Welcome to the Summit Hosting Cyber Security Blog Series. In this series, we will go over the various types of cyber-attacks that black hats use to infiltrate your network, the importance of always being security conscious, the tools you and your employees can use to protect themselves, and so much more. In Part 1 of the series, let's talk about cyber-attacks.
Cyber-attacks are intentional exploitation of computer systems, networks, and software. These attacks use malicious code such as viruses and ransomware to modify computer code, data, or logic, culminating in destructive consequences that can compromise your data and business. Do not think this will not happen to you! According to a SonicWall study, in the first six months of 2021, cyber-attacks were significantly up from the same period of time in 2020:
- 2.5 trillion intrusion attempts up 9%
- 304.7 million ransomware attacks up 151%
- 51.1 million cryptojacking attacks up 23%
- 32.2 million IoT attacks up 59%
The ransomware war is waging at its highest level ever! Even if there were no attacks in the second half of the year, 2021 would already be the worst year in history!
Securing your business is not an IT job; it needs to be the responsibility of any employee, contractor, or consultant who has access to your business information. A hacker may try to access your data through any public internet address (IP Address) that comes with your internet service. This method is referred to as intrusion attempts, the only category that is down compared to 2020, most likely due to companies becoming more aware that Cyber Security is necessary for everyone.
Most security breaches start with someone inside the organization. Many start with a phishing attack where the individual gets an e-mail or text message that compromises their security. Spear phishing emails appear to originate from an individual within the recipient’s organization or someone the target knows personally. Once opened, they are used to steal passwords or compromise the device that opened them. Whale phishing refers to an attack focused on the leadership of an organization, typically aimed at stealing vital information since those holding higher positions in a company have unlimited access to sensitive information. Many whaling instances are designed to manipulate the victim into permitting high-worth wire transfers to the attacker.
Malware is a code made to stealthily affect a compromised computer system without the user's consent. This broad definition includes many particular types of malware, such as spyware or ransomware, which will damage or control your computer infrastructure. Ransomware blocks access to your data, typically encrypting or threatening to delete it if a ransom is not paid. There is no guarantee that paying a ransom will regain access to the data. Ransomware is often carried out by code disguised as a legitimate file such as a pdf, link, or office document.
Risks can also come through your web page. Hackers can attach malicious code to your website or breach your security through "SQL Injection Scripts," granting access to your data.
- Malicious code is usually sent in the form of pieces of Javascript code executed by the target’s browser. The intrusions can come in many languages including Flash, HTML, Java, and Ajax.
- A SQL Injection attack can allow hackers to see or delete tables, and in some cases, gain administrative access to a database.
Cyber security is not a task you complete but a continuous and vigilant regimen that never ends. It is a discipline that must be learned and practiced by everyone in your company. To be safe, you must train employees, monitor compliance, continuously patch and protect your infrastructure, and implement plans to control and restrict a breach if and when it occurs. Cyber security is not something you can outsource to a cloud service provider, managed service provider (MSP), or security consultant, as everyone who touches your systems and data create a potential business risk. However, partnering with your MSP or outsourcing infrastructure to a managed Cloud, like Summit Hosting, should be a big part of your overall security strategy.
This is the first blog of a series focused on securing your company from malicious attacks and hackers. The series will include guidelines and actions for your company and its employees to implement and vigilantly exercise to mitigate cyber-attack risks. Hackers range from individuals who fancy themselves as geniuses to government-backed experts targeting companies and governmental entities. If the NSA can be hacked, anyone can. As a Small Medium Business, it is your responsibility to protect yourself from the regular criminals looking to steal your money and disrupt your business.
For more information on how we can make your business more secure, contact one of our solution experts today!