Nearly every business in the world is vulnerable to cyber attacks. Cyber security is a crucial precaution that businesses need to take, and for good reason. According to a 2017 study on the cost of data breaches, the financial damages of the average data breach can reach $3.62 million, and that number is only expected to rise in the near future. Monetary damages aren’t the only repercussions for business owners when it comes to cyber attacks, however. A data breach can also damage a business’s reputation with their clients, employees and the general public. The most common - and costly - cause of data breaches for businesses in the U.S. are the result of criminal attacks.
The cyber threats that companies think they need to protect themselves are often very different from the threats they are actually facing. Here are five of the most common cyber attacks against businesses.
1. Spear Phishing:
Phishing occurs when a cyber criminal sends emails that appear to be from reputable sources in order to trick the recipients into clicking an unsecured link and revealing personal information such as usernames, passwords or credit card numbers. Spear phishing is an even more focused type of phishing in which the attacker targets one person or a small group of people (such as a group of employees) using a more personalized approach. Spear phishing is usually extremely successful because the email is carefully tailored to the recipients. One notable spear phishing attempt targeted Google Docs users, and was one of the fastest-spreading cyber attacks in recent history.
2. Socially Engineered Malware:
Socially engineered malware occurs when an attacker “socially engineers” their target by gaining their trust through convincing links - similar to how a spear phishing email tricks the recipients through a very convincing email. In this case, the attacker can temporarily compromise a usually trustworthy website without their knowledge and deliver malware (e.g. cyber threats such as viruses, bots, spyware, worms and trojans) instead of the normal website coding. This type of malware is one of the most common methods of cyber attacks against businesses and is responsible for hundreds of millions of successful hacks each year.
3. Persistent Password Attacks:
During a password attack, a third party attempts to gain access to a computer system or network by cracking a user’s password. This type of attack does not usually require any malicious code to be installed on a system, but rather uses software running on the attacker’s computer to crack passwords using commonly used passwords and information gathered by the attacker.
4. Denial-of-Service (DoS) Attacks:
In a denial-of-service (DoS) attack, attackers essentially hijack multiple computers and use them to create and send high volumes of data or traffic through the target’s network until it becomes overloaded and can no longer function. While targets are typically large corporations, financial institutions or government entities, anyone can have their computer be hijacked for use in a DoS attack. Many DoS hijacking victims are unaware of their involvement, especially if they don’t have a system in place for monitoring their data flow.
5. Advanced Persistent Threats:
An advanced persistent threat (APT) is a long-term attack, where a criminal uses multiple phases to break into a network. An APT typically begins with a successful spear phishing campaign, and the attacker quickly inserts malware into the network, carefully avoiding detection. The malware used in this type of attack is designed to create multiple points of compromise, so the attacker can ensure that they have long term access to the network. The attacker can then remove evidence of the breach, while still maintaining access to the network’s data.
It’s disconcerting to think that these types of threats are out there. Cyber attacks are affecting businesses every day, so it’s important to know the types of risks that your clients are facing so you can better help them protect themselves.
About PL Risk
In addition to bringing you the latest news from the insurance industry, PL Risk provides Resources for Agents and Brokers nationwide. We’ve recently implemented Hiscox Now, which allows agents their own access to Hiscox and instant quoting. To learn more about our operations, contact us today at (855) 403-5982.