Cyber-attacks on businesses – which are the most frequent?
Small firms in the UK suffer close to 10,000 cyber-attacks daily, according to research from the Federation of Small Businesses (FSB), with the average cost of an individual attack put at £1,300. The issue of cybercrime is sometimes overlooked by business owners who fail to prepare a backup solution or wrongly believe they are protected.
The threat is evolving rapidly – so if it’s not already, cybersecurity should be a top priority for your business. Here are some of the most frequent attacks found in the UK and how to protect against them.
Distributed Denial of Service (DDoS)
A DDoS attack involves bombarding a website or server with artificial traffic to the point where it can’t handle it, resulting in long delays for users or a server completely failing. Sometimes a denial-of-service attack can act as a diversion – hackers don’t actually get any benefit from the attack itself but carry it out to create chaos so they can break into the organisation’s network whilst it focuses on restoring its website.
One of the most important things you can do to protect yourself against a denial-of-service is to secure your network with advanced systems – firewalls, anti-spam and content filtering together – will enable consistent defence and allow little outside traffic. Using a managed IT service can provide constant monitoring of website traffic, alerts for unusual website activity and awareness of the latest DDoS tactics.
Phishing – a term meaning to ‘fish’ for passwords and financial data – involves scammers posing as a trustworthy business or service such as a bank in order to gain sensitive information from victims.
Spear Phishing is a little more complex and harder to spot. Just like Phishing, emails and messages will look completely convincing, but Spear Phishing is targeted. Attackers will take the time to create messages that are personal and relevant, often falsifying an email to make it appear as if it is coming from someone you know. They’ll even clone websites to fool you into entering personal information such as login credentials.
If you do receive a suspicious email, don’t respond, and take immediate action. Your IT team should run anti-virus software on the device, change all passwords for accounts that use the password captured by the hacker and contact the company or person that was impersonated. To prevent Spear Phishing, be suspicious of unexpected emails, keep spam filters turned on and check them regularly.
Man In The Middle (MITM)
You might not have heard of the name – but Man In The Middle or MITM attacks are very common and you may have even experienced it. It’s a type of attack that occurs when a cybercriminal disrupts communication between people or systems. An attacker could impersonate two users – using both to manipulate each other and gain access to their data. The users are unaware that they are communicating with a cybercriminal and not each other.
There are some simple things you can do to protect your business and its employees, such as HTTPS using browser plugs, to secure logins and online transactions, create separate Wi-Fi networks for guests, internal use and business data transfer, not allowing employees to use public networks for confidential work and asking your IT provider to install an Intrusion Detection System (IDS).
During a drive-by attack a cyber-criminal will target you through your internet browser. They will directly attack your computer, installing some form of malware as soon as you land on an infected site. It can even occur if you visit a legitimate website that has been compromised by hackers – or they may redirect you to a malicious site.
To protect yourself from this kind of attack, keep browsers and operating systems up to date and don’t keep too many unnecessary apps and plug-ins – this leaves you more vulnerable, for attackers to exploit through different means. Stick to sites you would normally use but be aware that popular websites may fall victim to drive-by attacks.
It’s important to keep up to date on the latest and most common attack methods and learn how your business can remain protected. A disaster recovery plan is the next step in data protection and one every business should have. This could save you downtime, the threat of a data breach and a loss of revenue.