Cyber attacks and data breaches can cause incredible damage to a young business’s public image which most times leads to huge losses incurred to repair the damage. These attacks oftentimes succeed in shutting down a previously booming enterprise. Most small and medium enterprises (SMEs) think themselves immune to cyber attacks, but realize – sometimes too late – that majority of cyber crimes are targeted at them. This is because big enterprises generally invest a lot of money annually on cybersecurity to better protect their data and networks against attacks, leaving the less-insured and less-informed SMEs as the only possible prime targets for cybercriminals. In a recent survey, 74% of SME directors who participated in the poll, considered cyber security important, but only 26% took measures to secure their business against attacks, while only 19% organized some form of training for its workers. However, most of these SMEs fail to realize that legal action under the General Data Protection Regulation (GDPR) could be taken against businesses that suffered a breach if they failed to put measures in place. That could attract a fine of £17 million or 4% of global turnover – whichever is larger – which usually costs more than putting up good security measures will. With the recent increase in cybercrime, SMEs should expect heavy threats in 2019 which could come in one or more of the following forms:
- Phishing: This is a form of cyber attack in which criminals try to gain access through social engineering – which requires them to obtain passwords and access codes by tricky means. Sometimes, spear phishing is used – tricking an employee into believing an email is from an important client or senior management and gaining access to the network system. The best way to avoid this is to train employees on how to detect these emails and to always be vigilant.
- DDoS Attacks: A Distributed Denial of Service attack is one in which multiple sources or devices are intentionally used to overwhelm a particular server or website with data, effectively slowing it down or causing it to crash, which can lead to loss of money, clients, and/or information. Strong firewalls can help detect a DDoS attack, and prevent it from gaining access to the system. Cloud mitigation providers can also give your website enough bandwidth when needed to successfully contain an attack. Investing in cloud storage can be a big part of a disaster recovery plan and minimize the loss of revenue should there be an issue.
- Malware: Virus and worm attacks come under this form. When software containing a virus or worm is installed on a device that is connected to a network, the worm can quickly spread to other devices within the network and lead to loss of data or network shutdown. Ransomware is a form of malware in which the criminal encrypts important data or shuts down a network system and demands for a ransom before restoring the system to normalcy. Using good antivirus protection, one can easily detect and contain such attacks.
- Cryptojacking: This form of cyber-attack gained prominence when cryptocurrency went mainstream. Hackers gain access to your device and use processor resources to mine cryptocurrency online. This slows down hardware performance. An effective antivirus should detect and contain this too.
- APT Threats: Advanced Persistent Threats are harder to detect because the hackers are content with just sitting still and collecting important data when they gain access to your system. These data can be collected over a long period of time and used for any purpose that suits the hacker. Segmenting the network to limit breaches, and constant monitoring to detect unusual data access can help contain this form of attack.
Knowing these forms of cyber attacks and properly guarding against them can secure your business and save you a lot of money in 2019.