Criminals will always try to find ways to make money without having to do any of the work. This occurs offline as well as online, and B2B organizations are under constant threat of cyber attacks. Some of these threats come from sophisticated hackers intent on straight-up theft. Others are focused on a Purge-like effort to create mayhem, and then there are the threats like hacktivism and identity theft that can threaten the people within the organization as opposed to the company itself.
It’s said that 53 percent of companies are experiencing an increase in cyber-attacks and Gartner estimated that global spending on cybersecurity is predicted to reach $93 billion this year. To further highlight the seriousness of the issue, The World Economic Forum’s 2018 Global Risks Report pointed to cyber security as the third largest risk in terms of livelihood apart from extreme weather and natural disasters, and—after all—it’s people who make up B2B companies.
Cyber attackers are becoming more sophisticated with each passing year, and data breaches have cost organizations $50 billion in the last five years. That means that protecting your network, company, personnel, and assets should become a top priority if it’s not already.
Here are the five security threats every MSP should know about and how to protect against them using today’s ever-improving tools and technology.
1. Fraud and Deception Via Email
The FBI has a name for threats to businesses via email channels, which they call “Business-Email-Compromise” or BEC. The tactics BEC attackers use are incredibly simple, in most cases.
For instance, criminals can scam employees by posing as higher-ups, even going so far as to create an email address using the CEO’s identity. Using this email address, scammers can trick employees into divulging intimate details about the company, including its financial operations. Criminals can even hold data hostage and demand a ransom be paid. This is just one example of how email can be used for corporate espionage and criminal activity, and employees should remain vigilant against such tactics.
With security awareness training, employees of the organization can be taught to verify the person’s identity and email address carefully before divulging private or personal information, downloading files, or clicking links. Taking the time to make a phone call to verify the legitimacy of the email is a simple enough tactic that can save the company money and personnel immense amounts of stress.
2. Spear Phishing Scams
Phishing is a social engineering tactic where a person is tricked into clicking a link in an email or filling out a form on a fraudulent website, or even logging in on a malicious site. Phishing can be directed at a number of people whereas spear phishing is directed at someone specifically.
Phishing isn’t a new cybercriminal method, but it’s showing no signs of slowing down. A 2017 survey of 263 IT professionals reported that 74 percent of the cyber threats they dealt with over the past year originated from email attachments and links. And Webroot found that scammers created a whopping 1.4 million unique phishing websites in the first half of last year.
Usually, phishing scammers will send a fraudulent email to the victim that appears legitimate. An example might be an email that seems to come from within the company, the corporate office, or a familiar brand the company regularly works with, such as a partnering firm. The email might include a download that will infect the computer with a virus or malware, and in some cases the person can be phished and tricked into giving up their login information for the company’s mainframe or financial data.
Once again, urge your clients to take the time to verify the legitimacy of emails and ensure the email address only comes from the company in question, and not some email address with the company name as a subdomain, which is another common tactic used by scammers to avoid detection.
Even employees that have gone through cyber security training occasionally fall for phishing attacks, but ongoing training can help immensely against these types of attacks.
3. Malware Infections
Malware, short for malicious software, is not only annoying, but it can also have devastating consequences. Reduced bandwidth, mass email spamming, and the slowing down of company computers are common symptoms of malware infection. In severe cases, criminals can make changes to a company’s website, database, purchase orders, and a lot of other segments of its digital footprint that can wreak financial havoc and harm brand reputation.
Malware comes in the form of worms, viruses, and Trojans. Companies can protect themselves from malware attacks by employing an endpoint protection solution that offers instant and automatic security updates. Furthermore, employees should be educated on when they should avoid spam emails or links from unknown users, such as when an unknown popup occurs.
4. Advanced Persistent Threats
These threats have many organizations terrified, and for good reason. Advanced persistent threats (APT) perform attacks persistently and completely undetected. In some cases, the attacks can persist for months or even years without anyone’s knowledge. Meanwhile, the APTs are able to move laterally through the company’s IT infrastructure to steal data.
Since most APTs come through applications like email and web access, according to the Radicati Group, educating employees organization-wide to recognize scam attempts can help protect against APTs. APTs are a large problem because once the company is infected, it may be difficult to root the problem out, as many APT solutions are unfortunately ineffective.
5. Sophisticated Ransomware Attacks
Ransomware is said to be one of the year’s biggest security concerns, according to Stephen Gates, the chief research intelligence analyst at NSFCOUS. An online form of extortion, this type of malware infects computers and “kidnaps” data until a ransom is paid, or else the hackers claim it will be lost forever.
Ransomware attacks targeting businesses increased 90% last year, and the attackers are getting smarter. Gates said the new generation of ransomware attacks, “will carry ransomware payloads capable of infecting hundreds of machines in an incredibly short timespan.” Quite a terrifying thought.
The tech and finance industries tend to be the ones most heavily targeted by ransomware attackers, but companies that deal with trade secrets and intellectual property that fill supply chains are currently being targeted at alarming rates.
Frequent threat checks, auto security updates, and regular backups can protect data, but once again education is key to protect all computers and data from being held against the company’s will.
It’s not if an organization will suffer a cyber-attack, but rather when, and your clients must have a solution in place to remain vigilant against all incoming and persisting attacks. As you can see, many attacks are made by simple tools like email and spoofed websites. Therefore, education is key. Still, it remains necessary to employ the latest in IT security. Some excellent resources for businesses include Stay Safe Online, which is powered by the National Cyber Security Alliance, and is chock full of tools and methods for protection against cyber threats and attacks.
And HTTPS Everywhere, an extension for Firefox, Chrome, Opera, and Android web browsers released by Electronic Frontier Foundation, can encrypt communications while surfing major sites, all the while filling in the gaps and ensuring that all web browsing is secure at all times.
Social-Engineer.com is another resource that helps organizations pinpoint risk areas and vulnerabilities that hackers can use to infiltrate infrastructure and enact disorder.
Finally, you should look into a security platform that provides threat intelligence and monitoring, fraud detection, and transaction monitoring among other essential security services.
These are just some of the solutions available to B2B companies intent on keeping hackers at bay while fortifying against attacks and theft. With the Internet of Things (IoT) making things more convenient for businesses and decision makers, criminals will always find a way to exploit for illegal gain.
With proper education, the right tools, and hyper-vigilance for shady practices in all business dealings, your organization should fare well against cyber criminals going into the future.
Handpicked for you:
By Steve Lowing
By Meaghan Moraes