DDOS, phishing, ransomware and pen testing are all phrases that you are
likely to have heard in the workplace and not paid much attention to. You may
even have received emails form your IT department warning you of the latest
ways in which criminals will look to access your data. However, whilst you
might think software updates, password changes and firewalls sound like a hassle,
it’s important to realise that the single
biggest threat to your business in 2017 is your
digital security.
 |
| Image Source: Pixabay |
The aforementioned phrases aren’t anything new, though you may have only
heard of them recently. They stretch back decades; for instance, the first
usage of the term ‘pen test’ (penetration testing) was used in
1967 by members of the National Security Agency – exactly 50 years ago. Since
there have been computers, there have been ways to exploit them.
The most common attack on a business is called a DDOS. A DDOS attack is a
distributed denial of service. Have you ever had trouble accessign a website at peak time (ie during the launch of an online sale, or to buy tickets to a popular concert)? The likelihood is that the website servers didn’t have the capacity to deal with so much traffic,
and caused the website to go down. In effect, that’s what DDOS is.
Whilst this type of site issue is due to a genuine increase in site
traffic, those with malicious intent can deliberately
harness the power of your devices, without your knowledge; to carry out
DDOS attacks on businesses, hosting providers and banks. Hackers make use of
malware and viruses on a host computer to direct internet traffic. A group of
infected device traffic, is called a ‘bot-net’ and is one of
the most debilitating ways someone can take your business down.
It might be annoying when your ticket provider goes offline, but imagine
if you were a customer trying to make a PayPal or bank transfer of essential
funds to pay for a grandmothers nursing home care, and couldn’t. To use an
actual example: 1 Tbps of traffic from 152,000 devices took down French
hosting-provider OVH in September 2016, making it the largest DDOS attack of
all time. And no, by Tbsp I don’t mean tablespoons - – I’m talking about a
terabyte (1,024 gigabytes) of traffic a second. For those unaware, this attack
meant that the websites that OVH themselves hosted – were also taken down.
That means, even if your company website was hosted elsewhere, and
wasn’t affected. Your corporate
performance management software, cloud storage, marketing tools, and other
essential processes could be taken out of action, putting a complete halt to
business - or at the very least - departmental operations.
Every year, businesses employ ‘ethical hackers’ to ‘pen-test’ their
cyber security. These hackers will attempt to find a flaw in the company’s defenses, combining an extensive knowledge of software and social engineering.
In return, the company will pay them handsomely and then look to upgrade their
protection. Some pen-testers may even attempt to ‘phish’ a password from an
employee.
Phishing is when a person attempts to solicit sensitive information
like: bank details, credit cards details, passwords, database records from
someone with access to that data, usually through online emails or instant
messages. A reported 15,000 French businesses have fallen victim to one
phishing scam in particular since 2010, in which a ‘fake boss’ asks an employee
to wire transfer obscene sums of money, out of the company’s account. The ‘fake
boss’ scam has cost French
businesses upwards of €465million since 2010.
Remember, you aren’t just storing employee data, but data from your
customers too. They have trusted you with their sensitive information, return
that trust and invest in cyber-security. The cyber-security market reached $75bn
in 2015 and is expected to grow to $170bn in 2020.
Be part of that movement.
Comments
Post a Comment