Any business can fall victim to a costly cyber incident. Companies have to constantly balance between security, speed, quality and customer satisfaction, and cyber incidents are on the rise. So it is only a matter of time before a company is hit by a cyber attack or human error, which accounts for up to half of all cyber incidents.
EBV Finance IT CTO Arminas Grigonis says that the number of cyber incidents has doubled in the last year, so even if you take the recommended actions, the biggest mistake is to think that you are safe enough and there is no threat.
“Illusions like that reduce vigilance and caution, and lead to various work organisation and technical errors,” assures the expert.
Cybercrime is first and foremost a business
According to Mr Grigonis, criminals are attracted to the “most valuable” data – the data that have the highest commercial or reputational value or that are related to personal data. Cybercrime is a business that is all about getting the most profit with the least effort by exploiting the weaknesses of other businesses.
“Cybercriminals scan the entire Internet, looking for vulnerabilities. If your systems or websites go a long time without being updated, if the network traffic is not limited, or if you use unencrypted data transmission channels, you risk becoming easy prey, regardless of the content of your data or the size of your company”, says Mr Grigonis. So a small business or one that might seem to be of no interest to anyone should not be nonchalant either.
Another vulnerable area is people. Technical security measures do not always protect against errors that may appear minor at first glance, like opening a suspicious e-mail or using the same password everywhere, especially if that password is written down and kept in a visible place.
The objective may not be financial
In order to obtain login details and access to sensitive data, criminals often use “phishing” or data luring. The term “phishing” comes from “password fishing”.
“Typically, victims are sent a fake e-mail that looks like a real one from a bank or other organisation and tries to convince them to click on a link to a fake page and perform additional actions, like providing bank account details, passwords or other sensitive data,” says Mr Grigonis.
According to the expert, other common methods include attacks that encrypt company data and demand a ransom (ransomware attacks), and SQL injection, where web pages and applications that work with databases are taken over by inserting a special SQL code into the query.
Criminals are not always driven by financial objectives. Sometimes they act at the behest of states or political or other interested groups. In such cases, the objective is not to profit, but to disrupt activities or use the data for espionage purposes. One example of this is distributed denial of service (DDoS) attacks, where the systems of various institutions and companies are bombarded with requests from numerous infected computers, phones and other devices in order to make them inaccessible to legitimate users,” says the EBV Finance IT CTO.
Never pay ransom
Mr Grigonis says that the risk and damage of cyber incidents due to attacks and human errors can be reduced by applying a few simple measures. First of all, you should always use at least two-factor authentication. Second, you should make backup copies of systems and data that are technically separated from the main servers. And finally, cybersecurity should be handled by dedicated, experienced professionals – not by company employees with other responsibilities who would learn on the job.
“The cost of a learner’s mistake is simply too high. Cybersecurity training should be mandatory for all company employees, and regular training must be provided for them. In addition, crisis management and recovery plans must be tested regularly,” says Mr Grigonis.
The specialist also recommends never paying a ransom for data. This can be an expensive decision from a business point of view, but the best way to prevent criminal activity is not to encourage it with additional funding.