Malware. Phishing. Password Attacks. Rogue Software.
Cyber attackers as of today have become smarter and more aggressive than in the earlier days. As of today, where there exist advanced hackers that can do just anything to compromise the security of any digital systems, build algorithms that can be used to decrypt the weakly protected systems, it’s so hard to own security of these systems but to extend it to all digital system users. As an organization, your client list contains personal information that is palatable and found attractive to hackers who have malicious and malevolent intentions towards this that are considered confidential to you.
More insight into the matter
It has been noticed by many security assessors that many organizations are relaxed when it comes to software maintenance which includes software patching and upgrades. On the global view, it is noticed that on an average of 40% of all cyber attacks result from unpatched systems as estimated in a survey by the International Data Corporation (IDC) costing organizations over US$ 120.7 billion.
As it was noticed around the year 2017 the impact of not patching older software systems to organizations as a group of hackers utilized the advantage of the vulnerability in older versions of windows dubbed EternalBlue. This was an exploit developed by the United States National Security Agency (NSA). Over 100 countries were affected by this kind of attack where a worm spread rapidly across several computer networks and encrypted PC hard drives making them impossible for users to access, then demands a ransom payment in bitcoin to decrypt them was used to compromising systems. This was catastrophic then but even as of today, it is one of the utilized schemes that is deployed to get access to systems in organizations that have been rigid to patching their systems. The only way you can safely guard against attacks like Ransomware, NotPetya, and others in that line is if you keep your systems patched and with newer versions of such software.
Risk of using unsupported software
On 14th Jan 2020 came the end of life (EOL) for Windows operating system versions and no longer supported by Microsoft their vendors (windows 7 and windows server 2008-all versions). Although this was publicly notified to all users of these Operating systems, it is noticed that other organizations still have put into utilization this unsupported software. The outcomes of these may not be far from Ransomware attacks and prone to any other attacks that come along other applications run on such Operating systems.
Now going forward, you don’t need to get to your workstation computer system and find notifications that ask you to pay money to access your files
How to safeguard
The following are a few cautions and precautions to follow to reduce your vulnerability:
- Stay current and do away from unsupported software. Keep all programs and apps up to date to ensure the best security. Empty the recycling bin and unsubscribe from emails you no longer want to receive.
- Think beyond your login and password. To keep your most important data secure, use strong authentication approval in addition to your username and password. This includes 2-step verification and multi- or two-factor authentication. Some examples are biometrics or one-time codes sent to your mobile device.
- Back up all your data. Many businesses are vulnerable to demands for ransom to return sensitive data because they have no copy of backed up files. One of the best ways to protect your data from ransomware attacks and for efficiency in unprotected environments is to back up all critical files to another computer, an external drive or a secure cloud site.
- Encrypt sensitive information. Working remotely gives no guarantee to secure the communication channel. But using encryption gives an assurance that even if your data end up getting stolen, it will be unreadable and nearly useless. Encryption is useful when you are sending data between users (for example, to financial institutions). Only someone who has your encryption key can read the encrypted data.
- Train staff about basic cybersecurity habits.
- Limit access to critical accounts and don’t release anything business sensitive to anyone outside that select group.
- Foster skepticism about emails that ask for immediate action, personal or corporate information, or that are unexpected or unusual for the sender.
- Ask employees to always lock computers when stepping away.
During such days of the pandemic, most think this sounds like yes, there will be an end to this, think that even the hackers and all cybercriminals are also quarantined and are in active as per now. Unfortunately, the threat is much more real than that, before you notice, your private company information leaks out, before you know, your computer files are encrypted. there is nothing like things will be during such times, it’s only getting worse. Hacker’s activities to system manipulations and security compromise all happening in the real world as of this time, and the only thing scarier is what the future holds.
You need to get sensitized about the risks in cyber-attacks and threats to the systems that you operate, Join us at Summit Consults in partnership with IFIS, and get your staff aware of the worst case scenarios through our forums and get informed on how to protect what is private in your absence at the work place.