Understanding the types of cyber criminals and their techniques can help protect your organization from harm. Here are some common types of cybercriminal and pro-active steps your business can take to avoid or mitigate a loss:
The Social Engineer:
Cyber criminals falsifying their identity can trick unsuspecting employees to compromise data and sensitive information, or make monetary transfers. For example, a spoof email purporting to be from the company’s CEO directs an employee of the company to email a copy of the employee’s (or entire staff’s) 1099 tax forms for an upcoming meeting with the IRS. The social engineer (nice term for “scammer”) is then able to capture Personally Identifiable Information (PII) on one or all employees of the organization.
Often social engineers use a sense of urgency to compel victims to react quickly so that the recipient of the phone call or email has little or no time to validate its true source. The requests/demands are often made at closing time, before a holiday weekend, etc. It is important that employees be on guard when time-sensitive demands are made via email or telephone.
To eliminate or lessen this risk, encourage your employees to verify the validity of the email by making a phone call and speaking directly to the person that allegedly sent the email. Employees should also ensure the “reply to” address is, in fact, the email addr
ess of the requesting person. Often the sender’s email address is off by only a couple of numbers or letters. When a request is made to transfer funds or equipment, the recipient’s address should be validated. When Personal Identifiable information is requested via email, this information should always be encrypted before mailing.
The Spear Phisher
Phishing is a tactic used in about 92% of social related attacks. An email can appear to be from a legitimate person or company, but will actually contain a malicious attachment or link that can give a scammer access to banking credentials, trade secrets, and other information that the “spear phisher” is trying to access.
Companies can implement employee training that prepares employees to recognize and respond to malicious phishing attempts. Employers can also use software to do random “tests” on their employees to see if they are following the proper security procedures. Employees should be taught to NEVER open an attachment unless they recognize the sender.
Nearly 2/3 of confirmed data breaches involve the use of weak, default, or stolen passwords. Some malware can capture keystrokes (passwords) from an infected device. Strong passwords with special characters, upper and lower case letters, and numbers should be used and passwords should be changed often. Employees should be advised NOT to use the same password twice in same year period. Multi—factor authentication is also encouraged, along with implementing patch management software.
The Rogue Employee
Disgruntled employees and insider threats account for 15% of breaches. These insider breaches can be particularly challenging as employees often have access to data along with knowledge of what is stored and where it is stored.
A good preventative measure is for companies to restrict access to sensitive data to only those employees that require that information for their job duties. When an employee leaves the company, access to the system by that employee must be terminated immediately. Companies can also monitor employee’s internet usage with or without their knowledge.
The Ransom Artist
Ransomware is the fifth most common form of malware.
Ramson artists have been modifying codes and implementing new ransom attack methods; they disable company computer systems, deny access, or encrypt data and will not restore data or allow access to systems until a ransom demand is met. Ransoms are typically paid by bitcoins to eliminate tracing to the ransom artist.
Most likely the companies who fall victim to ransomware are probably not following information security rules, including password protection procedures, encryption, and frequent and secure back-up procedures. When a company has systems in place that enable it to independently restore data, or has a partnership with a managed services IT company that does daily back-ups and is able to restore the majority of your data in a timely fashion, it will be less likely to give in to a ransom demand.