3 effective ways to reduce the risk of a cyber attack on your business
From this article you will learn:
- the causes behind hacker attacks on organizations
- how false a sense of security can be
- how to reduce the risk of a cyber attack on your company
The technological revolution, accelerated by the pandemic, has become the only hope for the majority of organizations and institutions in the world to function normally in a volatile reality. However, the cyber world also brings cyber threats, including for business.
According to Steven Morgan, editor-in-chief of Cybercrime Magazine, damage caused by cyber attacks will cause $6 trillion worldwide in 2021. Morgan draws conclusions based on previous years and points out that the cost of such crimes increases on average by 15% annually. Efficient internal system security is obviously key in the fight against cybercrime, but experience shows that even the best system can be compromised by ignorance and irresponsible behavior.
Causes of hacker attacks on organizations
The first thing that comes to mind when we think of cybercrime is financial fraud and extortion. These are the most likely motivations for hackers whose attacks most often follow two scenarios:
- illegally acquired data used for identity theft and fraud and
- locking down a company’s system until a ransom is paid.
However, these are not the only reasons why online criminals are active. Sometimes they act in organized groups to draw attention to some social problem. Some jeopardize the complex security of the world’s corporations to seek recognition and fame. Others do it because they can – their only goal is to reveal vulnerabilities in security systems. This applies to large corporations as well as medium and small businesses. Symantec’s statistics show that 43% of cyber attacks target small businesses. And as many as 60% of those affected are forced to shut down their business within six months of the attack.
A false sense of security
The risk of attack is very real. Recently, the U.S. Federal Bureau of Investigation (FBI) reported that the number of cyber attacks has increased by 400% since the beginning of the pandemic. Unfortunately, we are often responsible for putting ourselves in the greatest danger. Especially in organizations where the support of IT teams, often including cybersecurity specialists, provides a false sense that we are not under threat.
Some headlines from the last few years illustrate that hacker attacks happen even to the largest and most protected institutions: Google, NASA, Adobe, Sony. Recently, there was a high-profile data leak from Tauron, one of the largest businesses in Poland. Even entire countries are under attack.
Nonetheless, high risk does not exempt employees from responsible behavior and vigilance. Most cyber attacks exploit human weaknesses and inattentiveness. And that means you can protect yourself from many dangerous situations. Here are the 3 most important rules.
1. What's your password?
Portal DataProt reports that 90% of Internet users are worried about their passwords being hacked. However, these fears do not lead to preventive measures. DataProt cites a study that revealed that 71% of accounts are protected by the same passwords. What is more, more than half of us use the same passwords for our personal and business accounts. The British organization National Cyber Security Centre also warns against using the password “123456”, which has been used in the case of more than 23 million hacked accounts. Using passwords that are too simple and repeating them across multiple accounts is an invitation to abuse and exploit our private and professional data.
2. Do you know what you are clicking on?
Do you know what a phishing attack is? This is an extremely popular hacking method that involves sending malicious emails or text messages that appear to come from a trusted source, such as banks or other well-known organizations. The sender encourages the recipient to click on a link or open an attachment. Some sources say that up to 99% of attacks are carried out by phishing methods. Companies such as IBM have been warning their employees for years not to automatically click on links they receive and to check the email addresses of the senders. Even if you receive an email from a teammate or your boss.
3. (In)attentiveness
Average employees sometimes unknowingly reveal more sensitive data than you would imagine. This applies to the virtual world (e.g. comments and photos on social media, saved passwords in browsers, enabled GPS in mobile devices) and the real world. Although hackers operate online, often their attacks are provoked by offline behaviors. Some of the most common mistakes include:
- not securing data carriers (laptops, portable drives, mobile devices) with strong passwords – in case of theft or loss, data leakage is very likely,
- writing down passwords in visible places (on post-its taped next to monitors at work, in paper notebooks, etc.) and
- throwing away unshredded documents with sensitive data.
Wiser after the fact? Not necessarily!
The list of mistakes and dangerous behaviors of Internet users is long. Despite the serious consequences faced by attacked individuals, companies and institutions, we still take risks. Moreover, even in companies that have been attacked by hackers, the same mistakes are often made again after some time has passed. Adam Rafajeński, Cyber Practice Director in Deloitte, tells PAP that concern about cyber security lasts on average six months in attacked organizations. After that time, employees revert to their old habits: risk, inattentiveness and underinvestment in defense systems.
Experience shows that the most effective weapon in the fight against hacker attacks on organizations is continuous work to raise employee awareness. Because, despite the prevalence of cybercrime, we are not defenseless against it. Cybersecurity training, building and adhering to internal security policies, creating backups, and awareness campaigns are the main ways to keep employees constantly attentive and vigilant.