58% of hacking victims are small businesses. The reasons are obvious. These businesses aren’t the wealthiest, so they cannot afford their own IT department to oversee security. And the losses are not insignificant. In 2017, the costs exceeded $2 million. The outlook for 2019 is not promising. The number of attacks, and consequently the number of victims and the associated costs, is likely to rise.
Danger lurks in emails
Malware, or malicious software, spreads easily via email. Companies receive hundreds of emails a day; you download attachments and click on links, often without thinking. And hackers exploit this inattention and lack of knowledge.
What the figures say about malware in emails:
- 92% of malware reaches users via email.
- 88% of infected emails contain malware in an attachment.
- The average employee receives 16 malicious emails per month.*
*Data sourced from Symantec’s Internet Security Threat Report.
Statistically speaking, AITOM receives over 300 malicious emails a month. It is the job of antivirus software and firewalls to ensure these emails never reach users’ inboxes in the first place.
Unfortunately, these programmes are always one step behind, as they only respond to existing known threats. The only defence is caution. Just as you wouldn’t let just anyone into your home, be careful what you download.
TEACH THE GENERAL PUBLIC TO DEFEND THEMSELVES
The most insidious malware is after your money
Ordinary viruses are fairly easily detected by antivirus programmes. More insidious are malware programmes that rely on some action by the user, usually clicking on a link or downloading an attachment.
An infected email will go to great lengths to get you to open it and download the malware onto your computer. Most often, malicious attachments or links are disguised as:
- An invoice
- A delivery failure notification
- Legal document/lawsuit
- Scanned documents
- Parcel tracking systems
Phishing and ransomware are among the most dangerous types of malware.
When a hacker goes fishing… Phishing
Phishing is a type of attack that attempts to obtain your login details. Very often, a request to enter your login details arrives via email. The name is a corruption of ‘fishing’. Essentially, this is because the hacker sends out a request to enter data on their website and waits to see who takes the bait.
In 2017, 76% of companies
reported a phishing attack. In this case, hackers target the most vulnerable link – unsuspecting users. A layperson will easily believe a credible message. The number of attacks is on the rise, as evidenced by frequent warnings from Czech banks about such requests in the media.
The only defence is educating the general public.
It is also important that employees know how to proceed
, even if they have actually handed over data to a hacker in good faith.
Ransomware extortion is on the wane
Last year, fewer ransomware programmes were created. That is, software designed to blackmail you. Typically, ransomware encrypts your data and promises to decrypt it in exchange for a payment in bitcoins.
According to Kaspersky Lab, there was
a 30% drop in the number of ransomware programmes created
; unfortunately, however, the number of existing variants is growing. These are being replaced, however, by other attacks targeting cryptocurrency owners directly. The decline may also be due to the fact that the value of cryptocurrencies has fallen. This trend may therefore not continue. There was a lot of coverage of ransomware in the second half of 2017 in connection with the WannaCry ransomware, so it is possible that hackers are waiting for users to rest on their laurels and become less cautious.
Source: Barkly.com
The best defence against ransomware, apart from adequate IT security, is also backups. Set up backup policies within your company and thoroughly train all staff.
Hackers are becoming more sophisticated
Attacks are becoming more sophisticated. Many infected emails do not even have an attachment
; simply clicking on a link is enough. Such malicious emails account for roughly 35% of the total, and their numbers are rising. Consequently, the user’s knowledge and vigilance
are the only defence.
Source: Barkly.com
The best defence? Knowledge!
Together with IDC Softwarehouse, we are launching an updated Cybersec training programme in January. The programme is aimed at ordinary company employees who are not particularly familiar with IT; the courses teach them the basic rules of security. Try the demo version at www.cybersec.cz.