“In 2015, (the FBI) received over 8,000 complaints related to these threats with a combined reported loss of nearly $275 million.”
— FBI 2015 Internet Crime Report
Cybercrime is on the rise again. In the three-year span from 2013 to 2015, complaints rose 10 percent. It could be far worse than that, because, according to one Department of Justice estimate, only about 15 percent of fraud victims (Internet or otherwise) report crimes to law enforcement.
Ransomware: Pay Up or Lose Your Data
However, some high-visibility ransomware attacks have occurred, and according to the FBI, the threat is increasing. Ransomware typically infects the victim’s network through email. Once it gains entry, it encrypts everything on the network, and the criminals demand a ransom in return for the data decryption key. The FBI reports nearly 2,500 ransomware complaints, with losses of more than $1.6 million in 2015.
Phishing Season: Year-round on the Web
Two additional threats that will not go away soon are phishing and its offshoot, spear phishing. Regular phishing can be easier to spot because the email just looks strange. Unusual return email addresses, misspelled words, etc., are sure giveaways.
Spear phishers, on the other hand, know the victims’ names and their email addresses. They leverage personal information gleaned from social media platforms such as Facebook and LinkedIn. They are after credit cards, bank account numbers, passwords and financial information stored on the target’s PC.
Small Businesses Attacks: More Than Doubled Since 2011
Symantec reports that more than half of the spear phishing attacks on fake emails targeted small businesses. Quoted in an onlineGuardian piece, one cybersecurity expert, Sarah Green, observes that small business owners tend to become complacent. Says Green, “(They) may feel that they aren’t likely to be a target due to their size.” Hackers, Green continues, “couldn’t possibly be interested in what they (small businesses) do.”
The opposite, unfortunately, is the case, because small businesses:
- tend to have fewer defenses because of smaller financial resources as well as people to stand guard;
- are innovative and focused in their niche, making them attractive to those who would exploit their elite customer data and intellectual property; and
- still have far to go and much to do to protect themselves from cyberattacks.
As a percentage of all cyberattacks against businesses, in 2011, small businesses enjoyed a low profile — only 18 percent. During 2015, however, according to Small Business Trends, that percentage more than doubled, rising to 43 percent.
Shoring Up the Defenses: A Triad of Options
Hackers will undoubtedly continue to probe weak spots through phishing attacks. The PCI Security Standards Council recommends a three-pronged approach to protect against phishing attacks in 2016:
Promoting email Awareness Through:
- reducing nonessential and unwanted email traffic
- training employees and users on email and browser security to:
- resist the urge to click on links in a suspicious email
- be cautious of any email attachment
Enforcing Website and Software Security Through:
- separating and updating computers and software by:–isolating business computers from those accessing social media, email and Internet browsing
–using basic security tools to block malware
–updating browsers and security software for the latest patches and updates
Instituting Password Best Practices by:
- changing passwords from device defaults to strong character/capitals/numerical combinations
- updating system passwords regularly, especially after system maintenance by third parties
- using two-factor authenticating approach to require an additional form of ID
Need Some Help?
Sydney Technology Solutions is the trusted choice when it comes to staying ahead of the latest cybersecurity and information technology tips, tricks and news. Contact us at (02) 8212 4722 or send us an email at [email protected] for more information.