesses such as Merck, Maersk and Rosnoft were affected the attack specifically targeted Ukraine. An infrastructure breach in the country resulted in disruption of power, airports, public transit and even its central bank; the breach caused unprecedented effects in both economy, civic welfare and national security.
Banking trojans are highly specific forms of trojans written for the purpose of stealing confidential banking information; they wait in a victim’s system and steal login credentials.
Zeus is one of the most pervasive and damaging banking trojans to date. A 2010 white paper by Unisys reported that Zeus is responsible for 44 percent of banking attacks and infected 3.6 million computers in the United States alone. A total of 960 banks and almost 90% of Fortune 500 companies fell victim. The financial damages were estimated to be about $100 million. However, its real impact is still undetermined due to its scope.
Since the “retirement” of its creator in 2011 and the successive leak of its source code, Zeus has spawned many imitators and variants.
Point Of Sale (POS) Trojan
A POS trojan targets both businesses and consumers; it steals customer data from electronic payment systems such as debit and credit cards. POS machines in stores are also vulnerable.
Kaptoxa is a famous trojan that exposed the payment data of more than 70 million Target customers. The trojan escaped most security detection at the time and managed to remain in POS machines for days.
Tips to Protect Your Business
As a business owner, you should be the first one to know the types of cybersecurity threats your company might face. A false sense of security is often the source of weak systems. Knowing what is out there and how to protect your business is a necessity.
Secure Your Network
Firewalls are your first line of defense against cyberattacks. Your business connects to the internet via different applications such as email, VoIP and media streaming. Your firewall should monitor threats coming from different connections. Also, consider setting up a private network to have more control over your security.
Invest in Security
A simple installation of antivirus is not enough. Your business’ assets should be protected by multiple layers of security. Antivirus, anti-malware, and anti-ransomware suites are some of the tools your business should have. These applications can also evaluate the weakness of your security system.
Keep Everything Up to Date
Once the security system is in place, make sure that you have regularly scheduled updates. Malware rapidly evolves and your security applications need patches and updates to detect any attacks from new forms of threats. Similarly, run a regular update of your system drivers, operating systems and applications.
Encrypt Your Data
In case hackers breach your security, your next level of protection is encryption. Encryption encodes your data, making it useless to third-party attacks. Most software companies offer encryption applications suitable for your needs.
Protect Your Hardware
While the internet poses immense threats, your hardware is not safe either. Stolen hard drives, laptops and even thumb drives with company information may just be the vulnerability the bad guys are waiting for. Strong security in your business premises is a necessity, protecting not only physical assets but your data as well.
Develop a Security Policy
More often than not, it’s people who are the greatest security threats. An employee who accidentally clicks the wrong link may cost you your business. Integrate security policies in your company operations. Educate your employees about the threats and how to prevent them. Workshops are available to help you strengthen the knowledge of your colleagues and employees against cybersecurity attacks.
Enforce Strong Passwords
Password security should be a strictly enforced. Anything accessed in the company, from emails to bank accounts, should be protected by a strong password. Typically, a strong password should be a sentence that is at least 12 characters long. Focus on sentences that are easy to remember and/or pleasant to think about – on many sites, you can even use spaces!
Have an Emergency Response Plan
Even with all your protection, the worst can still happen. Set up company guidelines on how to detect possible attacks, what to do during attacks and how to proceed afterward. The sooner you stop the attack and contact the authorities, the less damage an attack will cause.
Back Up Your Files
Backups, which should have their own security system, can save you the pain of starting from scratch. In case an attack happens, your next priority is to get your business back to normal operations as soon as possible. Regularly updated backups can help you get things running again with minor losses.
Small and medium-sized businesses are common targets of attacks, as they can be used as gateways to gain access to bigger companies. With today’s heavily connected world, an attack on another business can put yours at risk. Stay updated on the current cybersecurity threats and how to prevent them. Make sure your company is always ready for a cybersecurity attack.
About the Author
Shawn Abraham is a cybersecurity enthusiast working as content manager at MalwareFox. He spends most of his time obsessing over computer software and hardware and loves talking about himself in third person.