Cyber security

Posted by: Golden Avenue Technology LLC | Date: 3 March 2019

Blog

What is cyber security?

Cyber security refers to the preventative techniques used to protect IT infrastructure assets and data of an organization or individual, from being attacked, stolen or accessed illegally. It includes protecting hardware and software from becoming compromised to internal or external cyber-attacks.

No Business is too small to be immune from cyber-attacks. On an average a site is attacked 50 times per day, and improper security measures can increase the threat.To effectively protect your business, it is important to be aware of the common widespread cyber security threats and take appropriate measures to combat such threats.

What are the Common external cyber security threats?

1. Defacements

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage and inserts the hacker’s message. In short, it is vandalism of a website or a criminal drawing of graffiti.

2. Automated exploit of a known vulnerability

These are non-targeted automated attacks that attempt to compromise computer’s operating system which has known security vulnerability especially in windows. These attacks occur if ALL necessary patches are not installed.

3. SEO Spam

By injecting irrelevant keywords, links, spam comments etc into a website, SEO spam forces the site to rank away from the specific keywords given by a business, which may result in considerable loss of traffic.

4. Malicious redirects

A malicious redirect occurs when visitors land on a site and are sent to another site containing malicious content due to embedded JavaScript code. WordPress hacked redirect, is becoming quite widespread redirecting visitors to adult & other malicious pages.

5. Distributed denial-of-service (DDoS)

A DDoS attack occurs when a website’s server is maliciously overloaded by “bogus” traffic from attacker-controlled computers, called a botnet. This causes slow website loading times and crashed servers, which can be devastating to your bottom line but a boon to your competitors.

6. Ransomware

Ransomware is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to resume access. Many attacks don’t have to be as vicious as WannaCry or NotPetia to take an entire SME down due to the financial strain. Ransomware was the fastest growing threat in cyber security.

What are some of the internal cyber security threats?

1. Reckless web surfing by employees

Employees can surf non-business-related sites using the company’s electronic devices which can affect company network with bot clients, Trojans, spyware, and different kinds of malware. The sites that spread the most malware are

  • a) Celebrity fan sites
  • b) Casual gaming sites
  • c) Adult sites and online social networks

2. Insider attacks

Since SMEs have fewer employees, they tend to allocate a lot of control over assets to a single individual. This gives one employee the ability to do more harm as an insider. These insider attacks can be unauthorized extraction, manipulation, destruction of assets and data, and unauthorized use of third-party software which may contain harmful viruses.

While many SMEs are concerned about cyber-attacks, more than half are not allocating enough in their budgets to risk mitigation. They also lack proper back-up and recovery strategy to pick up from an attack easily. An effective pro-active defense must include regular IT Security Audits and incorporate offensive countermeasures to outsmart an adversary.

What could go wrong if Data is not protected?

1. Risks involved in online presence and threats posed by Hackers and Malware

  • Hackers try to break into computers over the internet. This is a serious risk, particularly for companies that hold highly sensitive and confidential data
  • Some computer viruses erase files. These usually infect company systems through the internet, via a downloaded file or email
  • Other malware (malicious software) like Trojans and spyware may read your data and transmit it across the internet, or wipe it completely
  • Ransomware is now a common threat, where hackers steal vital data and issue a ransom for its safe return

2. Human Error

It is easy to change or erase data accidentally. For instance, a staff member could delete a crucial list of customers by mistake.

3. Physical threats

  • Failed hardware, like a damaged hard disk, can result in the loss of important files and data
  • Theft of company computers or mobile devices can result in data falling into the wrong hands, or being lost forever
  • A natural calamity could destroy the server holding key business information. For example, a fire or flood in your business premises

4. Malicious action by a disgruntled employee or an individual

Anyone with access to your data could copy or delete it. For instance, a disgruntled employee could sell your customer database to a competitor. Controlling access to users is a key to reducing this risk.

What are the types of cyber security measures?

Protect from within

Most cyber-attacks happen because of an internal blunder.

The biggest benefit to holding a session on security awareness is to build better security from within. Knowing your employees are prepared and acting with a focus on data security gives you unmatched peace of mind and the confidence that your business is doing everything possible to prevent data breaches and possible external attacks.

Educate & Train

Cyber Security awareness training is a formal process for educating employees about computer security. A good security awareness program should be organized to educate your employees about the corporate policies and procedures within the IT space. The main focus is to empower your employees on the hassles of being complacent to the threats lingering out there.

  • Prevent users from unauthorized access to the network
  • Ensure malicious elements don’t exist within the network
  • Deny programs from certain resources that could be infected
  • Secure confidential information
  • Ensure the company follows good online security practices
  • Compliance with Government regulations
  • Ensure use of security software and maintain all software updates and upgrades
  • Look for software with undo/rollback functions to minimize the risks posed by human error
  • Have a good BACK UP and RESTORE strategy in case of a disaster
  • Use security Experts to comb through the system thoroughly and install security measures
  • AMC Is the Smarter cyber security for your IT Assets with Regular Scheduled maintenance Updates and Upgrades