Posts tagged cyber terrorism
Ransomware is a particularly devious form of cyber attack, and is one that is made possible when a file somehow penetrates your network security, and then encrypts all of your data so that it can’t be used. The cyber attacker will then offer to decrypt your data, or provide you with a key that will accomplish the decryption, after a sum of money is paid.
This has become a very popular form of cyber attack, because there are very few alternatives available to the victim, especially if the company being victimized does not take daily backups of its data.
As a company, it’s very important that you take every step possible to prevent the penetration of malicious files like this which can cause such widespread damage to your business. In general, there are two kinds of action that every company should take to prevent cyber attacks such as ransomware from succeeding.
The first set of actions involves taking a proactive approach to instruct employees about the need for maintaining security at all times, especially with regard to emails, the social media, and even using devices which have company data stored on them. The second approach is to automate as many processes as possible, so as to minimize the potential for human error, whenever those processes involve sensitive data owned by the company.
Emails and Downloads
It is known that most ransomware attacks occur because humans have made simple errors that allowed a malicious file to gain entry into the network, and to subsequently lock up company data. Training staff to avoid such mistakes can go a long way toward eliminating all these casual cyber attacks, for instance those which gain entry to the network via emails.
All staff members should be thoroughly indoctrinated about not clicking on email attachments, and not divulging company information via emails to anyone claiming to be a company official. All it takes is one ill-advised click on an email attachment, and a ransomware file could be downloaded into your system, with disastrous results.
Another very likely candidate for data breaches are downloads which company personnel carry out from the Internet. For the sake of company security, it’s best that the majority of employees do not have the capability to download executable files like games and other applications. Because the user is initiating the download, it would pass right through a company firewall, so this is something that should be restricted to only a few people, with actual need for downloading specific files.
Promote Data Security as a Culture
The most determined hackers will research a company and its personnel for hours on end, probing for weaknesses and opportunities to develop phishing campaigns. Some of these cyber criminals will go to great lengths, monitoring social media, reading company blogs and press releases, and learning as many clues as possible about the nature of the company.
This makes it extremely important that all staff members contribute to a culture of data security, so that it’s always uppermost in everyone’s mind, and the likelihood of a lapse is significantly reduced. Part of this data security culture should entail reporting all suspicious activities noticed by individuals, including emails which seem odd, and files which cannot be identified.
With a regular meeting scheduled weekly to discuss security issues, data security will become part of everyone’s thinking process, and it will become a part of company culture. If necessary, you can even incentivize the process to where safe practices are rewarded, and any insecure practices which are identified, can be pointed out and corrected.
Automating Processes for Reduction of Human Error
The first thing you should undertake in this area is to make sure your data is backed up to the cloud. This will give you the option to access your data, even if a cyber criminal successfully penetrates your system and locks up the data for ransom. If you have full access to yesterday’s data, that data can then be restored to your system with minimal loss of business activity.
Another good process to automate would be to block all .exe files from email attachments, so that employees can’t accidentally click on them, and trigger the loading of malware into your network.
As soon as you receive updates and security patches, they should be installed right away, so as to catch the very latest Internet threats and protect you against them. If you can automate this process, it would be even better, because your protection would start much sooner.
Make sure that antivirus software is installed at all user-facing portals, and also at endpoints on the network, so that threats can be identified and thwarted. You might not catch every single snippet of malware, or every single virus coming through the system, but it will block the majority.
It goes without saying that you should also have a good firewall installed, in addition to threat detection systems which are behavior-based. Once you get all these protections in place, it’s a good idea to conduct your own version of penetration testing, which will identify any weaknesses in your overall security scheme, and will also point up any threats which could be carried out against your network.
Is Your Educational Institution Protected from Cyber Terrorism?
When we think about major hacks and cyber terrorism, usually places like banks and governments jump out. For example, in one recent incident, a foreign nation possibly spied on the US, and the FBI doesn’t know what information may or may not have been accessed. Of course, any time money is involved, a hack becomes a big deal, which is why we think about banks. But one of the most affected sectors seems to get the least attention.
Is “one recent exploit” THE RIGHT/ best way to say whatever…
Wasn’t the info hacked, rather than “LEAKED”?
Statistically, what four sectors are most frequently breached?
• Financial (insurance, investments, real estate, etc.)
Did you notice government and banks are not on the list, but educational institutions are? So what’s the big deal when schools get hacked? Isn’t it just kids stealing test scores or changing grades? Maybe this is true in the movies.
In real life, educational facilities are the number 5 location for lost data, which leads to fraud and identity theft. School cyber terrorism is fast becoming an issue.
Schools get hacked for the same reason other industries are targeted. Schools keep personally identifiable information (PII) on students, and private schools, like universities, may also have financial information. Statistics show that while only 3 out of 10 educational facility hacks are after school records, 8 out of 10 result in the theft of PII.
Why Are Schools an Easy Target?
Most hackers are opportunists, and actually, schools remain fairly easy to hack. Why? Most schools are online now because it has become a major part of teaching. Records are also readily accessible online. However, schools often do not have the experienced IT department of major banks or the government. Malware, easily downloaded accidentally by students or teachers, remains one of the main ways in for hackers.
How Can Your Educational Facility Protect Itself?
It is time to develop a strategy for warding off cyber-attacks. At some point, it may become necessary to outsource network protection. Some of the important keys are:
• Monitoring tools designed to help identify problems
• Minimizing the number of logins with full access to records
• Regular updates and patches
• Education for teachers and students to reduce malware, spyware, and trojan downloads
• Anti-malware programs for auto-detection and protection
• Strong passwords
• A network firewall