A cyber attack is a deliberate attempt by either individuals or organisations to breach the security of another individual or organisations IT system. The reason for an attack could be to gain access to data, disrupt operations or any other advantage the attacker may benefit from. The top 3 cyber security threats SME’s face in 2020 are ransomware, phishing and malware. Here we look at what they are and how you can prevent them.
A ransomware attack is executed through utilising malicious software to encrypt and lock a user’s device, whether it be one computer or a whole server which controls an organisations IT system, and demand a form of ransom in order to restore access to the device or server. Ransomware can commonly infect computers through phishing emails, which mislead users into thinking the email is from a trusted source and to open some sort of file or attachment. In doing so, the attacker can then gain access and take control of the users device and proceed to demand payment, which is usually in the form of untraceable Bitcoin payments.
“Could I be the target of a ransomware attack?”
The targets of such attacks can vary drastically, attackers may be opportunistic so businesses are targeted at random, but organisational bodies such as government agencies may be targeted due to the seriousness and sensitivity of the data they hold, as they could be seen to be more susceptible to pay in order to regain access.
“How can I help to prevent ransomware attacks?”
- Deploy and maintain anti-virus software throughout your organisation to detect threats as they appear.
- Ensure your business has a Backup/Disaster Recovery procedure in place to ensure quick recovery of your business critical data.
- Install software/programmes with caution and do not provide all employees with administrative rights to download software.
Phishing is used to define a cyber attack which utilises emails to gain access to a user’s device or system with malicious intent. This is usually done by getting the user to either click a link or download an attachment, which then provides the attackers with access. Commonly, the goal is to download malware onto a device or to get the user to hand over sensitive information.
You have probably seen many of these spam emails yourself and tend to stay well away from them, although there are many businesses who fall victim to these types of attack every day. You may be thinking who could possibly fall for that? Attackers can disguise the email as being from a credible source, a popular business, a person your company does business with or another trusted entity.
Spear phishing is a term used to describe the targeting of specific individuals with tailored content to try to gain access. For example, the attacker may target one of your accounting staff and pretend to be a Managing Director requesting funds for a particular project.
“Could I be the target of a phishing attack?”
Unlike ransomware, where larger corporate and governmental bodies may be more susceptible to being targeted, anyone and any business can be a target of phishing emails.
“How can I help to prevent phishing attacks?”
- Always check the spelling of the URL on suspicious emails, including the URL redirect
- If you receive a suspicious email from someone you know, contact them with a new email message before replying to check the validity.
The term malware is used to describe a grouping of different types of malicious software. These include viruses, Trojans, worms and other harmful programs used to cause harm to an IT system.
- A virus – a piece of programming code that embeds itself into the coding of another program which then forces that program to take ‘malicious’ action and continue to spread to other programs throughout a device or network etc.
- A worm – a piece of malicious software makes copies of itself and can spread from computer to computer throughout a network.
- A trojan – a computer program that disguises itself as a program that the user actually wants, for example a commonly used program. In doing this, the program is then activated by the user, allowing the Trojan to cause damage and spread.
“Could I be the target of a malware attack?”
It is absolutely possible that your IT systems have or will be compromised at some point, despite you being very careful and aware of your actions. Ensure your businesses protection with a managed IT security provider.
“How can I help to prevent malware attacks?”
- Consider managed IT Security options from third party suppliers.
- Ensure your IT systems and software are up to date and patched
- Utilise network monitoring.