How Cyber Security Can Be Improved

How Cyber Security Can Be Improved

Cyber security is all too often an issue which business owners don’t spend a great deal of time thinking about until something goes wrong, by which time the damage has been done and the thinking tends to revolve around asking exactly how much damage the security breach is going to inflict on their business.

The answer to that question tends to be, unfortunately, ‘a huge amount of damage’. According to USA Today, for example, 60% of small businesses which fall victim to a cyber-security attack actually go bankrupt within 6 months of the attack taking place. The Ponemon Institute’s Cost of a Data Breach Report 2020 states that 52% of data breaches are caused by cyber-attacks, and that the average organisation spends £3.4 million responding to attacks of this kind.

Detection

While the ultimate aim of any cyber security system is to stop attacks occurring in the first place, it should be noted that effective detection systems could play a part in reducing the financial hit taken by businesses targeted by cyber criminals. Put simply, the sooner a data breach of this kind has been spotted, the less of a financial impact it will have – according to the report, the average time taken by an organisation to detect and respond to a cyber-security breach is 280 days, but those which manage to do so within 200 days can reduce the cost by £750,000.

It Can Happen To Anyone

Anyone tempted to assume that their existing cyber security measures are robust enough to protect their business from the attentions of cyber criminals should be aware of two extremely telling features of the cyber security landscape. The first of these is that, during 2019, major data breaches took place at WhatsApp, iPhone and Microsoft. The details were as follows:

• WhatsApp – in May 2019 hackers managed to install surveillance technology on user’s phones via WhatsApp, and alleged victims included Amazon founder Jeff Bezos, apparently targeted via personal messages sent to the crown prince of Saudi Arabia.
• iPhone – Uighur Muslims in China had their phones infected by spyware for up to two years leading up to 2019, with every aspect of the software impacted.
• Microsoft – in April 2019 Microsoft discovered that hackers had infiltrated the development tool Visual Studio, placing back doors in the tool which enabled them to infiltrate multiple video games companies.

These are only three of hundreds of thousands of attacks of this kind which took place during that same year, of course, but what they illustrate is that even some of the most technologically trailblazing companies in the world are far from being immune to the risk of a cyber-attack. Indeed, in the case of iPhone, the attack went unnoticed for a period of two years and was actually only noticed at all by a third party.

Massive Threat

The other fact of cyber security life which needs to be considered is the sheer scale of the threat. As soon as a set of figures is published it tends to become out-dated, since the cyber criminals and security experts are in a constant race with each other to maintain the upper hand. Some statistics taken from reports published in the last few years, however, still paint a picture of the size and intensity of the cyber-security problem:

• According to the University of Maryland, a cyberattack occurs every 39 seconds
• The Herjavec Group predict that, by 2021, a business will fall victim to a ransomware attack every 11 seconds
• According to IBM the average cost of a data breach is $8.64 million, with each stolen record costing $146 and 61% of the cost of the breach being frontloaded into the first year after it takes place
• According to experts, hackers create more than 350,000 new types of malware (malicious software) every single day
• The Kapersky cyber-security platform has an anti-phishing system, and in 2017 this system was triggered approximately 247,000,000 times

Hopefully, the information above is enough to present a compelling case for the scale and severity of the cyber security problem potentially facing any business in the UK, but it’s worth taking a brief look at a few of the specific aspects of cyber security which anyone coping with the problem will find themselves having to think about:

Avoiding Viruses

Software

It may seem like stating the obvious but the first and most fundamental step to take when attempting to avoid a virus is to install antivirus software from a reputable company such as Norton or Avast. Many versions of antivirus software are actually available free of charge, although someone with a business IT system to protect rather than simply devices being used privately might want to invest in the extra protection offered by working with third party experts in IT and data. This will provide systems which are precisely calibrated to protect against the ever-changing nature of the threat without disrupting day to day business activity. Even the best antivirus software can’t claim to provide 100% protection, however, particularly since cyber criminals are always working to stay one step ahead of the latest measures, so it’s vital to be as proactive as possible when it comes to stopping viruses making their way on to your systems. Simple steps you can take include the following:

Passwords – make your passwords as strong as possible, using a combination of numbers, letters and symbols which are at least 8 characters long. According to research, the most popular passwords in 2020 were:

1. 123456
2. 123456789
3. picture1
4. password
5. 12345678

Unsurprisingly, it takes password hacking software less than a second to get through passwords of this kind and onto the systems or devices they are meant to be protecting. More effective passwords are most likely to be those which are made up of three words chosen at random, interspersed with symbols and numbers, and it’s also important to have a different password for each device and service, so that breaking through one password doesn’t enable cyber criminals to access a broad range of your data. Some people may feel that this sounds like a lot of time and trouble to spend on passwords but the alternative – having your system compromised by a virus – is infinitely more disruptive, and using a password manager can simplify the application of multiple passwords.

Update – make sure that you update your operating system and other software on a regular basis, as companies like Microsoft regularly release patches and updates to deal with any security glitches which might be exploited by hackers. If you’re using an operating system which was installed two years ago, for example, then any viruses or malware developed during those two years might be able to exploit these glitches for as long as your system needs to be updated.

Popups – many viruses make their way onto a system after the user clicks on an ad or link put there for that express purpose. Even clicking to close an intrusive popup is sometimes enough to download a virus to the device, so the safer option is to install software which stops unwanted ads opening automatically.

