There is no doubt that data breaches are becoming ever more pervasive in an interconnected business environment, and it is an unfortunate fact that companies and organisations now have to engage in a modern-day arms race with the hackers.
It is quite sobering that there has been a 600% increase in cybercrime since the start of the pandemic and a 350% increase in ransomware attacks since 2018. This comes at a cost. Many firms go under following an incursion.
It is not just small, technologically unsophisticated enterprises which are in the sights of the cybercriminals, though they can be the least well-equipped to defend themselves from voracious and undiscriminating threat actors.
In 2022, major players such as Cisco, Uber, Samsung and Twitter were compromised. Sensitive data was even leaked from organisations such as Nato, and US airport websites were hacked. In the UK, confidential employee details were accessed at WH Smith.
The Cyber Breaches Security Survey in the UK showed that 39% of UK businesses identified an attack in 2022, of which by far the most common was phishing, or attempting to access systems through fake emails.
More sophisticated attack types such as denial of service, malware or ransomware attempts were less common, but were seen as a much more serious threat, since refusal to pay off the hackers – a policy to which most responsible firms subscribe – can result in major and lasting damage.
The good news is that while the cyber gangs can appear to be on an unstoppable offensive, the forces of order are fighting back. Just last month (April 2023), law enforcement agencies shut down one of the biggest criminal marketplaces in the world.
A sting operation on the Genesis Market – which had 80 million sets of credentials for sale including online banking, Facebook, Amazon, PayPal and Netflix account information – saw 120 people arrested globally and more than 200 searches carried out.
So what can companies do to protect themselves from online predators who appear to become more sophisticated with each passing day? Here are Five Simple Steps to take which will make it harder for them to breach your defences.
- Install Anti-Virus Software. An antivirus product is a program designed to detect and remove viruses and other malicious software from computers or laptops. Devices can become infected by inadvertent downloads of malware in an attachment linked to a dubious email, or hidden on a USB drive, or even by simply visiting a dodgy website.
- Patch, patch, patch. Insist that all patches and security fixes are up to date. Software vendors use patches to enhance performance, fix bugs before they happen and close vulnerabilities before bad actors can exploit them. Make sure that routine updates are applied across all systems.
- Keep staff onside. Make sure that all staff, whatever their responsibilities, are aware of the many ways that hackers can worm their way into systems, such as phishing. Best practice email protocols are vital. Threat monitoring software will look for unusual behaviour, using AI algorithms, and shut it down.
- Control your passwords. In running complex software platforms, it is inevitable that there will be numerous different passwords, which are a primary vulnerability and which have to be effectively deployed and protected. A password manager app on devices stores passwords, so users don't need to remember them. Once logged into the password manager using a “master” password, it will generate and remember passwords for all online accounts.
- Belt and braces. Use multifactor authentication. This is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user's identity for login. This is increasingly commonly used in personal circumstances such as online banking and is very effective at shutting the criminals out.