Cyber breaches affect everyone, from the small to the large business owner, globally and nationally, so you should be fully aware of how to protect your business online.
With more people migrating to online platforms for buying, selling, banking etc, the more consumers and business are susceptible to cyber attacks. The breach of sensitive information and personal details has become a commonplace news trend, but one that we shouldn’t have to get accustomed too.
Major cyber attacks of 2016/17
In September 2016, the search engine giant Yahoo! Inc witnessed a large-scale security breach, where ‘state-sponsored’ hackers were reported to have stolen user information from around 500 million accounts.
It’s believed that this information was historic, stolen from the company’s network in late 2014 and may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and in some cases encrypted or unencrypted security questions and answers.
Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so, but has found no evidence that the state-sponsored actor is currently in Yahoo’s network.
However, in December, just in time for Christmas a second breach was detected! This dated back to 2013 involving over 1 billion accounts, making it the largest data breach in history, double the number implicated in 2014.
The hackers used forged ‘cookies’, bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit. The company believes the hacks are connected and that the breaches are still what they consider to be ‘state-sponsored’.
Barely into 2017 and a fresh hacking scandal involving 20 million accounts with Lloyds Bank hit the headlines. They suffered a 48-hour online attack at the start of January as cyber criminals attempted to block access to 20 million UK accounts.
From the 11th to 13th January Lloyds, Halifax and the Bank of Scotland were bombarded with millions of fake requests in an effort to grind their services to a halt. Many services, including online banking experienced intermittent problems due to the denial-of-service attack.
The 8 types of ‘business’ hacks to be aware of:
1. Malware
Often introduced to a system via email through attachments or software downloads. Malware is simply defined as code with malicious intent that typically steals data or destroys something on the computer.
2. Phishing
Often posing as a request for data from a trusted third party, phishing attacks are sent via email and ask users to click on a link and enter their personal data.
3. Password Attacks
A third party trying to gain access to your systems by cracking a user’s password. Often hacker use a trial-and-error or ‘Brute force’ method used to obtain information such as a user password or PIN number. Strong passwords are key!
4. DOS Attacks
Attackers send high volumes of data or traffic through the network (i.e. making lots of connection requests), until the network becomes overloaded and can no longer function. Often hackers use multiple computers in order to disturb a site’s security and access.
5. MITM (Man in the Middle)
Impersonating the endpoints in an online information exchange, a connection on your smartphone or website, they can obtain sensitive information. For example, if you are banking online, the man in the middle would communicate with you by impersonating your bank.
6. Drive-by Downloads
Through malware on a legitimate website, a program is downloaded to a user’s system just by visiting the site. It often exploits vulnerabilities in the user’s operating system or in different programs, such as Java and Adobe.
7. Rogue Software
They come in the form of pop-up windows and alerts that look legitimate. They advertise security software and by clicking ‘yes’ on the ad the rogue software is downloaded to your computer.
8. Malvertising
A way to compromise your computer with malicious code that is downloaded to your system when you click on an affected ad. Cyber attackers upload infected display ads to different sites using an ad network. Cyber attackers upload infected display ads to different sites using an ad network.
What is Cyber Essentials?
This scheme is an extension of dual measures implemented in 2012 which included ‘10 Cyber Steps to Security’ and ‘Small Businesses: What You Need to Know about Cyber Security’. However, after Government analysis it was concluded that security controls were still not being applied, hence Cyber Essentials!
The scheme is a clear statement of the basic controls and measures that all organisations should be implementing to protect themselves from data breaches and cyber attacks, aimed at those with a low level of technical capability. It focuses on 5 main controls:
- Boundary firewalls and internet gateways
- Secure configuration
- Access controls
- Malware protection
- Patch management
Cyber Essentials is verified on the basis of self-assessment, via a questionnaire. If a business meets the security standards required they will receive a Cyber Essentials badge through one of the 5 certified accreditation bodies, costing around £300.
Alternatively, there is also Cyber Essentials plus which offers a higher level of assurance through external testing of the organisation’s cyber security approach. However, this will cost more than the foundation certificate.
How will this benefit businesses?
The certificate will give owner, customer and users of your site more confidence and greater trust when submitting their sensitive information online or engaging in monetary transactions.
Equally, it will work as a barrier against viruses inconveniencing or even putting out your website. This can result in a loss of revenue as well as the costly task of removing viruses and toxic software.
To find out how you can earn yourself the Cyber Essentials badge visit https://www.cyberaware.gov.uk/cyberessentials/
You can’t put a price on staying safe online!
Get in touch
We know commerce, let us help you improve customer experience, increase conversion rates, and make that digital change.
- hello@iweb.co.uk