Cyber security is the protection and recovery of any network, infrastructure and the devices associated with those networks from threats and incidents. Internet threats are constantly evolving and makes cyber security challenging.
Who is at risk for cyber threats?
Cyber threats, simply put, are attempts to disrupt a computer network. These include phishing, malware, DoS (denial of service), DDoS (dedicated denial of service), ransomware and brute force password attacks to name a few. However, the biggest security threat to any organization is ultimately the employees that work there. Training them regularly forms a crucial link to maintaining a safe and strong network.
Hackers find school districts an easy target for cyber attack because some school systems may not have upgraded IT infrastructure. Also, schools may not offer regular cyber training to their personnel. When older, dated systems are used, hackers find vulnerabilities in them. They exploit the network from within once they gain access to an employee’s credentials. Applying security patches tremendously undermines the possible threats that could occur. Hackers follow similar strategies quickly, so sharing information about cyber attack incidents in one school district helps another school protect itself from cyber attacks.
How do cyber threats affect businesses?
Ransomware is a type of malware (malicious software code) fast becoming a cyber threat that businesses have to protect themselves against. According to a recent study by Coveware, the average daily ransomware payment in Q2 2019 increased by 118% to $36,295 versus a payment of $12,762 in Q1 2019.
Businesses with a low tolerance for operational downtime and companies housing older, unsecure networks are two common types of companies targeted by cyber attackers. For instance, the health care system and newspaper networks need to recover quickly from cyber attacks because these attacks affect the services they provide. So they have to unfortunately cave in to the ransomware attacker’s demands for ransom.
What are common threats to individuals?
Social engineering is a common method that psychologically manipulates individuals into sharing their personal data with hackers. Popular types of social engineering include phishing, baiting, pretexting, whaling, vishing, impersonator fraud and dumpster diving. In order to guard against social engineering, individuals should avoid clicking on spam, opening attachments and clicking on embedded links in suspicious emails. Once the link activates, malicious software downloads. The computer gets compromised in a matter of seconds.
Email phishing is a common attack vector in ransomware. When the user clicks a suspicious email link or attachment, exploit kits silently download onto the device. These kits contain encryption algorithms that attempt to encrypt personal files on the computer and disable windows restore features. Everything on the computer locks until a certain ransom is paid. The hacker can almost never be traced because payment of the ransom is in untraceable digital currency like Bitcoin.
In reverse social engineering, the attacker convinces the victim that he has a problem only the attacker can solve. This tricks the victim into giving information quickly before verifying the true identity of the attacker. It is a person-to-person type of attack. An example of reverse social engineering is a situation in which an attacker sabotages the network or specific device. He then poses as a qualified, authorized technician arriving on-site to fix the network issue. The attacker gains the trust of the victim and succeeds in collecting confidential information from the business.
What makes people more vulnerable?
Social networking through Facebook, Twitter, Instagram and Pinterest encourages people to divulge personal and sometimes confidential information about themselves on global public networks. People who are active on social media often unknowingly expose a huge amount of data. This makes them prone to identity theft or cyber attacks. A good practice is using different passwords for each social media account and avoiding making key information (such as your current location) public until the event has passed.
The use of free, non-secure wifi networks in public places is tempting for people who want to get connected on their phones for a short duration of time. Mobile wifi security threats are harmful because people unconsciously become victims when hackers place themselves between the network and the victim. Login information is routed to the hacker instead of the assumed destination.
While retail stores entice shoppers to enjoy the free store wifi and shop longer, shoppers should be aware that the security on those networks might be lax. Cyber criminals can eavesdrop on public wifi signals and snoop confidential data. Using a VPN (virtual private network) on these public wifi networks reduces the exposure to hackers who are looking for easy targets.
By following good security practices, people can protect themselves from falling prey to common cyber security attacks and not become just another hacking statistic.
Cover photo by Philipp Katzenberger on Unsplash