Email phishing – a large number of security breaches take place via emails which purport to come from a legitimate source – such as your bank or a business contact – and persuade the recipient to either disclose personal information or click on a link which is infected. As a rule of thumb, never click on links or buttons on emails which come from a source you don’t recognise, and read any email very carefully for signs that it might be a scam. These could include poor grammar, misspellings and an email address which doesn’t include the domain name of the business. Another tell-tale sign of an email phishing scam is a request to log in and provide personal details or billing information, something which a legitimate company would never do.

Education - if you’re running a business make sure that your employees understand the basics of avoiding viruses such as those set out here, and do the same for family members using devices such as laptops, tablets and smartphones.

The signs – you should learn to recognise the common signs of a virus on your system, since it’s always possible, despite your best efforts, for a virus to somehow manage to get through the defences in place. These signs could include the following:

• The presence of toolbars which you didn’t install
• Repeated shutdowns
• The device taking longer than usual to shut down or restart
• Error messages appearing repeatedly
• The details of your homepage altering
• The battery draining more quickly than usual

Firewalls

A firewall acts in conjunction with antivirus software to prevent viruses getting on to your systems and devices. It shouldn’t be assumed that your chosen antivirus software includes a firewall as many don’t, although some devices do come with a firewall installed as standard. Find out if you have a firewall and, if not, install one, as it acts to monitor incoming and outgoing traffic and blocks some data on the basis of a specific set of rules. A firewall works by analysing all data attempting to make its way on to your system and blocking any which comes from suspicious or unsecured sources, or which doesn’t comply with the rules which have been established.

The majority of firewalls monitor ‘packets’, which are units of data, checking the source of the packet and the destination IP address. Only packets which match those which are allowed by the firewall will be able to pass through and on to your devices.

Packet filtering of this kind offers some protection but is fairly basic. It can’t, for example, determine whether the contents of a request could be harmful, meaning that a damaging request – i.e. one which causes a database to be deleted – could be allowed through the firewall if it comes from a trusted source. Much more protection is offered by next generation firewalls (NGFW), which combine the kind of technology described above with functionality which enables the firewall to examine the actual contents of each data packet in order to identify those which contain malicious or damaging data.

Malware/ransomware

‘Malware’ combines the words ‘malicious’ and ‘software’, referring to software which is expressly designed to compromise systems and devices, being placed by hackers with the intention of stealing information or disrupting functionality. The first recorded example of malware dates from 1982, when a virus named Elk Corner was discovered on a Mac. By 1986 the first PC based malware – called ‘Brain’ – had also been discovered. In the years since, malware has evolved to take advantage of developments in technology. When businesses began to make increased use of email as a means of communication, for example, the prevalence of email-based malware experienced a corresponding rise. Further evolutions of the malware threat have included the emergence of phishing and web-based applications post 2000 and more sophisticated attacks from malware such as worms and spyware.

Ransomware

Ransomware is a specific type of malware which encrypts the files on a device, making the data and systems on that device impossible to use. Victims will then be informed that their data will remain encrypted until a ransom has been paid. In addition to this, the perpetrators might also threaten to release sensitive data taken from the systems if the ransom isn’t paid. Ransomware attacks can impact on everything from a single device all the way up to an entire network within an organisation, and the infection itself can sometimes be delivered by something as simple as an individual clicking on the wrong attachment. In other cases the hackers behind the ransomware take a period of time to gain access to as many parts of a system as possible, cracking passwords and exploiting loopholes in security in order to gain control of the maximum data before encrypting as much as they can. The latest development of the ransomware threat has seen hackers making use of ‘ransomware as a service’, which means that they can deliver the ransomware without needing any technical expertise, provided they pay a percentage of any profits to the original authors of the malware. High profile victims of ransomware attacks in recent years have included Travelex and the NHS.

Hacking

The simple definition of hacking is that it involves unauthorised access of digital devices and systems which, in the vast majority of cases, is malicious in nature and carried out in order to steal data, damage or corrupt the systems and devices in question or disrupt the activities which depend upon those devices. The first recorded appearance of the term ‘hacking’ dates from the 1970s, and by the 1980’s movies such as WarGames and Tron introduced the concept of hacking to a wider audience. The motivations for hacking usually consist of at least one of the following:

• Financial gain achieved via the theft of payment details or other forms of financial fraud
• Corporate espionage, with one company wishing to find out more about how another operates
• Political motivations, such as the leaking of sensitive information carried out by groups such as Anonymous and WikiLeaks
• State sponsored hacking which sets out to steal national intelligence or business information from another country

Devices which are vulnerable to hacking – beyond the obvious targets of PCs and Macs – include smartphones, webcams and routers, and the rise of the Internet of Things has opened up a whole new array of devices, such as ‘smart’ fridges, cookers and home heating systems, which hackers will be looking for ways to target and exploit.

Back ups

There is really no such thing as 100% certainty that your devices and systems are protected from the risk of viruses and other forms of cybercrime. Bearing this in mind it’s vital that you ensure that the data which your business depends upon is backed up on a regular basis, and that this back up should shift the data to a destination which is separate from the rest of your systems, such as a separate hard drive or the cloud. The backup process will work more efficiently if details such as the timetable, the regularity of uploads and the specifics of the data which needs to be backed up, are set out in the form of a documented, written policy and monitored on a regular basis.

Business Continuity

It is strongly advisable to create a plan outlining what your company would do in the event of being unable to access your data. A business continuity plan sets out where all your data is stored, what cyber security measures are in place and what you would do if you could not access your data in the short and long term. Train your whole team on the plan so that, if the worst happens, you are all able to keep working and prepared to avoid disaster.