“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.
Introduction to Cyber Security
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
What's the importance?
Nowadays, most of the devices are connected to the internet from smart speakers to security cameras, it also includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems. Making cyber security an importance concern for everyone, and as described in our previous article, HMM was hit with a major cyber-attack causing an interruption in the workflow causing loses in millions. It’s not just HMM but Facebook & Twitter have also been attacked in the past few months causing a data loss of billions of users, making it a very important issue for user privacy.
Methods of Cyber Attack
Over the years there have been several methods devised for attacking a company, in this section of the blog we’ll discuss a few common ways they have been breached and attacked in the past couple of years. Such attacks can be further classified into two categories, namely Enterprise-Level Attacks & Personal Attacks.
- Spear Phishing Attacks: It’s a target phishing attack on a specific person from a company/organization with the intent of installing malware on their machine, which includes a company’s server. Employees receive mail posing as their company, to steal important credentials which can be used for gaining access to their servers and used for several malicious purposes.
- Ransomware Attacks: Ransomware is a form of virus which encrypts all the files until the ransom is paid, the ransom is to be paid in the form of cryptocurrency. Failure to do so within the given time-period will cause all of your data to be sold on the dark web. Recently a US nuclear weapons contractor was prey to a ransomware, and the attackers threatened to release the stolen data to the Russian military.
- rDDoS: Ransomware Distributed Denial of Service, also known as rDDoS is a form of DDoS attack [Distributed Denial of Service] where the attacker threatens a company with a DDoS attack if they don’t pay the ransom in the due time. In a report by Akamai, a DDoS protection company, there was a surge in the number of attacks because of the recent pandemic, since most of the employees rely on their company's servers.
- Wi-Fi Attacks: This is a very common form of attack; the attacker connects to the same network as that of the victim by gaining access through malicious means. This often happens because of a weak password or encryption protocol [WEP]. The attacker poses as the router redirecting the traffic though his device, rather than the router and can be used for stealing the credentials, gaining important information or even creating a backdoor to the victim’s system.
- USB Rubber Ducky: As the name suggests the attack is carried out using a pen drive whenever a USB device is connected to a system it’s either recognized as storage device or a peripheral device. This device is recognized as keyboard which the attackers use to execute certain commands to create a backdoor to the system which can be used for installing certain malware.
- Phishing: There is a thin line of difference between phishing and spear phishing attacks, just like a spear hits on a targeted spot in the same way spear phishing attacks target a specific person from a company/organization. Phishing attacks on the other hand are conducted on a mass scale often to steal credit card information, personal data or credentials to websites like online banking.
Cyber Security Practices
We all use the internet for multiple reasons from shopping to watching movies therefore it’s a smart move to learn about the best cybersecurity practices it can go a long way towards helping you to stay safe online. Here are a few ways to keep yourself safe online.
- Try avoiding sketchy websites, mails, pop-ups and links, they can be used for phishing your data, installing a malware or logging your IP address.
- Use a strong password for the websites you use and also make sure your router has one too, the stronger your password the harder it’s to crack.
- Whenever you’re using a public Wi-Fi use a VPN service to mask your data, the way it works is by routing the website traffic through their servers instead of the router and don’t connect to sketchy networks.
- Backup all of your files either physically in a hard drive or on the cloud, though the latter one is more preferred since you can access your data from anywhere without carrying a hard drive around with you which is prone to physical damage.
- Activate 2FA [2 Factor Authentication] for all the websites which support it. Major platforms such as Instagram and Facebook support this feature, they use SMS, call or a third-party application such as Google Authenticator.
- Change your password frequently, passwords are meant to last forever…
- The US government spend just over $17.4 billion alone on cybersecurity related activities.
- The global average cost of a data breach is $3.9 million across SMBs.
- Since the recent pandemic, the FBI reported a 300% increase in reported cyber-crimes.
- Over 9.7 million healthcare records were compromised in September 2020 alone!
- Total cost for cyber-crime committed globally will reach $6 trillion by 2021.
Governments and companies have realized its importance and are channeling billions of dollars’ worth of money to make their systems and machines secure to prevent any data breaches. Be careful, the cyberspace is a dangerous place, stay safe.
Hope you liked this article, Stay tuned for more to come!
Stay Safe & Stay Healthy!