We help businesses large and small with cybersecurity. You don’t have to be dealing with sensitive data or money to be at risk from attack by criminals hoping to exploit loopholes in your security, or momentary lapses of judgement by staff. Emails and phone messages, or even in-person phone calls, can trigger a security breach. The more sophisticated the security becomes, the more ingenious the attackers are too.
Caught in the net
There’s a multitude of ways you can get caught out by cyber attackers. Some familiar ones are ransomware and phishing. Ransomware is a type of malware which prevents you from accessing your device and the data stored on it – be it laptop, desktop or other device – usually by encrypting your files and data. The attacker will then demand a ransom, or payment, in exchange for decryption. The computer may become locked, or the data on it might be encrypted, stolen or deleted entirely. We all rely on our computers so much, so this type of attack can be upsetting, as well as compromising and costly.
A phishing scam is a type of attack often used to steal user’s data, such as login credentials, passwords and credit card details. It happens when the attacker pretends to be something they’re not – such as your bank, or a shipping company that is bringing you goods. You click on what you think is a safe link, open an email or text message, and they use this as a gateway to access your machine. A variation on this is spear phishing, which as the name suggests, targets a specific person or organisation for a specific reason – to access their sensitive data, or breach their banking security, for instance.
Evolving tactics
A variation on these are Business Email Compromise (BEC) attacks. They are a form of phishing attack where the scammer attempts to trick a senior executive or financier at a company into transferring funds or revealing sensitive information. They are contained in authentic-looking emails that might request unusual payments or contain links to websites. They may also have viruses that can attack your computer if opened, concealed in attachments or links.
A supply chain attack is a cyberattack that will endanger a business by targeting less secure elements in the supply chain. This type of attack can affect any sector, but financial institutions or other large organisation are often targeted. This tactic reinforces the thinking that you’re only as strong as your weakest link. Cybercriminals can tamper with the manufacturing or distribution of a product, by installing malware or hardware-based spying components within it. Deepfakes and AI are another tactic used by criminals to access data. Some deepfakes – artificially manipulated footage or AI-generated people – can be very convincing and hard to distinguish from the real thing. They can be used for extortion, by targeting senior managers who are tricked into transferring money by fictional personnel.
Traps to avoid
Phishing is a real threat – it’s a simple tactic and human error, vulnerabilities and judgements are exploited. Businesses are using digital channels more and more, creating more opportunities for criminals. Advanced phishing techniques are now evolving into clone phishing, vishing and smishing, phishing kits and automation. There are a number of things to look out for. These include unexpected or suspicious-sounding email addresses, or odd variations of emails or company names that may be familiar to you. Don’t click on suspicious, unexpected links or attachments that could allow access to your machine. Look out for scare tactics, such as urgency or fear techniques in the wording of the messages or text. Keep an eye out for unusual or out-of-context requests, generic greetings or poor grammar – though of course, these don’t always indicate a scam!
The best ways to protect against attacks are simple to implement. You can educate employees by speaking to experts like us, who can guide you and show how to improve your cybersecurity. Implementing MFA – multifactor authentication – further strengthens security and ensures you rely less on passwords and human error. You can ensure email filtering blocks as many threats as possible, before they hit a user’s inbox. You can also make sure systems are regularly updated with the latest security patches. It’s useful to conduct phishing simulations, to test the response of your team. Monitoring third-party partners will help to limit supply chain attacks causing damage. And if the worst happens, prepare an incident response plan that can be implemented quickly. Don’t ignore it. The sooner you address a cyberattack, the sooner we can help you rectify it.