The whole industry of cybercrime has become increasingly sophisticated, not to mention far more comprehensively funded. There are several new breeds you might not be aware of. In this article, we will take a look at those, as well as the other most common types of cyber attack.
Cryptojacking has grown at a very fast rate over the last year. It is a rather scary type of attack in which criminals will take control of your computer’s processing power to mine for cryptocurrencies like Bitcoin. Cryptojacking will not disrupt your IT system, which makes it harder to detect, although it will cause a performance drop.
This kind of attack can go on in the background for a very long time, restricting the performance of your machines and your network.
Protecting your business against cryptojacking requires routine monitoring of your system to understand how computing power is being used. If processing power is being diverted by a program in the background, this should be investigated as it could be related to cryptojacking.
Formjacking is another fast-growing type of cyber attack that can be extremely dangerous for businesses, principally because it is so difficult to detect and so profitable for cyber-criminals. During a formjacking attack, a hacker injects a piece of code into an e-commerce site. The code reads the transaction details and extracts the customers’ personal and financial data.
The breach is almost impossible to spot because the transaction will go through normally. It is only uncovered if specific cyber-security work is carried out and the injected code is uncovered.
You should regularly test your forms, and webmasters should check the code that is being used, as this is where formjacking attacks take place.
Unfortunately, insider attacks are one of the most common types of cybercrime – with some statistics suggesting that insiders are involved in around 20% of all incidents.
It can be very difficult to stop employees with malicious intent. Some of the most effective methods involve minimizing risks by setting out a no-tolerance policy and helping staff realize that the system is monitored and that attacks will be punished with the force of the law. It is also wise to ensure that personnel are given access only to the data they need to do their job. When employees leave, you should conduct an “off-boarding” process in which access to accounts is rescinded.
Phishing and social engineering
Possibly the most well-publicized and well-known form of cyber attack is phishing email. This is essentially an email that is sent your account pretending to be from a legitimate source. It could mimic a password-reset email or suggest that your information has been stolen, and then trick the user into clicking on a link to a fake website that harvests details.
Social engineering essential takes this concept a step further – and typically involves specific research into a targeted individual or company. It is sometimes known as “spear phishing.”
The only real prevention against phishing and social engineering comes in the form of training. Educate your staff on how to spot a phishing attack so that they won’t be taken in.
Business email compromise
Business email compromise (BEC) attacks are sometimes known as man-in-the-email attacks. It is a type of phishing where the hacker first gains access to the email account of someone in a business, and then sends an invoice to the accounting department requesting a payment into a bank account. As the email comes from a legitimate source, the accounts department pays, and the attack goes unnoticed until someone uncovers the fraud.
BEC attacks are also difficult to stop, so you need to insist on the strongest preventative measures such as longer and more complicated passwords for staff email accounts.
Ransomware is a type of malware that blocks access to your data until a ransom is paid to have it returned. The best-known is the WannaCry attack, which disrupted the operations of the UK National Health Service and many other organizations across Europe. The best protection against ransomware is consistent backup of your data to prevent the malware from blocking access to your business-critical information.
Needless to say, vigilance is crucial – when you consider that almost half of all UK businesses suffered some kind of cyber attack or security breach last year, and the true scale of the problem is often unseen.
Accenture has estimated that a malware attack costs an organization an average of US$2.4 million. Cyber attacks can also have less obvious consequences, such as damaging your reputation, invalidating your data-regulation compliance, and negatively affecting your search engine optimization.
Intelligent governance, risk, and compliance solutions can help. Read more in this Forrester report.