Cyber security is something you must continue to know about. That's why this year's "Scaling New Heights" we'll take an inside look at everything you should know about the growing issue.
In "Cyber Security for You and Your Clients," attendees can explore the current pattern of cyber threats and crimes with an emphasis on preventing and recovering from the effects of cyber-attack.
We'll look at the major target threat mechanisms predicted as targets through 2020. We'll also identify the most common forms of malware impacting small businesses and individuals, and learn specific threat types, including their modes of attack, symptoms of attack, and steps-to-take if you come under attack.
In addition, the class will identify preventative measures, including "human based," "software based," and "hardware based."
Major Forms of Malware – Ransomware
Ransomware is a type of malware that enables attackers to find and encrypt your most important data. They then offer to provide the decryption key if you pay a ransom, within a short time.
This is the No. 1 IT security challenge you face today, with resource-limited small- and mid-size businesses the most likely targets.
Cyber criminals exploit a variety of threat vectors, including email, network traffic, user behavior and application traffic to insert ransomware. Without a comprehensive security strategy that secures all these vectors, you're almost certain to become a victim.
Recent statistics show you're about to become a victim if you have not already been one:
- 47 percent of business have been affected by ransomware
- The FBI reports that $209 million was paid to ransomware criminals in the first quarter of 2016
- 59 percent of ransomware infections are delivered via email attachments and embedded URLs
Protect Against Ransomware
Prevent attackers from infecting your systems via use of best-of-breed products to secure your network perimeter, email, web traffic and outward-facing web applications.
Anti-virus/anti-malware software really is insufficient, no matter the source. Even retail products that provide software based firewalls have been shown lacking when it comes to ransomware prevention.
Modern hardware, with associated software, firewalls are designed to protect dispersed network infrastructures, including on-premises, cloud-hosted, SaaS-based and mobile components, as well as third-party applications.
Always select firewalls capable of securing network connections for remote workers, improving site-to-site connectivity and ensuring secure uninterrupted access to cloud-hosted applications.
Detect Ransomware Attacks
Internal IT systems should be configured to detect ransomware and other advanced threats, using threat scanners and multi-layer detection technologies. Modern IT configurations will employ powerful tools to detect threats including latent threats and vulnerabilities already in your network, as well as advanced threats actively attacking your systems.
These systems focus on detecting and blocking phishing attempts, as well as identification of email-borne threats of all kinds. Many systems will even scan out-going information to ensure you're not unwittingly sending malware in your communications.
Tested Response and Recovery Plan
The goal of this plan is to recover quickly and easily in case attackers are successful. The most significant tool to recover rests upon state-of-the-art backup solutions that leave attackers with nothing, while you get right back to business quickly.
Your backup technology should automatically create updated backups as files are revised, and duplicates them to the secure cloud or private off-site locations. If criminals manage to encrypt your files with ransomware, your first response should be to eliminate the malware, then delete all encrypted files and finally restore them from the most recent secure backup.
When properly configured, the entire process can take a relatively short time, so you can get back to business and leave the ransomware criminals empty handed.
But recovery plans should be more than just "responsive," they should be proactive as well. Remember when we use to have "fire drills" in grade school to help get ready for an event we hoped would never happen? When is the last time your office had a malware drill?
You don't need an idea for such a drill?
Well, when is the last time you tested the people in your office by sending them an email with a test link to see if they would click the link just because the email came from you? Training and education, along with response testing, are critical aspects of malware attack prevention.
If you want to learn more about the emerging cyber attack formulations threatening you and your clients, as well as how to prevent, detect and respond/recover from attacks, join me for "Cyber Security for You and Your Clients" at this year's "Scaling New Heights" in Orlando.