23 Mar Cyber Security in your small business – The weapons of attack
Cyber security has rapidly become a vital necessity to everyone. Anyone connected to the internet needs a good level of cyber security as much as anyone that owns a home needs a good lock and key. The rapidly increasing technological landscape is partially to blame for increases in cyber-attacks – the more web-connected devices you have, the more likely you are to be vulnerable. However, the main reason is the lack of education on the sheer volume of methods that cybercriminals have in their arsenal to attack you.
Throughout this blog series, we will explore the different methods used by cybercriminals to attack your systems and the cyber security fundamentals that can be implemented to prevent the attacks from being successful.
Let’s take a look at the various different methods cybercriminals use to attack, access and reap havoc on your systems.
The weapons of attack
In short, Ransomware is a form of malicious software that locks and encrypts your computer data. The cyber-criminal will then demand a ransom before you are allowed further access to your files – which will remain on your computer, but in an encrypted form so you are unable to access or read them.
Cybercriminals will often use file encryption to force victims into paying their fee. They often set time limits on payments and threaten to delete files if payment is not received. Understandably, most business owners choose to pay the fee within the time limit – however, it is doubtful they will ever get their access back. If they do, they will likely be attacked again at a later date. Once payment is made, the attackers then feel safe in the knowledge money can be demanded again as they know the business isn’t equipped to defend against the attack.
Phishing is the attempt and procedure of a cybercriminal trying to gain access to private information using fake / fraudulent emails and websites.
Phishing scammers use emails as the vehicle to carry – their malicious links. The cyber-criminal is trying to manipulate the recipient of the email into believing that the message is important, purporting to be a message from the bank, for example, or from someone within the company. The cyber-criminal will often base it around a time-sensitive subject in order to create a sense of urgency in the hope that this will encourage the recipient into clicking into the email and opening the attachments, or worse – clicking reply and in the process inadvertently sending over their identity to the criminal.
While similar to Phishing in the sense that deception is the vehicle used to extract sensitive information, Vishing is performed using VoIP phone systems instead of emails and malicious links. Cybercriminals utilise the opportunity that the anonymity of VoIP brings compared to traditional telephony. Landline telephone services allow numbers to be assigned to physical locations known to the phone companies, whereas VoIP enables the use of features such as caller ID spoofing – making it harder for authorities to track, locate and bring scammers to justice. Vishing attackers (otherwise known as Vishers) frequently use a sense of urgency, fear tactics, and emotional manipulation to compel victims into sharing sensitive information.
Now that you are familiar with Phishing and Vishing attacks, Smishing is easy to understand. A merging of SMS and Phishing, Smishing is in essence the name for a Phishing type scam taking place on the medium of SMS messages.
Malware is software that is specifically designed with the intent of causing damage, destruction and chaos, or with the aim of stealing private data. Unlike most other methods of attack, Malware is usually designed and managed by a group of cybercriminals as opposed to a lone criminal, who are looking to make money from either selling the software over the dark web or by spreading the malware content themselves.
Now that we have covered some of the ways in which cybercriminals attack your system, in the next blog in the series we will take a look at some of the cyber security fundamentals you need in place to ensure your business is as secure as possible against them.
Cyber Security for your business with Urban
Do you want your business to be protected to the best possible standard? Do you want a provider that monitors your systems regularly to ensure that a high standard of security is maintained at all times? Look no further than Urban Network! Our team of experts add layers of additional security to whatever existing measures you have in place. We will liaise with you to ensure that there are comprehensive policies in place for password control, access control, network housekeeping, and, importantly, remote access and BYOD policies. We can look at the current implementations of any facet of your network and give advice on industry best practices to ensure your business is sufficiently covering your risk. Contact us now to find out how we can help you!