Virtual Security: The Biggest Threat to Business In 2017

DDOS, phishing, ransomware and pen testing are all phrases that you are likely to have heard in the workplace and not paid much attention to. You may even have received emails form your IT department warning you of the latest ways in which criminals will look to access your data. However, whilst you might think software updates, password changes and firewalls sound like a hassle, it’s important to realise that the single biggest threat to your business in 2017 is your digital security.

Image Source: Pixabay

The aforementioned phrases aren’t anything new, though you may have only heard of them recently. They stretch back decades; for instance, the first usage of the term ‘pen test’ (penetration testing) was used in 1967 by members of the National Security Agency – exactly 50 years ago. Since there have been computers, there have been ways to exploit them.

The most common attack on a business is called a DDOS. A DDOS attack is a distributed denial of service. Have you ever had trouble accessign a website at peak time (ie during the launch of an online sale, or to buy tickets to a popular concert)? The likelihood is that the website servers  didn’t have the capacity to deal with so much traffic, and caused the website to go down. In effect, that’s what DDOS is.

Whilst this type of site issue is due to a genuine increase in site traffic, those with malicious intent can deliberately harness the power of your devices, without your knowledge; to carry out DDOS attacks on businesses, hosting providers and banks. Hackers make use of malware and viruses on a host computer to direct internet traffic. A group of infected device traffic, is called a ‘bot-net’ and is one of the most debilitating ways someone can take your business down.

It might be annoying when your ticket provider goes offline, but imagine if you were a customer trying to make a PayPal or bank transfer of essential funds to pay for a grandmothers nursing home care, and couldn’t. To use an actual example: 1 Tbps of traffic from 152,000 devices took down French hosting-provider OVH in September 2016, making it the largest DDOS attack of all time. And no, by Tbsp I don’t mean tablespoons - – I’m talking about a terabyte (1,024 gigabytes) of traffic a second. For those unaware, this attack meant that the websites that OVH themselves hosted – were also taken down.

That means, even if your company website was hosted elsewhere, and wasn’t affected. Your corporate performance management software, cloud storage, marketing tools, and other essential processes could be taken out of action, putting a complete halt to business - or at the very least - departmental operations.

Every year, businesses employ ‘ethical hackers’ to ‘pen-test’ their cyber security. These hackers will attempt to find a flaw in the company’s defenses, combining an extensive knowledge of software and social engineering. In return, the company will pay them handsomely and then look to upgrade their protection. Some pen-testers may even attempt to ‘phish’ a password from an employee.

Phishing is when a person attempts to solicit sensitive information like: bank details, credit cards details, passwords, database records from someone with access to that data, usually through online emails or instant messages. A reported 15,000 French businesses have fallen victim to one phishing scam in particular since 2010, in which a ‘fake boss’ asks an employee to wire transfer obscene sums of money, out of the company’s account. The ‘fake boss’ scam has cost French businesses upwards of €465million since 2010.

Remember, you aren’t just storing employee data, but data from your customers too. They have trusted you with their sensitive information, return that trust and invest in cyber-security. The cyber-security market reached $75bn in 2015 and is expected to grow to $170bn in 2020.

Be part of that movement.