Every month, in our printed newsletter and on our website’s blog, we tell you about the latest cybersecurity horror stories. We’ve told you about companies that have endured millions of dollars of damage from ransomware attacks. We’ve written about companies that have had to pay millions of dollars in fines to state and federal authorities for failing to protect their customers’ data. We told you about social engineering attacks, social media hacks, vulnerabilities in software updates, breaches, viruses, trojans and other damage that have put companies out of business.
We don’t tell you these stories to scare you. We tell them to you so that you are aware of the dangers that threaten your business every day, so that you can be prepared and make intelligent decisions about how to deal with them.
It Can’t Happen To Me
Most cyber attacks happen to people and companies who were convinced that it couldn’t happen to them. After all, they argue, they haven’t been hacked before, and so it must be unlikely that it will happen now.
But the truth of the matter is that there is no industry where things change as often and as rapidly as Information Technology, and specifically with Cybersecurity.
- Every day, companies are announcing new software to solve new problems.
- Every day, companies release updates to their software to add features or patch security holes.
- Every day, security companies are developing new methods to protect users from attack.
- And every moment, the hackers, virus programmers, and other cyber criminals are figuring out new ways to attack your business on every single level.
What might have kept you safe for the last ten years will not keep you safe for the next ten years.
Recent Cyber Security Horror Stories
Here are some highlights from the last year of our cybersecurity blog.
Phishing, Vishing and Smishing
For example, in May 2018, we wrote about Phishing, Vishing and Smishing. These are messages requesting that users reset passwords or confirm information, usually for banking or other financial resources. But the web addresses where the changes are asked to be made are actually controlled by the criminals. These messages are sent via email, voicemail or SMS text messages. If the user follows the instructions, bank accounts would be instantly depleted. Similarly, the attack could be on technical resources such as email accounts, cloud storage or network servers, all of which could cause horrible damage and expensive breaches.
Social Engineering Attacks
These attacks have spawned new attacks that we now call Social Engineering attacks. We recently wrote about Social Engineering attacks, and it’s already a bigger problem than it was when we published the story just a month ago. Emails are sent to executives in a company that look entirely legitimate. These emails request access to technical or financial resources, or payment for normal services or vendors to be sent to new or alternate bank accounts. These requests look so legitimate that many people can’t tell the difference between legitimate requests and those that are fake, and end up granting access to these resources, costing companies thousands or millions to repair the damage or pay large fines for data breaches.
These are two threats that the anti-virus software you are probably relying on just can’t catch. But you can reduce the likelihood of becoming a victim of these attacks with our cybersecurity awareness training, part of our Business Protection Toolkit.
File-Less and Zero-Day attacks
Traditional antivirus software can’t catch two other kinds of threats we wrote about last winter: File-Less and Zero-Day attacks. Traditional anti-virus software matches files against a database of known viruses. But File-Less attacks have no files to match against, and are often not among the virus definitions. Zero-day attacks are exploits discovered and attacked on the same day -- long before any anti-virus or security software publishers know about the exploit. And while those security programs can’t catch these attacks, our behavior-based systems, which are part of our Business Protection Toolkit, can.
Internal Threats
Attacks mostly come from outside your organization, but sometimes they come from inside, including from non-computing devices installed on your network (such as security cameras and alarm systems) and wifi networks. That’s why we wrote about simplifying and separating your networks to improve monitoring and increase security. Our Security Operations Center can more efficiently monitor a properly simplified network to help identify threats of any kind. For example, employees and visitors to your office who are given access to your WiFi can inadvertently introduce malware that they didn’t know their phones or laptops were carrying. When you engage us for our IT Services and Support, we will assess your network infrastructure and advise you on more efficient ways to design it.
Supply Chain Hacks
And just recently, we wrote about two attacks and vulnerabilities that no one saw coming: Supply Chain hacks. ASUS computers had their software update system infected by virus-laden software, so that every time an ASUS computer searched for updates, it downloaded infected files. Our Business Protection Toolkit caught and immobilized this hack for one of our clients before it could cause any damage. Dell’s own software update system was found to have a vulnerability that would allow a cybercriminal to download software from non-Dell servers, potentially installing any threat virtually undetected. These hacks and vulnerabilities in a technology company’s software supply chain hadn’t been seen before.
We wrote about dozens of other hacks and vulnerabilities over the last two years, and you can see them all on our Cyber Security blog here. The main point is that the threats facing your business change every day, and so should your defenses.
Let’s Talk
If you are still relying on the luck you’ve had for the last ten years to keep you safe for the next ten years, let’s talk. Our Business Protection Toolkit is designed not only to deal with the threats we know about today, but also the threats that have never been seen before as well. We designed the Toolkit to help companies like yours stay safe and stay in business. We worry about the threats, so you don’t have to. Contact us online or call us today at 213-398-8771. Let’s talk.
