“My company is so small it wouldn’t be worth it for someone to go after us.”
This is a common misconception. In reality, small businesses are low-hanging fruit because they don’t think that they are a target. According to a report by technology consulting firm Kelser Corporation, 43% of cyber attacks target small business. In addition, 1 out of 5 businesses will fall victim to an attack simply because they aren’t prepared for one.
Types of cyber attacks that exist today
Denial-of-service cyber attack
Also know as DDoS, aim to make a machine or network unavailable by disrupting the services of the host.
Denial-of-service cyber attacks continue to grow in sophistication and force: more distributed, at higher volumes, and longer sessions. Similarly, the percentage of sustained DDoS sessions continue to rise. A report conducted by Kaspersky shows the number amounting to 21.34% in Q1 2019 (versus 16.66% in Q4 2018).
The solution: Cloudflare is one of the world’s largest DNS networks. Their network capacity is 15x more prominent than the greatest DDoS attack ever recorded, which allows them to handle any modern attack.
Malware is any software intentionally designed to cause damage to a computer, server, client, or network. Some common types of malware include spyware, ransomware, viruses and worms.
Accenture’s 2019 study found that the average cost of a malware attack on a company is more than $2.6 million. That’s an 11% increase from the previous year!
The solution: Use services that protect against common malware. Malware breaches typically occur when a user clicks a dangerous link or email attachment that installs malicious software. Your employees are your first line of defense. In fact, training your employees to spot warnings signs is the best way to mitigate your vulnerabilities.
Man-in-the-middle cyber attack
Man-in-the-middle cyber attacks intercept traffic between two parties who believe they are directly communicating with each other. As a result, these attacks often go undetected and can lead to identity theft.
Man-in-the middle attacks use methods such as IP spoofing or DNS spoofing to intercept your Internet traffic and then decrypt it.
IP spoofing impersonates the source of data they send to your computer, masking it as a trustworthy source. In a similar way, DNS spoofing hacks into your cache and redirects you to a fake site.
The solution: 101domain offers DNSSEC services to prevent DNS spoofing at the Registry level.
Cyber attacks like phishing send fraudulent communications that appear to come from a reputable source, usually through email. Next, they send you to a fake site to steal sensitive data like usernames, passwords, and credit card information. Or they appear as email attachments that when downloaded, install malware on the victim’s machine.
The solution: Increase employee awareness education and implement security defense technology. Furthermore, invest in a password manager that your entire company can adopt. Password managers like LastPass detect fake URLs and prevent auto-fill or auto-login. They also help employees utilize strong, unique passwords, and send alerts if any breaches occur.
What would a ransomware cyber attack today look like?
Hiscox UK does an excellent job bringing a cyber attack to life in the video below.
The hackers in the video successfully carry out a cyber attack by impersonating Brompton bike shop. The hackers recreate the victim’s branding by replacing the letter “B” in Brompton with the number 3. In the same way, something like this could happen online via homograph domain spoofing. Homograph cyber attacks utilize international IDN domain characters to mimic the URL address of well-known brands. As a result, many small businesses use DPML defensive registration services to block homograph attacks.
The hackers steal Brompton’s inventory (sensitive data) and overwhelm them with fake customers. This is similar to how DDoS cyber attacks operate online. Finally, the hackers block the business until a ransom is paid, also known as ransomware in the digital world. According to Cisco security reports, ransomware cyber attacks are growing more than 350 percent annually.
Protect your small business from cyber attacks
95% of cyber security breaches are due to human error.
Cyber-criminals and hackers will infiltrate your company through your weakest link, which is almost never in the IT department. Every small business should be aware of the common types of cyber attacks in order to protect themselves. In addition, every business should have security awareness training and these best practices in place for company-wide adoption.
1. Require password changes every 90 days. This way, if any cyber attacks occur you’ll have already changed your password by the time someone on the dark web gets a hold of it.
2. Studies have found that 14 character passwords are the magic number. Implementing this small hack alone will tremendously improve your security.
3. Don’t allow repeat passwords.
4. Enable email notifications when your password is changed.
5. Resist the urge to use a sticky note! Use a password manager instead.