Cyber Attacks: Understanding Risks From Ransomware To IoT
Cyber threats are perhaps the most imminent emerging risk to businesses today. With nearly 700,000 new threats identified every day, according to McAfee, companies need to take this issue seriously.
Former FBI Director Robert Mueller may have said it best: “There are only two types of companies: Those that have been hacked, and those that will be.”
A cyber attack is a malicious attempt to damage or disrupt a computer network or system. In recent years, cyber attacks have been initiated against companies, governments, nation-states, and even private citizens. The motivations include financial gain, information, corporate espionage and simply the challenge of the hack.
The first FBI conviction of a hacker occurred in the 1980s and many more have occurred since then, but the number of hackers who have gotten away with cybercrime unscathed far surpasses the number convicted. They are a complex, persistent and growing threat that companies and governments have repeatedly been ill-equipped to handle.
Ransomware Threats and IoT Devices
A ransomware attack occurs when a malicious actor infiltrates another computer or system and holds its contents hostage in exchange for a ransom - usually a payment in bitcoin. And with lower execution costs, high returns and minimal repercussions for cybercriminals, ransomware continues to dominate the cyber threat landscape.
A recent, global ransomware event occurred in May 2017. WannaCry was a massive ransomware attack estimated to have infected 250,000 computers across 150 countries. It affected household names such as FedEx in the U.S. and the U.K.’s National Health Service. The attack was designed to spread quickly among computers on the same network, and then encrypt the victim’s own files, when hackers would then demand ransom from users for the key to release the computer files.
In a recent AlertFind webinar, business continuity expert Bob Clark echoed Mueller's sentiments and warned that cyber attacks against all types of businesses are inevitable.
“There are many who believe they are immune to cyber attacks simply because they are small companies,” he said. “In 2017, it was estimated that about 59% of all cyber attacks targeted small- and medium-sized enterprises. They're at risk because they tend to be considered 'low hanging fruit,' and are therefore easy pickings.”
Clark also said that the full range of devices that connect to the internet – known as the internet of things (IoT) – has fueled the rise in cyber threats.
“The threats come from a full range of devices from a smartphone, right up to mainframe computers, and everything in between,” Clark noted. “So there's no area within the IoT that is off-limits as far as cyber threats are concerned. If you are connected to the internet, you are at risk.”
Addressing Cyber Threats in Your Risk Assessment
With the knowledge of these staggering statistics – and knowing that all businesses are targets – it is critical to incorporate cyber threats into your organization's risk assessment. The Business Continuity Institute has identified the cyber threat as the top threat to businesses for the third straight year.
Cyber threats have their own ISO standard – separate from business continuity – which Clark said makes it “a technical threat rather than a process threat.” He added, however, that it “should not stop you from collaborating with your IT specialist or department to assess the risks and create a plan.”
Part of that plan should include regularly educating and updating your employees about the various cyber threats.
For example, share an article with news of a recent cyber attack or data breach and identify the type of attack that occurred, along with the ways to detect and mitigate a threat. Apply the news to your organization and explain how your employees might accidentally make similar mistakes and put the organization at risk.
This may seem tedious, but regular company-wide “IoT safety” emails can save your organization millions of dollars in lost revenue and possibly days of lost productivity.
To learn more from Bob Clark about how companies can perform risk assessments for cyber threats, listen to our new webinar, “Pandemics, Terrorism And Cyber Attacks: Is Your Organization Ready For The Evolving Risk Landscape?”
You are well on your way toward protecting your staff and organization.
Take the next step toward protecting your organization by learning more about emergency notification systems and the vital role they play in your emergency preparedness plan.