With even 14 year olds are successfully creating malware and attacking business networks, will your current IT Support able to protect you?
Cybercrime is now a $445 BILLION business and has only been growing over the past 10 years. In fact, the talent pool is budding with aspiring thieves hoping to steal your sensitive data or drain your business accounts.
Maybe you aren’t yet convinced that cyberattacks could ever hit your business, but cybersecurity experts identified that in 2017 and beyond, the average US company will have to face over 200,000 cybersecurity events each and every day.
The reason for this increase in cyberattacks?
Cyber criminals are becoming more organized, more aggressive and more ambitious. Incentives of big payoffs and easy targets makes the cybercrime lifestyle appealing to many young coding enthusiasts—especially in regions of the world with limited opportunities and little government oversight.
On Top Of Everything: Your IT Support and IT Security is lagging behind. The majority of businesses don’t even know what measures need to be taken to keep their networks secure—and are complacent that their IT guy or IT provider has their bases covered (when many lack the capacity or the skill to both manage your network and your security).
What You Need To Be Thinking About: business cybersecurity management should be more than simply an afterthought. It needs to be an on-going, conscious and concerted effort by your support team to make sure that your business (1) has all the necessary preventative tactics in place to discourage criminals from breaking in and (2) constantly is monitoring and maintaining your network to key in on possible attacks or vulnerabilities.
Why Isn’t The Government Doing More To Protect You?
The problem with cybercrime is that it’s Really Hard to physically identify culprits. Cyberspace operates in a completely different set of rules than the physical world—and currently no one knows or has conceived a way to regulate it well.
Since the internet is a global network, it doesn’t matter whether a criminal lives next store or a 17 hour flight away. Many of the criminals working to get into your network and bank accounts don’t even live in places with the cyber laws. Threats can literally come from anywhere and be initiated by anyone.
In addition, cyberspace doesn’t have the same borders as our physical world. Cyber boundaries are marked by routers, firewalls and other access points. If your IT Support hasn’t been addressing these boundaries, your business is likely not doing a very good job at protecting itself from cyberattacks!
And assuming that the bad guys will get caught seems unlikely. Very seldom does a government arrest or put these criminals on trial.
That means instead of expecting a government to protect and advise you, you better make sure your business is protecting itself!
Case In Point: 14 Year Old Junior High Student Successfully Attacked And Infected Businesses.
This week, Japanese authorities were able to identify and arrest a 14 year old boy from Osaka for creating and distributing ransomware that was targeted at businesses across the globe. This has been the first arrest in Japan that involves ransomware-related crimes.
This junior high school student was able to create a ransomware virus, upload its source code on the internet and infect personal and business networks—according to Japanese media.
This 14 Year Old Even Shared His Code With Hundreds Of Other Ambitious Criminals
The student admitted to even teaching others how to implement this successful cyber campaign through a variety of websites online—in fact, his ransomware framework has been downloaded over 100 times (that means there are at least a hundred more budding criminals waiting for the right moment to spring an easy attack on unsuspecting victims).
Governments have a track record of finding and convicting less than 10% of cybercriminals implementing attacks world-wide! Even though cybercrime is the largest growing threat for businesses, detecting and eradicating the threat is far from over.
Just last month: I’m sure you were well aware of the WannaCry ransom attack that hit over 300,000 computers in less than 72 hours. What will happen next time when an attack is faster, more targeted and wider spreading? If a 14 year old boy can successfully implement an attack, how many more aspiring criminals are out there (maybe even some that don’t even realize the repercussions of their actions!)?
And Spear Phishing Attacks Have Become More Laser-Focused at a small number of individuals at your workplace!
Many of the large phishing campaigns of previous years are increasingly being replaced by small well-targeted attacks aimed at VIPs in your organization. Attacks analyzed from over a half million inboxes in the last 12 months revealed that more that 77% of attacks were targeted at less than 10 individuals. And over 1/3 targeted one specific individual.
Why does this matter? Scammers and hackers are getting more sophisticated in who they target. They may be cued into the weakest links in your organization—those individuals that present the easiest access into your network. They may target specific roles—perhaps the accountant or someone that would likely open their email—instead of bombarding your entire company with an attack.
And spam filters aren’t able to detect these emails easily. The onus is now on businesses to be able to identify attacks and understand how to prevent a phishing scam from harming their business. That dependence, yet again, is on your IT Support team—who may be juggling too many other balls to monitor current cyber threats and alert your users or train them about recognizing attacks.
SO, What’s the solution?
Cybersecurity is an evolving discipline. Your IT Support CANNOT approach it as a one and done solution. They need to be able to help your business identify and mediate threats before a vulnerability in your network causes you to become the next victim.
Below are a few recommendations that your IT Support should be doing to keep your network, your data and your employees safe:
Preventative Maintenance— One of the easiest way to prevent an attack from happening in the first place is to make sure you have no known hole in your network. For instance, Microsoft regularly updates users with patches, all of which should be applied to avoid security vulnerabilities. For more information on preventative measures see our latest discussion here.
Monitor Your Networks— When a network has been compromised by an attack, there are many signs of irregular activity. The malware has unusual behavior on your network which would be detected if someone were watching. Unfortunately, over 95% of compromised systems aren’t detected for months or until massive encryption and ransom occur.
Communicate With Your Users— As part of your IT Support, you should expect regular dialog about security and keeping your team’s data secure. Your support should communicate latest means of attack and what users should look for in phishing emails. A healthy dialog between users and their support makes sure for less risk when it comes to data breaches and hacks.
Make Sure They Train Their Team—IT Support teams should not be kept in a vacuum. You should expect your team to focus on training their teams on latest security practices. Make sure your IT Support team is current with their security training and are all on the same page when it comes to security policy and procedure.
Build A Cybersecurity Ecosystem—You should expect your IT Support team to be catalysts of aggregating and communicating security information. Be it from vendors, government, or other tech security experts in the community, you should expect your IT Support team to be aware of what is currently happening in IT Security and able to recognize an ever-changing security threat landscape.
Focus On Continuous Learning, Education and Upskilling— to ensure that your IT Support retains its best talent, they should make sure that their people are increasing their skillset and always learning how to improve your enterprise security. Team members benefit from real world training, classes, conferences and certifications to make sure that your team has a good breadth, but also depth of knowledge, on ways to secure and eliminate network vulnerabilities.
Cybersecurity is definitely a complex field and requires the full support of your IT Team. Simply having a cybersecurity guy on staff is not a sustainable means to keep your network running securely. You need to have IT Support team that understands how to leverage their skills and interactions with your users to keep your business safe—successfully defending your assets.
Are you certain your Support team understands your security enough to keep your business data safe? Is their team well-equipped to identify vulnerabilities, shore up potential threats and keep users secure? Have they deferred your security until it’s convenient for them? Contact Us TODAY for a free network security assessment!