Ransomware is probably a bigger threat to most businesses than armed robbers.
In ransomware attacks, malware is surreptitiously planted in a targeted network to lock up the organization’s electronic files. Then, the cyber thieves threaten to remotely delete the files or release sensitive information unless the victim pays the ransom in untraceable cyber currency.
It’s a form of 21st Century robbery that costs organizations several billion dollars a year.
To sneak ransomware into victims’ networks, the bad guys typically use social engineering. Most commonly, they send an email with a tainted attachment or link. The email is written in a way to trick the person reading it into clicking and activating the electronic payload. That’s all it takes to start a chain of events that can be devastating to an organization and its customers.
Other forms of social engineering can be used to deliver ransomware or other malware to target networks. Text messages can carry tainted links.
Hackers will also try to solicit personal or corporate information directly by phone and use any credentials they obtain to access an organization’s network. So, always beware of unknown callers or in-person solicitors who talk a good game and want to bypass normal procedures for what sounds like a good reason. The information they want and are given could be misused to compromise the organization’s network.
Cybercrime has become a relatively easy and profitable business, so some types of malware attacks are growing in frequency. Hackers don’t have to devise their own, highly automated attacks anymore. Strategies and software successfully used in other attacks are available for sale to anyone on the Dark Web.
If you or your organization hasn’t been attacked yet – which is unlikely, given the numerical frequency of attacks – you should prepare to be targeted. Any program directly connected to the internet is potentially vulnerable.
Here are three steps you can take to help prevent social engineering attacks:
- Think before you click. Don’t click on suspicious links.
- Keep informed. Follow news about the latest tactics used in scams.
- Don’t give out personal or financial information to anyone without knowing exactly where it’s going and how it will be used.
Cybersecurity experts also urge organizations to practice what is known as good cyber hygiene. That means, for example, that networking software should be patched soon after updates are available, and that data should be backed up to a secondary location. Only people who need access to information should have access to it.
Everyone who accesses an organization’s network should be required to take precautions, such as by using complex passwords and changing them regularly. They also should use multi-factor authentication to protect their credentials.
Cyberattacks of all types pose a rising threat for businesses and organizations of any size. But ransomware has become especially threatening. The threat is significant enough that the prominent TV show “60 Minutes” has aired investigative segments about ransomware twice in recent months.
The segments detailed successful attacks on government agencies, hospitals and other organizations.
An FBI administrator who works in cybersecurity, Mike Christman, told “60 Minutes” that about 1,700 successful ransomware attacks were reported in 2017. However, he estimates that was less than half the attacks because most businesses would rather pay the ransom than admit they were attacked.
In another telling exchange, CBS correspondent Scott Pelley asked Christman if cybercrime has become to the FBI what banks were in the 1930s.
“I think it is,” Christman answered. ”Cybercrime has really become a way of life and connected to everything we do, and really every crime we see.”
So, keep your guard up. Don’t unwittingly help hackers by falling for a phishing scheme.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.
SDN Communications has released its fourth series of cybersecurity posters, featuring information about social engineering, the dangers of public wi-fi and more about multi-factor authentication. Click the image below to request free downloads of copies to print and hang at your business.
