“But we are protected! Where did we go wrong?"
The advice given to business varies immensely and is often delivered in a technical and jargon filled way. We have all grown to rely on our security systems to try and protect our data and that of our customers, but do we understand what it is doing and how much protection it is providing? We are all successful in our field of expertise but have you stopped and thought how dependant you are on the advice and delivery of your IT security solutions.
Social and human engineering is one of the top threats
There has been a paradigm shift in the way a criminal attacks you and you network; social and human engineering are the primary ways a hacker will focus their attack. Research has found that cyber attackers have shifted away from automated exploits in favour of tricking people into doing the dirty work. Attackers engage staff members through email, social media and mobile apps to do the dirty work of infecting systems, stealing credentials and transferring funds.
Attackers typically use people as ‘enablers’ by tricking them into ignoring or disabling security to install malware, and as ‘facilitators’ by tricking people into disclosing valuable system credentials. Staff are also used as ‘gofers’, which tricks victims into thinking that they are following orders from above to make transfers into fraudulent bank accounts, or even redirect shipments of valuable goods.
No matter what you have in place, the person between the customer and the keyboard (you and your staff) is now, quite frankly, the main focus of attack. With slick techniques to catch your staff out, almost all ransomware infections and hacking attempts occur because a user genuinely clicking on a link or file and authorising the program to run. This will inevitably mean, however good your protection is, you WILL be compromised when somebody clicks a link.
Disaster recovery plans are imperative
If it’s a case of when, not if, I am attacked, then what should I do? One of the most important strategies to protect yourself after an attack, which is often overlooked, is a well-planned and robust disaster recovery strategy. Almost every business has a backup, but ask yourself if it was tested recently, how long will it take to recover and what is the cost to me if I cannot trade?
A well-timed ransomware attack can encrypt an entire network and any attached backups very quickly, leaving you exposed and completely at the mercy of the attacker. You may never recover from such an attack. A correctly structured disaster recovery plan will ensure you have a strategy that you can implement quickly and confidence you have access to your data that is safe and uncompromised and, most importantly, you can access quickly.
Want to find out more about how to protect your business?
Come and join us at us at our free seminar on ransomware and the dark net. Learn why the risks are so real, how you are at risk and what you can do to prepare and prevent yourself or your business from becoming the victim.
Book your place now at www.gloscol.ac.uk/cyber-event