Cyber Attacks:
There are different types of cyber-attacks like Phishing, Man in the Middle, SQL Injection, Cross Scripting, Distributed Denial of Service, Password, Drive-By, Ransomware, and Eves Dropping Attacks. When it comes to protecting your business from the attacks/data breach, you should be on the lookout for a new kind of criminal called the Cyber Criminal and they are tough to spot, but you can recognize a few of these common cybercriminal threats and you may just save your organization from a costly, make the cyber-attack preventable.
a) The Social-Engineer – These criminals fake an identity and request data-rich information like filling out KYC form in a time-pressured scenario
b) Spear Phisher – These thieves send malicious emails altered to appear legitimate containing links that unlock access to (a) banking credentials (b) trade secrets and (c) personal information.
c) Malware, Spyware and Trojans have been found implanted within the free applications – APK & DMZ Files that downloaded from non-legitimate websites.
d) The Hacker – Most confirmed data breaches are the result of hackers leveraging weak, default, or stolen passwords
e) The Rogue Employee – Current of the former disgruntled employee can abuse their insider access and knowledge.
f) The Ransom Artist – The growth of ransomware as a service makes it easier for bad actors to seize control of data and force businesses to pay them.
What can Cyber Criminals do to us :
- Risks: Disclosure of confidential information, loss of trust, system failure,
- Cause: Cybercrime’s like hacking, phishing, scamming and ransomware etc.
- Consequences: Financial loss (client suing replenish trust account, recovery costs)
- Severity: Monitory loss, loss of reputation, loss of business and intellectual property loss
- Likelihood: Almost certain if you don’t have adequate security protection processes in place.
Developing an Information Security Awareness Strategy?:
When you decide that you want to create information security awareness within your organization, your end goal is to make sure that everyone understands the potential cyber threats and risks. They need to have the knowledge and skills to do their best to help prevent cyberattacks. Below are few Information Security Awareness Strategy Tips for the CIO & CISA leadership.
- Create a special section on your website /intranet devoted to information security policies and awareness content availability.
- Using official social media handle to deliver messages at regular intervals, keeping individual and organisational security in their minds.
- Create eye-catching posters stressing information security best practices and hang them in the cafeteria and other places where employees sit and do chit-chat.
- Have a column on your official monthly newsletter/news blog post about the company’s information security initiatives.
- Develop and explain your company’s information security policies and present them during the Induction programs and annual appraisals.
- Automate and change employee desktop wallpaper/screen saver every day to convey information security awareness messages
- Promote information security awareness quiz (mandatory participation) and include in employees’ annual appraisal system.
- Organise exercises for employees with internal fake social engineering use cases (Phishing Tests).
- Identify and reward the adoption of best practices followed by employees.
- Involve employees of all levels of the company and keep them informed about Internet Ethics and Digital Wellbeing as a policy.
Safety Steps for Protecting Against Cyber Criminals :
- Do not to click or any unknown emails / attachments / links, criminals use phishing tactics just to steel your identity or money from you.
- Back up all your important files, and store them independently from your system either in the cloud or an external drive on a regular basis.
- Always verify you are on a legitimate website before entering login details or any other sensitive information.
- Use multi-factor authentication for remote access to the organisations network strictly.
- Office Administrators must be advised to apply strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring.
- Use the latest anti-virus/malware software installed on your computer and mobile devices;
- Office Administrators must consider Mobile Device Management (MDM) and Mobile Application Management (MAM). These tools can allow organisations to remotely implement no of security measures, including data encryption, malware scans and wiping data on stolen devices
- Check the availability and duration of the remote login user actions. Ensure that remote sessions automatically time out for a particular time period of inactivity and that they require re-authentication to gain access.
- Download mobile applications or any other software from trusted platforms only (Apps Store/Play Store).
- Perform regular health scans on your computers or mobile devices.
- Regularly check and update the privacy settings on your social media accounts;
- Ensure you enable dual authentication for emails and banking platforms.
- Update your passwords and ensure they strong (a mix of uppercase, lowercase, numbers and special characters)
- Enable dual authentication (OTP) for emails, banking and all other platforms.
- Change the default passwords of routers and internet service provider