Whether your company is starting to return to an office environment or the team will continue working remotely, you are exposed to threats to your network security like never before. Threat Actors (anyone who poses a threat to your network) want the data on your network and they are working hard to get it. To help you understand the situation, here are the top 4 threats to your network security.
Ransomware
Ransomware is a massive threat to your business – particularly because it is so sneaky. Gone are the days when you got a virus and it popped up and announced itself to you. Ransomware sneaks in, embeds itself into everything and then strikes!
The time between breach and detection can be weeks, or even months. The time taken to detect is getting longer and longer. Back in 2016, Fireye gave a global average figure of 146 days. A 2021 report by Varonis quotes IBM figures saying it is now 228 days.
The cost of a data breach is measured in time, money and reputational damage. You need to be confident you are protected.
Social engineering
Why should threat actors work hard to get through your endpoint and network security when they can use your staff to get around them? This core premise to social engineering is what makes it such a threat to your network security. The best definition we’ve seen is “psychological manipulation to trick users into making security mistakes or giving away sensitive information.”
Phishing attacks (emails attempting to get information or payment, often by pretending to be a senior member of staff) are the most common tool in the social engineering toolkit.
Compromised websites are another. Cyber criminals are constantly looking to hack into trusted websites so that visitors then give information, or a route into your network, to them.
A growing method of attack actually happens in the real world. Malware-infected USB sticks are left outside target locations in the hope that people will pick them up. Labelling them “staff bonuses” or “pay rises” makes people curious. They plug them into their laptops, releasing the malware and the trouble begins.
This is a staff education challenge for you and you can see various articles in our blog that will help with this.
Crypto–mining
There are two ways to get crypto-currencies: buy them or mine for them. Crypto-mining requires huge amounts of processing power. Breaching your network and using the processing power of your devices is a fast-growing threat. Cisco figures suggest that 69% of organisations have experienced some level of threat from this. As the price of crypto-currencies goes up, the level of activity follows it. At the time of writing Bitcoin was at $45,000 each – a record level.
Although this threat is initially low, it often serves as a gateway into more serious cybercrime. Once they are in, they can do much more than use your processing power.
If your AWS compute costs have shot up or your bandwidth is always clogged, you may have been breached by a cyberminer.
DDoS attacks
Whilst Systems IT doesn’t do website hosting, this is a growing threat, so that is why we’re discussing it here.
In the 15 months to March 2021, DDoS (distributed denial of service) attacks increased by 55%, with NSFOCUS saying they had detected over 152,000 attacks by Dec 2020.
Most DDoS attacks seem to be because people disagree with your policies/beliefs or you have really upset someone – intentionally or otherwise. The biotech and pharmaceutical industries were the most targeted industries in the first part of 2021.
As mentioned earlier, there are three costs to a network security breach:
- Time: a huge amount of time is lost, both trying to fix the damage and, simply, downtime as your team can do little or no work.
- Money: whether you end up paying a ransom to release your data, or you simply look at the cost of the lost business, this can quickly add up.
- Reputation: with three issues here:
- As a director of a business, do you want to tell your clients you’ve been breached? What will they think and will they decide to continue working with you?
- ICO regulations say you have to tell everyone potentially involved if Personally Identifiable Information (PII) data you hold may have been accessed. The combined reputational threat and the grow in “ambulance-chasing” legal action can really damage your business.
- What will people think of you, within the business, if you were the person who said No to increasing the security around your network? Of course there is a cost to increasing the security, but isn’t it far lower than the costs we’re describing here?
Survival
Ultimately, it may mean the difference between your business thriving or not surviving. 50% of companies who experience a breach have closed within six months. Even if they do survive, the impact on the bottom line through all of the above is going to be felt for some time to come.
As mentioned early in the article, these threats regularly go undetected for weeks and months. The amount of damage is constantly increasing over time. The sooner you can detect a breach, and start taking action, the less damage occurs.
This article has aimed to educate you on the threats that your network, and your business, face. Our next one will look at what you can do to protect yourselves. If you don’t want to miss that article, simply subscribe here.
If none of the costs above sound appealing, let’s talk about how Systems IT can help you protect your network. Give us a call on 020 7227 9700 or click here.
