The best steps you can take to start to protect your organisation against the malicious attention of cyber criminals is to introduce cyber security training and to foster a “safety first” culture among colleagues and employees.
But it’s fair to say that the criminals are increasingly determined and ruthless, and are constantly looking to new ways to breach your data and access your network. In another post, we reported how Martin Blower, head of technical strategy at boutique UK software development firm Black Pepper, has pointed to six areas that he predicts will become prime battlegrounds in the “war” between cyber security professionals and “cyber terrorists”. We looked at the first three in that post, and here we’ll take a look at the next.
- Hello ransomware, my old friend…
There’s nothing new about ransomware, sadly. But what is new is its astonishing growth – Blower cites research by cyber security firm Carbon Black that found that the growth of ransomware attacks hit 2,500% in 2017. Worryingly, ransomware is now attacking operating systems previously thought to be largely immune, namely Mac, Linux and smartphone operating systems IoS and Android.
Cloud-based companies that lack the resources of behemoths such as Google or Amazon are more likely to pay up quietly if customers’ data is compromised, says Blower (though as a rule of thumb, it is never advised to pay).
His advice is to adopt a “multi-layered approach” that is predicated upon the basics – provide cyber security training for all staff, back up data daily (and store it on a separate server), invest in good anti-virus software and update it whenever asked to, and where appropriate, restrict access and user rights among the workforce.
- Denial of service (DoS) attacks will hit the UK more and more
International security specialist Neustar has identified the British retail sector as “among the most vulnerable industries in the world” when it comes to DoS attacks, says Blower, and no sectors are immune.
Retailers, though, are especially prone to extortion attempts, with online retail generating, he says, “between £77,000 and £200,000 per hour”, meaning the temptation to pay the ransom and restore normal trading operations can be great.
His advice is to develop what he calls “an incident response plan”: options include using an internet service provider (ISP) with a built-in DoS detection service (it will spot abnormal traffic spikes at the earliest opportunity); having a back-up ISP to switch to in case of an attack; and having a cloud-based DoS response that will detect and filter malicious DoS traffic.
- Cyber crime-as-a-service
Every market will have secondary markets, and cyber crime is no different, says Blower. Hackers are smart, and often base themselves in jurisdictions that lack the resources to tackle cyber crime. They are also, he says, selling their expertise to less sophisticated criminals, meaning a burgeoning of malware and criminal attention.
His conclusion is, as ever, to follow best practice, invest in cyber security training and make sure you are better protected than others. Because “Hackers, like wolves, invariably attack the slowest and most vulnerable in the herd.”
Check out our cyber security training courses here.