Understanding how cybercriminals work is important for staying one step ahead of them.
And right now, when there’s more focus on the digital world than ever before, small business leaders can take the opportunity to learn more about the most common cyber threats.
This article outlines the most common types of cyber attack and how you can arm your business against them.
What are the biggest threats right now?
1. Malware – Surveillanceware and Ransomware
Malware stands for malicious software and is the catch-all term for any piece of software designed to either damage devices or (as is more common) steal important data.
There are many types of malware that can affect your system. Some of the most common include trojans, viruses, ransomware, nagware, adware, spyware and worms.
In 2020 we’ve seen an increase in Surveillanceware (which is used to access sensitive data on devices), and Ransomware attacks (where adversaries encrypt data and demand a ransom).
2. Phishing – Email and mobile
With phishing attacks, fraudsters pose as reputable companies and send false communications in order to trick people into revealing their personal information or clicking on a malicious link.
Phishing used to be mostly coordinated through emails. But as more people are using their personal mobile devices to access corporate networks, mobile phishing has taken over as the most popular route for phishing attacks.
3. Threat actors - Hackers
Hackers are the individuals behind all these threats, creating malware and deploying phishing emails. They specifically like to prey on smaller businesses, because of their often limited security capacity, and the role they play in the wider supply chain. The COVID-19 climate has also made it easier for them to broaden their attacks.
Once a hacker gains access to your network, they can steal, change, destroy or corrupt your data, or take control of your device, and may do a lot of it without your knowledge. So the only real protection against a hacker is preventing them from ever gaining access in the first place.
What should you look out for?
Fraudsters often entice workers to download dangerous malware or spyware programs through messaging and SMS platforms by using phrases that are hard to ignore, such as “just saw this picture of you, when was this?”.
Enterprise phishing emails take advantage of crisis situations and use titles such as ‘Please Read Important from Human Resources’ or ‘All Employees: Update your Healthcare Info’ to convince people to click on them.
When personal devices are used for work, phishing emails targeted at individuals can gain access into a corporate network. And people tend to be a bit less cautious when it’s their private email, making it a favourite for fraudsters.
How can you protect against these attacks?
Make sure you extend any phishing protection you have to mobile – whether that be personal or corporate.
Ensure firewalls are enabled for all devices that can access your company network, especially ones that connect through untrusted WiFi networks.
Only use software, apps, and accounts that are necessary, and protect them with strong passwords. For important apps, use secondary forms of authentication such as fingerprint.
Regularly update your anti-malware protection across all devices, and make sure operating systems are running the latest versions.
Regularly back up important data on separate, unconnected storage devices, to help protect against a ransomware attack.
Firms like Lookout also offer comprehensive protection against mobile phishing on Android and iOS devices. It can guard against phishing attacks from multiple vectors, and allow workers to use their own smartphones for work by offering content protection, even if the device is outside the firewall.
How do you stay up to date?
The cybersecurity landscape is constantly shifting. Keeping on top of the latest news can help you stay in the know – and stay ahead of hackers.
Loookout's hotspot map of threats keeps track of phishing attacks globally, giving the most up to date picture of the threat landscape.
For more detailed information on the tools and technologies you can deploy to keep your organisation safe, check out our blog about protecting your business from cyber and fraud risks.