Cyber threats are a big deal. As the number of technology devices increases both at home and in the workplace, so does the risk of experiencing a cyber breach. We can put the right defences in place and train our staff to spot the basics of potential cyber-attacks but criminals still find a way to attack us. Different cyber threats have different agendas and ways of stealing your data; which is why it’s important to have a good idea of the current cyber threat landscape and what you can do to stop these threats becoming a problem.
Cyber threats on a whole are becoming more targeted. Instead of attempting to hack hundreds of devices at once, cyber criminals are focused on making attacks more personal to certain individuals or smaller groups of people. How do they do it? They spend weeks researching you, monitoring your behaviours and habits in order to create emails or messages that are believed to be from credible sources.
Smishing (SMS Phishing) is a phishing technique that involves hackers utilising SMS systems to send messages that steal data. This data could be passwords, bank or credit card details. As well as stealing data, hackers may download viruses that allow them to access everything on your phone. Text messages appear more trustworthy than emails, as humans are more inclined to believe an SMS message is legitimate. Hackers take advantage of this human vulnerability by sending out SMS messages that pose as trusted sources. This could be your bank, technology provider or retailer. This is also known as social engineering.
Common Smishing Techniques:
- A technology provider such as Apple or Google informing you need to ‘validate your account’.
- Your bank informing you of ‘irregular activity’ or ‘lack of funds’.
- HMRC, informing you that you are ‘due a tax refund’.
- A retailer offering ‘vouchers’ or ‘gift cards’.
HOW TO AVOID SMISHING:
- Avoid clicking any links that you have been instructed to by unknown numbers.
- If in doubt, research the number and what they are asking for online to see if you can find any related information that it is to be considered suspicious.
- A legitimate business will NEVER ask for account numbers, user names or passwords.
Internet of Things (IoT)
IoT includes everything connected to the internet. Electronic devices are increasingly controlled remotely by smartphones or computers. For example, the Amazon Alexa is a prime example of how the world is becoming more connected through the internet in our own homes. Other devices include smartwatches such as the apple watch, smart cars or tracking and monitoring systems.
Right now, there are around 23 billion IoT devices around the world. By 2020, this number will rise to nearly 30 billion+. The issue with this is that the internet is essentially a backdoor for cyber threats to get into your own network. So as the number of these devices increases, so does the size of your network, meaning more opportunities for cyber criminals to get in and attack. For this reason, it’s important to be aware of how to avoid these attacks and stop them from becoming an issue.
HOW TO AVOID IOT BECOMING A THREAT:
- Strong passwords: Set passwords for all IoT devices connected to your network.
- Unplug it: When not in use unplugging any devices connected to the internet decreases your risk of any criminals getting in.
- Update Protocols: Devices still running on old protocols such as SIP are more liable to become a risk for hacking than updated versions.
- Create a ‘guest’ network: This way if anything gets in, the ‘home’ network will still be protected.
Phishing techniques are becoming far more targeted. Instead of sending out crypted data to 1000’s of users, hackers are targeting individuals or small groups in organisations and businesses specifically. This is also known as spear–phishing. Spear–phishing involves sending out emails to a specific individual whilst pretending to be a trusted sender.
Cyber criminals can gain access to business accounts, meaning that they are able to pose as business owners and gain sensitive information from employees, customers and suppliers. Unlike phishing, the attacker puts more time into researching an individual’s personal information such as where they work, online profiles and where they live. This all helps to add credibility to an email. The technique is commonly used to steal an individual’s data for malicious purposes; however, hackers may also use this method to install malware on a targeted user’s computer.
HOW TO AVOID SPEAR-PHISHING:
- Train your staff to assure they know how to recognise and avoid suspicious emails. Platforms such as Cybsafe focus on specific human traits that can make humans more liable to a phishing attack. It is the only organisation in the world to provide a solution that evidently reduces your human cyber risk.
- Ensure the right technology is put in place to detect and stop any potential attacks before they even reach your network. Software such as Cisco Umbrella acts a barrier for cyber threats, blocking known malicious destinations and preventing connection to your network.
- Invest in a support contract from a credible third party. We have a team of experts that can support you should the worst happen. We only ever use industry-leading technology vendors and have a wealth of expertise in cyber threats.
Be on top of your cyber secuirty
Have you got the right technology in place to avoid these potential attacks? We offer several solutions that can protect, monitor and ensure your network is safe in real time. We use best of breed products from some of the industry’s leading vendors and are constantly up to date with the latest cyber threats. Get in touch and discover how Pure Cloud can support you!