Every month, in our printed newsletter and on our website’s blog, we tell you about the latest cyber security horror stories. We’ve told you about companies that have endured millions of dollars of damage from ransomware attacks. We’ve written about companies who have had to pay millions of dollars in fines to state and federal authorities because they didn’t protect their own customer’s data. We told you about social engineering attacks, social media hacks, vulnerabilities in software updates, breaches, viruses, trojans and other damage that have put companies out of business.
We don’t tell you these stories just to scare you. We tell them to you so that you are aware of the dangers that threaten your business every day, so you can be prepared and so that you can make intelligent decisions about how to deal with them.
It Can’t Happen To Me
Most cyber attacks happen to people and companies who were convinced that it couldn’t happen to them. After all, they argue, they haven’t been hacked before, and so it must be unlikely that it will happen now.
But the truth of the matter is that there is no industry where things change as often and as rapidly as Information Technology, and specifically with Cyber Security.
- Every day, companies are announcing new software to solve new problems.
- Every day, companies release updates to their software to add features or patch security holes.
- Every day, security companies are developing new methods to protect users from attack.
- And every moment, the hackers, virus programmers, and other cyber criminals are figuring out new ways to attack your business on every single level.
What might have kept you safe for the last ten years will not keep you safe for the next ten years.
Recent Cyber Security Horror Stories
Here are some highlights from the last year of our cyber security blog.
Phishing, Vishing and Smishing
For example, in May 2018 we wrote about Phishing, Vishing and Smishing. These are messages requesting that users reset passwords or confirm information, usually for banking or other financial resources. But the web addresses where the changes are asked to be made are actually controlled by the criminals. These messages are sent via email, voicemail or SMS text messages. If the user follows the instructions, bank accounts would be instantly depleted. Similarly, the attack could be on technical resources such as email accounts, cloud storage or network servers, all of which could cause horrible damage and expensive breaches.
Social Engineering Attacks
These attacks have spawned new attacks that we now call Social Engineering attacks. We recently wrote about Social Engineering attacks, and it’s already more of a problem than it was when we published the story just a month ago. Emails are sent to executives in a company that look entirely legitimate. These emails request access to technical or financial resources, or for payment for normal services or vendors to be sent to new or alternate bank accounts. These requests look so legitimate, many people can’t tell the difference between legitimate requests and those that are faked, and end up granting access to these resources, costing companies thousands or millions to repair the damage done, or to pay large fines for the data breaches.
These are two threats that the anti-virus software you are probably relying on just can’t catch. But you can reduce the likelihood of becoming a victim to these attacks with our cyber security awareness training, part of our Business Protection Toolkit.
File-Less and Zero Day attacks
Traditional anti-virus software can’t catch two other kinds of threats that we wrote about last winter, called File-Less and Zero Day attacks. Traditional anti-virus software matches files against a database of known viruses. But File-Less attacks have no files to match against, and are often not among the virus definitions. Zero-Day attacks are exploits discovered and attacked on the same day -- long before any kind of anti-virus or security software publishers know about the exploit. And while those security programs can’t catch these attacks, our behavior-based systems, which are part of our Business Protection Toolkit, can.
Attacks mostly come from outside your organization, but sometimes they come from inside, including from non-computing devices installed on your network (such as security cameras and alarm systems) and wifi networks. That’s why we wrote about simplifying and separating your networks to improve monitoring and increase security. Our Security Operations Center can more efficiently monitor a properly simplified network to help identify threats of any kind. For example, employees and visitors to your office given access to your wifi can inadvertently introduce malware they didn’t know their phones or laptops were carrying. When you engage us for our IT Services and Support, we will assess your network infrastructure and advise you about more efficient ways to design your network.
Supply Chain Hacks
And just recently, we wrote about two attacks and vulnerabilities that no one saw coming: Supply Chain hacks. ASUS computer had its software update system infected by virus-laden software so that every time an ASUS computer searched for updates, it downloaded infected files. Our Business Protection Toolkit caught and immobilized this hack for one of our clients before it had the chance to do any damage. Dell’s own software update system was found to have a vulnerability that would allow a cyber criminal to download software from non-Dell servers, with the potential to install any kind of threat, virtually undetected. These hacks and vulnerabilities into a technology company’s software supply chain hadn’t been seen before.
We wrote about dozens of other hacks and vulnerabilities over the last two years, and you can see them all on our Cyber Security blog here, but the main point is that the threats facing your business change every day, and so should your defenses.
If you are still relying on the luck you’ve had for the last ten years to keep you safe for the next ten years, let’s talk. Our Business Protection Toolkit is designed to not only deal with the threats we know about today, but the threats that have never seen before as well. We designed the Toolkit to help companies like yours stay safe and stay in business. We worry about the threats so you don’t have to. Contact us online or call us today at 818-913-1335. Let’s talk.