No matter the size of your organization or the industry you’re in, chances are you’ve been the victim of a data breach or cyberattack—or an attempt has been made and thwarted without your knowledge. If the former applies and you haven’t performed a vulnerability assessment recently, now is the time; if the latter applies, consider yourself lucky and know that it’s only a matter of time before another attempt is made—and you might not be so lucky.
Four Threats to Your Network
External devices and laptops
Every organization has sensitive data that probably should not leave the walls of the office, whether it’s the personal information of employees, medical histories, or corporate secrets. However, in today’s world of BYOD (Bring Your Own Device) to work, it’s happening with more frequency. Once that information is stored on a device that leaves the office, it may be able to be accessed off-site (for example, through unsecured wifi at a coffee shop) or simply lost. And those statistics are frightening!
A laptop is stolen every 53 seconds
70 million smartphones are lost each year (and only 7% are recovered)
Over 4% of company-issued smartphones are lost or stolen every year
80% of the cost of a lost laptop is due to a resulting data breach
Cryptojacking usually gains access into your network usually through a malicious email or website; once clicked, a script is downloaded that works in the background to mine currencies by stealing computer processing power unbeknownst to the user. That’s what’s particularly concerning about cryptojacking; unlike ransomware which immediately makes itself known in order to demand payment, cryptojacking doesn’t want to be discovered. The longer it lives in the network, the more processing power it can mine. Over 3 million cryptojacking attacks occurred between January and May of 2018, and the number of cryptojacking malware variants grew from 8 in 2017 to 25 in 2018, so you can expect it to continue to grow in 2019.
Distributed Denial of Service (DDoS) Attack
DDoS attacks are quickly becoming the attack du jour for criminals because of their easy execution. Here’s how it works: a cyber criminal floods a targeted organization's server or network with potentially thousands of requests in an attempt to overload the system, disrupting service by denying legitimate requests. While DDoS attack may be politically motivated or performed with the intention of receiving a payment, many are executed simply to cause havoc. A 2016 attack temporarily shut down Twitter, the Guardian, Netflix, Reddit, CNN, and many other sites. In 2017, there were 7.5 million DDoS attacks, and due to the ease of execution, there’s no reason to think 2019 will be any different.
Just because more organizations are refusing to pay ransoms doesn’t mean hackers are going to give up trying. Ransomware is expected to attack a business every 14 seconds by the end of 2019, costing the world $11.5 billion in damages. While attacks on large organizations make the headlines, small and medium-size organizations are predicted to be the new targets; they usually have weaker protections yet still possess valuable information, such as social security numbers or credit card information. Healthcare organizations should also be vigilant; ransomware will continue its pursuit of them because they have a goldmine of data, and losing access to it for any length of time could have severe consequences for their customers and patients.
Performing a Network Vulnerability Assessment
A vulnerability assessment involves identifying security exposures, taking inventory of all devices on the network (as well as their purpose, system information, and any vulnerabilities associated with them), an inventory of all devices in the organization to prepare for upgrade and future assessments, defining the level of risk, and creating a risk/benefit analysis to optimize security investments. If all that sounds like a daunting task, you’re in luck. The IT experts at DSM, Florida’s predictable cloud provider, can provide a free IT vulnerability assessment for you. Download the guide below to learn more about protecting your organization and then give us a call at 877-376-6381 to set up your free assessment.