It used to be that a good security system and a building with a manned gate kept businesses safe. Employees with key cards and CCTV surveillance were icing on the cake. Sensitive files were kept under lock and key in discrete locations, and security companies were hired to do drive-bys at night. We live in a whole new world though, and as BTA sees regularly, businesses need an entirely different type of defence to stay safe today. The latest research reveals that companies are still not addressing basic IT security issues, and cyber attacks are increasing faster than ever before. Companies, it would appear, are not fully understanding their vulnerabilities, or choosing not to do anything to address them.
Ransomware Still a Scare
The rate of ransomware attacks against businesses increased from one every two minutes to one every 40 seconds from January to September of last year—affecting one in every five businesses worldwide. Sadly, small and medium-size businesses were hit the hardest, 42 percent of them falling victim to a ransomware attack. Of those, one in three paid the ransom, but one in five never got their files back despite paying.
Overall, 67 percent of companies affected by ransomware lost part or all of their corporate data and one in four victims spent several weeks trying to restore access.
Unsurprisingly, financial gain is the top motive for attacks. Increasingly however, cyber espionage is also motivating attackers who are being paid, or wish to be paid, for sensitive information. Companies of all sectors are targeted but financial institutions, healthcare organisations and educational bodies seem to be at greater risk.
The Verizon Data Breach Investigations Report 2017 shows that pretexting has emerged as a popular tactic and is on the increase and commonly used in business email compromise or whaling attacks, in which attackers trick people into helping them by pretending to be a senior company executive.
The report shows that pretexting is predominantly targeted at financial department employees – the ones who hold the keys to money transfers. Email was the top communication vector, accounting for 88% of financial pretexting incidents. Cyber criminals spend several emails developing the relationship before making the request, and usually from the executive’s actual email address.
Passwords – An Easy Place to Start
The Verizon Data Breach Report also said that 81% of hacking-related breaches were done using either stolen, weak or easy-to-guess passwords. Even for companies with very weak IT security measures in place, passwords are one access point that no company need be vulnerable through. Our IT experts recommend using two-factor, or multi-factor authentication, and implementing complex passwords for all employees that they are forced to change regularly. This alone would reduce the risk of hacking, even if no other IT security measures were implemented.
All in all, even with increased media coverage of cyber attacks, many organisations are not locking the front door and hackers are just walking straight in. And the cost is far greater than the IT security they didn’t put in place. We hope that next year’s research shows a far different trend, but unless businesses make a concerted effort to increase their IT security, we fear the situation will be even worse.
BTA is a Managed Service Provider specialising in IT security, network design, cloud solutions, hardware & software procurement and disaster recovery. With more than 20 years of experience serving companies across London and the UK, BTA has earned a reputation for providing expert advice and trusted IT solutions. For more information or a free consultation, email firstname.lastname@example.org.