Cyberattacks, though frequently thought of as ‘sophisticated’, are often anything but. They are actually surprisingly straightforward and mostly financially motivated. We often see the media reporting on large-scale cyberattacks that have managed to breach complex security protocols, at a substantial financial cost to the business involved.
Cybercriminals often don’t rely on sophisticated techniques, and to be frank, in many cases they don’t need to; they will select a method that costs the least money and prey on the trusting nature of less-than savvy internet users.
For many big companies, the idea of ‘incident response’ is in the spotlight, since it’s not a matter of if a company’s security is breached, but rather when.
Advanced techniques and methods are often what most of us assume when cyberattacks take place, but what’s really going on?
The stark reality is that cyberattacks undertaken by cybercriminals are chosen because they’re so simple. A hacker will instead focus most of their time on preparing and researching their intended target. This information will then be used to plan an attack that is most likely to succeed and remain undetected for as long as possible.
The majority of security breaches are typically the result of inadequate security protocols. When cybercriminals perform their research, they’ll be searching for a way to get themselves into an organisation’s system and networks.
When they spot a weakness, they have absolutely no trouble taking advantage of it.
Emails continue to be a popular technique for delivering malicious malware, along with trojans, firmware attacks and worms.
Email phishing scams prey on trusting recipients, who only need to click on a hyperlink to release malicious infections that can steal data, passwords and personal information. Since password reuse is a common problem, once hackers have access to one of your passwords, the chances are they’ll be able to access almost all of your accounts and programs.
According to Varonis, phishing attacks were experienced by 62% of companies, and the average time it took to identify a breach was 206 days. Which just goes to show, that once a hacker has their foot in the door, it’s hard to close it again.
Those in the know need to educate businesses on where they can improve their security protocols, whether that means hiring a professional or outsourcing to an external IT company.
Cybersecurity training is useful, but organisations must ensure that their company culture and cyber awareness are closely linked to ensure best practices are adhered to at all times.
In order for us to truly understand what dangers lurk online, we must ease the burden of complexity, which can sometimes be hard for someone who doesn’t operate in the industry to follow.
A holistic approach is needed for this, in which we should instead be focusing on showing employees how business functions could be compromised in the event of a hack – rather than relying on complicated jargon.
Here are my tips for doing just that:
Introduce cybersecurity as another part of your company’s culture, where appropriate protection on the internet starts at home. By providing your employees with the skills and knowledge they need to keep themselves safe at home, this will bleed into the working culture.
Starting a cybersecurity representative programme is a great way to spread cyber best practice throughout the various departments of the business. This could involve nominating someone to represent the cyber activities of each department, who could solve queries and remind everyone of their responsibilities.
Talking to employees can be a great way to help them understand how their job impacts the overall structure of the business and how lapses in best practice can cause havoc for the organisation.
Introducing robust access security means that you can protect essential accounts and highly sensitive data from external or internal abuse. This means rotating passwords, auditing data, monitoring who accesses the accounts and implementing the principle of least privilege.
Consider multilayer authentication as passwords should never be the only thing protecting sensitive drives and data. Additional security measures make it more difficult for cybercriminals to pilfer business and personal data.
Improving password selection practices means that one of the most
significant security flaws for an organisation is suddenly taken off the table.
By giving employees access to password generators and a place to store them, you can alleviate potential risk by assigning a highly complex password to each account.
Simplicity and ease-of-use is the way forward when it comes to striking a balance between being productive and protecting the organisation from threats.
We’re often guilty of assuming that all cyber breaches are a highly complex process of high-tech techniques and expert computer hackers.
Actually, the reality couldn’t be further from the truth, which is that more
often than not, a hacker only needs to discover a glaring security flaw to take advantage.
By ingraining cybersecurity best practices into your company culture, you can put yourself and your company in a better position to not only to understand the threats out there but how best to try to prevent them.