Biggest cyber threats
Cyber space is an interesting play field for criminals. Each year more and more criminal activities happen online. Great damage can be done to your processes, even with the simplest of tools, often bought online for a couple of dollars. What are the biggest threats and how can you prevent cyber-attacks from disrupting your business?
Phishing is a well-known and still popular way for cyber criminals to get access to email accounts, credit card information, IDs, bank accounts and internal systems. Phishing emails are getting more and more professional, almost impossible to distinguish from real. With a simple phishing email, cyber criminals can get access to your data and breach your systems. Imagine the consequences. Stay alert, stay focused. With the EU General Data Protection Regulation (GDPR) it has become even more important to protect information and client data.
Many business owners think their company is not of interest to cyber criminals. Why would they hack your company? Think again. This one special recipe, that unique code, that special way of manufacturing. All this is your intellectual property. Without it, your business loses its unique selling point. Hackers know your secrets and know their value on global markets. Cyber espionage is real. And intellectual property (IP) theft is one of the biggest concerns of technology companies.
Most people are used to follow orders from their employer. That obedient ingredient is why CEO fraud is so successful. Why would anyone doubt a request made by the highest one within the company, right? Criminals know that as well, so they hack the CEOs or CFOs email accounts, or get access through phishing, and commonly use them to send emails to the department of finance. Usually the emails contain a message of emergency and secrecy, asking the employee to transfer money ‘now’ and ‘with discretion’. The money then flows from the company account to (often a foreign) bank account owned by the criminals. CEO fraud is extremely profitable. According to the FBI, cyber criminals globally made 12 billion dollars between 2013 and 2018 on CEO fraud alone. So, it is better to double check a request next time.
Malware, ransomware and cryptoware
Non-Petya and Wannacry are the most well-known variants of ransomware. The viruses spread around the globe in 2017, infecting millions of computers and disrupting businesses. With cryptoware, cyber criminals use an infecting piece of software to encrypt your computer systems, often asking for ransom (hence the name ransomware). Though it can be tempting, experts debate whether it is clever to pay the ransom. In some cases, ransom was paid, but the files stayed encrypted and were therefore considered lost. Non-Petya could spread so fast and so widely using a well-known software vulnerability. Businesses who patched software in time were better protected against the malware. Patching is thus always a good idea - creating back-ups too.
As intangible as the online world may be at times, cyber criminals are real people. And it’s your own people – employees – that are their biggest target. You only need a few clicks to make your company a victim of ransomware, viruses and malware. The digital security of a company lies in the hands of every employee. It is therefore important to make your people aware of the dangers of cybercrime. Awareness among your staff contributes to an optimal state of security.
The attentiveness of employees is the most important prevention against cybercrime. In addition, technical security measures are deployed, both locally (keeping up to date with software patches) as well as centrally (to prevent malicious code from spreading).
Kiwa helps you to secure your business
It might sound like the online world is a jungle – and in certain ways, it is. To help you find your way in cyber securing your business, Kiwa offers various services to help you to deal with information security in a structured way.
The ISO 27001 standard is used worldwide as a basis for information security. This standard contains requirements and guidelines for structuring information security, thus guaranteeing confidentiality, availability and integrity of information within an organisation.
More on Kiwa's ISO 27001 certification.
From May 25 2018 the General Data Protection Regulation (GDPR) applies throughout the EU. Failure to comply with the requirements of the GDPR can lead to high fines. From the Expert Centre Data Security Kiwa supports organisations with assessments, audits and certifications. More on GDPR certification and GDPR Self assessment.