Foreign hacks on political systems, malicious cyber-attacks on multinational companies, and even the possibility of our incoming self-driving cars being remotely controlled to cause havoc on a road. Scary stuff, right?
The cyber threats we hear about in the news seem all too much. As individuals, is there anything we can do to prevent these sorts of things happening? The hard truth is, not a great deal. But is it actually the large-scale arms race happening way above our heads that we need to be concerned about in the here and now?
It’s time to focus on the threats that don’t make the news, the ones far more likely to affect you or your business and thankfully, the ones we have the power to stop right now.
What are they?
A recent survey of 500 SMEs suggests that phishing attacks and other forms of social engineering actually represent the most real and immediate threat to their business.
Phishing attacks are attempts by cybercriminals to convince you into handing over sensitive information like passwords, financial details and confidential company knowledge through impersonating a person or company trusted by you. Twenty-four per cent of SMEs consider phishing scams as their most significant threat, the highest for any single method of attack, followed by ransomware at 19 per cent.
In 2018, phishing attacks increased by 36 per cent, as criminals learn it’s usually easier to exploit your natural inclination to trust people you know, rather than investing time and effort into hacking your software.
What does a phishing attack look like?
They can take many different forms. A few examples are below:
A Facebook message from a friend asking you to follow a link or download a file, which is actually designed to steal your information after being followed
An email from your bank asking to enter your security details to confirm your identity (most banks will never contact you asking for your information)
A message from a staff member asking for an update on a confidential project, payment information to a company credit card, or another request around day-to-day business
Some tools to protect yourself
It’s easy to feel comfortable after installing the latest and greatest security program throughout your networks, but cybercriminals work day and night to find the newest vulnerability in systems, which can make keeping up in this arms race a challenge.
Ask any security professional and they will tell you that the weakest link in the security chain is the human who accepts a person or situation at face value. It doesn’t matter how many locks on your doors or how many cameras and alarms you install, letting the person claiming to be a delivery driver into your house can always pose a risk.
Making yourself and your staff aware of what these threats can look like is the number one course of action you can take to stop these threats in their tracks.
There are highly effective and easy-to-deploy security awareness training programs now available through providers of cybersecurity solutions. Webroot’s 2019 Annual Threat Report showed that with ongoing security awareness training, end users are 70 per cent less likely to fall for a phishing attempt.
It is easy to brush a cyber-threat off and say “it won’t happen to me”, but if your business faced a multi-vector attack, how prepared would you be? By being aware and understanding what to look for, you can work with peace of mind, knowing you have the best protection possible.
Dan Slattery, Senior Information Security Analyst, Webroot