Cyberthreats to be aware of in 2019
2018 was an unprecedented year for cyberattacks against companies, organisations, and charities in the UK and around the world. Year on year, Rymote and other specialist providers protecting corporate clients have seen the number of ferocity of attacks on computer systems increase as cybercriminals attempt to steal sensitive personal and financial data.
CEO of Endgame, the security firm, Nate Fick told CNN that “we’re living in the beginning of an era of mass targeted attacks…Things are bad and they’re going to get worse.”
The introduction of GDPR in the UK and across the European Union in May 2018 raised the stakes even further. While many believed that the rules which preceded GDPR were thorough, GDPR was complicated, tough, and difficult to implement, even for the most tech-aware and -able firms.
Serious data breaches may lead to significant financial fines imposed by the Information Commissioner’s Office. If a company is successfully attacked, it must inform all clients who have been potentially affected that their sensitive data may be in the hands of someone wanting to defraud them.
The threat posed by cyberattackers in the era of GDPR is not just financial – can you imagine the reputational damage caused to, for example, a major law firm which holds the most confidential details on people’s lives and on the commercially sensitive activities of corporate clients?
For most employers, the thought that their employees could be involved in cybercriminality is unthinkable but it does happen. Employers are particularly vulnerable to the theft of customer databases when one employee starts work for a competitor.
Employees present another issue too. Through lack of knowledge or genuine human error, they can be your weakest security link no matter the strength of the hardware and software you have in place to protect yourself.
It’s scary stuff but we’re pleased to share with you a general high level of awareness in our business clients as more and more of them asked us to beef up their digital security to protect their customers and their reputations.
The team here at Rymote recently met, in preparation for this article, to discuss what we believe the biggest threats facing our business clients in 2019 would be. And, when you’re reading this, we ask you to remember one thing – far more SMEs are just as vulnerable as larger companies.
In 2017, hundreds of thousands of computers around the world were infected with WannaCry, a not-particularly-sophisticated piece of malware which threatened victims that all of the data stored on a compromised terminal or system would be wiped unless a ransom was paid.
In the UK, the National Health Service was particularly badly affected, as reported here by BBC News. Legal Week (link) reported that international law firm DLA Piper was affected by a similar attack at around the same time.
Did you know that, no matter how well protected by passwords, WiFi is ultimately flawed and that it can be hacked by someone with the right skills? See the Guardian’s report on it here.
That means that all the WiFi connections in your office are vulnerable. All of them. In addition, hackers use a variety of different methods to enter computer systems without authorisation including the use of browser-based Java consoles and Flash video players (think early YouTube).
Once they’re in, they can then use password hacking software to make themselves administrators on your network and it’s at that point when the most severe damage can be caused.
Those cybercriminals with administrator-level access on your network will be able to search both the terminal they hacked and the wider network for sensitive information. If users stay logged in to any cloud service your company uses, a cybercriminal may be able to search and download files stored away from your office too.
Members of staff away from the office who are using public WiFi (in a café, for example) are very vulnerable to having the data that they’re accessing intercepted too.
A Distributed Denial of Service (DDOS) attack is launched when hundreds (sometimes thousands) of computers attempt to access a website or ping an email server simultaneously.
If you’re the target, this barrage of requests compromises your web hosting or email service provider’s ability to display your site to genuine visitors or to allow the sending and receiving of messages.
According to ComputerWeekly, the “UK [is] second only to US in DDoS attacks”.
The DLA Piper attack we mentioned earlier shut down their phone system for a day, their emails for a week, and access to their archive for a fortnight. How much would it cost your business if it had to close it doors for a few days to get its communications systems back up and its data safe?
Over three quarters of cyber security incidents are caused by members of staff – no matter how good the technology you have in place is. This includes being sued because a staff member innocently used someone else’s picture or image without permission on a blog post or if an employee libels another person or company in an email.
Privacy protection failures
Many solicitors and claims firms are beginning to believe that privacy protection may replace payment protection insurance as the next golden goose. If you suffer a major privacy protection failure which compromised the personal, financial, and commercial details of your customers, you should expect that, sooner or later, you will be taken to court for it, just like Ticketmaster in June 2018.
Damage caused by hackers
Your website, your data, and your computer programs and apps are at a particularly high risk of damage from hackers if they get onto your network. How much would it cost you to replace, restore, or repair the damage?
Getting your cybersecurity right
Rymote provide audits for business clients showing them where their current security will give them the protection they need and where there is room to make improvements.
Want to speak to the Rymote team about cybersecurity and your business? We’d love to hear from you. Please call 0191 580 8856 or email us at firstname.lastname@example.org.