Hackers Don't Sleep: How to Protect Your Business From Cyberattacks

The more IT solutions a business implements, the more likely it is to face the destructive power of cyberattacks. In the event of successful hacking, attackers can obtain all confidential information of the company and its clients, as well as disable the company's systems, thereby suspending its work. The only way to avoid catastrophic consequences is to detect vulnerabilities in time. Dmitry Budorin, CEO of the international cybersecurity company Hacken, told Mind, especially how to protect your business from cyberattacks and what myths should no longer be believed.

Protect Your Business From Cyberattacks


What is the price of carelessness? 

Underestimating the risk of cyberattacks and the magnitude of the damage means denying the facts and putting your business at risk. According to Cybersecurity Ventures, losses from hacker attacks will amount to $ 6 trillion by 2021 (for comparison: in 2015, cybercrime was estimated at $ 3 trillion). This year's July Hackmageddon report names malware as the top attack method, targeting both industries and individuals.


All organizations are at risk, regardless of ownership, size, or industry. Business is not attacked by machines, but by people, and very talented people: there is no single algorithm or antidote to neutralize them.


The damage from cyber attacks can be economic, reputational, and legal.


The company's financial losses are due to theft of corporate financial information, such as bank details or payment card details. Black hackers can steal both company funds and customers' bank cards.


Reputational damage - loss of customer confidence.


In terms of legal liability, data protection laws require businesses to safeguard both customer and employee data. If the necessary measures have not been taken and the information is compromised, the business is threatened with fines and sanctions. For companies operating in Europe, the consequences are especially unpleasant: according to the GDPR ( General Data Protection Regulation ), fines can reach 20 million euros or 4% of the annual business turnover.  


Data protection is not just a headache for the information security department. This is one of the main business risks in general today.


What myths should you no longer believe? Misconceptions about risk are the main allies of cyberattacks. This is why it is important to dispel many popular myths.


Myth 1. Firewall perfectly protects the network

A firewall is an element of a computer network for filtering traffic. Firewalls can be a software (for example, Windows Firewall) and software and hardware (these include routers). There can be several firewalls in a corporate network: one protects the entire network from intrusion, others - separate segments. But even such a complex system is not always 100% secure. There are data encryption protocols that make it impossible to filter traffic.


Myth 2. Free antivirus is enough

The flu vaccine does not protect against other viruses. The same is with free antivirus software: it is not enough to save you from worms, Trojans, ransomware viruses, keyloggers, spyware, rootkits, and other malware.


Myth 3. VPN = complete anonymity

VPN (Virtual Private Network) can be compared to curtains on the windows: they help hide what is happening inside the room from prying eyes, but cannot make the room disappear. Not all services guarantee anonymity. Most often, a VPN provider rents a server from a third party, so there is no guarantee that the owner of the server will not "leak" data.


What to do "just in case"? 

There are a number of measures that can help an organization secure its data. Here is a small checklist.


Backing up data. Cloud services allow you to store a backup copy of data outside the workplace and gadgets, which makes it possible to access it at any time from any device, even if the data on the work device is lost.


Minimizing the use of mobile devices. Tablets and smartphones are just as vulnerable to attacks. TechBeacon cites research that shows companies that allow employees to use mobile devices for work are regularly targeted. If there are more than 500 of these gadgets, the chance of becoming a victim of an attack is 100%. The average number of attacks is 54 per year (per business). This is a reason to develop safety rules that prohibit working with strategically important information from a smartphone.


Use of licensed software. Use licensed software and install updates regularly. Any software has vulnerabilities, developers regularly test it for errors and release the necessary patches. But pirated versions are deprived of this advantage. Not to mention, the pirated version may initially contain malicious code.


Anti-phishing. Phishing is a type of scam in which an attacker, using various tricks, pushes the user to voluntarily provide personal information. Security training will not be superfluous, where each employee will learn how to recognize and prevent phishing attempts.


Password strength control. According to CSO, 81% of data leaks are due to password cracking. Therefore, the team must know what strong and weak passwords look like. It will not be superfluous to install password managers that will automatically generate and save them.


Using 2FA (two-factor authentication). Two-factor authentication is double protection: first, the system asks you for a password, and then sends a confirmation code to another device (for example, an SMS to your phone). Even if an attacker picks up the password, he will not be able to log in without access to the second device.  


How to Counter an Attack? 

Even if you follow all the preventive recommendations from the list above, this is not a panacea. The company should look for its own vulnerabilities by attracting white hackers.


White hackers are hackers who use the same methods as cybercriminals, black hackers. However, the goals of ethical hackers are different: they look for vulnerabilities to tell the company about them and help protect business and customer data.

Comments