When you picture a cyber-attack what do you see? A hacker using sophisticated techniques to break into a multinational corporation, an attacker trying to gain access to a secretive government agency, state sponsored hackers trying to bring down national infrastructure?
Hollywood has a lot to answer for, and whilst these hackers do exist, they are certainly not responsible for the majority of attacks.
The reality is that most attacks are opportunistic in nature, and instead of conducting meticulously planned, sophisticated attacks, most are simply looking for targets who have left their digital doors unlocked, so to speak.
They don’t care how big you are, what business you are in or even what data you have. They are chancers looking to profit from security failures.
So, how do they get in?
The WannaCry attacks of 2017 were a perfect example of these opportunists in action and whilst the media portrayed it as a targeted attack against the NHS, the reality was that 10,000 organisations and 200,000 individuals in over 150 countries were affected. The way in? Unpatched and outdated Windows operating systems.
And WannaCry wasn't the only example. Last year Equifax was hacked via an unpatched system and the personal data of up to 143 million consumers was compromised.
But it’s not just operating systems that act as a route in, your people can often be your weakest security link. 81% of hacking-related breaches leveraged either stolen and/or weak passwords and employees clicking on infected phishing emails is still a major concern.
Protecting your business
Even the simplest of security measures can help prevent opportunistic attacks and businesses need to ensure that security measures are put in place to deal with these threats. Below we outline five simple ways you can start to protect yourself and your business:
- Patch, patch and patch again - if possible
Have you ever pressed the ‘remind me later’ button when your computer has asked you to update? Of course you have, we all have. But the more you put it off, the more vulnerable you become to the latest attacks.
If you can switch auto updates on we would recommend you do it. If not, you need to make sure you have a update schedule in place to ensure you don’t fall victim.
Admittedly, not everything comes with auto update and for critical systems patching needs to be fully tested before being deployed as there is always the risk that the patch could cause some unexpected behaviour.
- Employee education and password policies
As we discussed, people can be the most effective way in for opportunist attackers. That’s not surprising when people haven't been told what to look for or taught about the potential consequences of a weak password.
Education is the key here and companies should be training their staff on an annual basis about the latest threats, the precautions they need to take and also putting in place policies regarding password strength. The first step to password security: make sure you don't have the same password for LinkedIn as you do for your work computer.
- Segregate your network
Is your office printer plugged into your main company network? Does marketing have access to the legal team's files and folders? Do they really need to?
By segregating your network, you can protect yourself against a company-wide breach. Yes, a hacker may get into a certain area, but it can be easily contained and the chances of your whole network being brought down is reduced.
- Have a backup schedule
Ransomware is designed to lock users out of their systems, demanding that those affected pay to have their systems restored. The WannaCry attack was an example of this type of attack and thankfully systems were able to be restored when a solution was found. However, they were lucky, many ransomware attacks not only lock users out, but also destroy the data on the system.
Regularly backing up means that if the worst does happen you can restore your systems without losing too much.
- Plan ahead
You have a plan in place in the event of a fire, so why don’t you have a plan in place in the event of a cyber-attack? By having a plan you can be confident of the steps you need to take if an attack does occur.
It’s time to act
As you can see most opportunistic attacks could be stopped with the most basic of security measures, yet many of these attacks continue to be successful. Now is the time for action.
Here at Secarma our security consultants work closely to support our clients and to help them protect their businesses from the consequences of a cyber-attack. So, whether you need your web application testing or a full scale red team exercise, we’re here to support your security improvement efforts.