At "Scaling New Heights 2017," I taught a course titled, “Cyber Security for You and Your Clients,” which was very well received. In fact, some people said they had finally “awoke” to the reality that they were subject to cyber attack. Because cyber never stands still, I wanted to provide an update to some of the topics I covered in that course.
Whether you’re a small business with a handful of employees or a major corporation, everyone is a target for a cyber attack. Cyber crime is, as they say, “all about the money, honey.” And make no mistake about it – cyber criminals are out to make money off you anyway they can.
In reality, no business or individual is exempt.
It is truly alarming how everyone – individuals, small businesses and global corporations – are targets for cyber attack from such malware as ransomware, phishing and persistent threats.
A successful attack can be terribly costly, and not just financially. Brand and professional reputations can be damaged beyond repair. Just recently, a small accounting firm that had been hit by ransomware contacted me. It was trying to rescue about 20 QuickBooks files. Unfortunately, all of its backups were old and, despite paying the ransom, it was still having problems with some files that failed to decrypt.
Because cyber criminals have been so successful with data breaches over the past few years, literally stealing hundreds of millions of personal and financial records, there is a glut of this data on the black market. This has resulted in significant declines in the value of stolen credit card records, simply due to the economics of supply and demand.
As a result, cyber criminals have evolved and transformed their malware-based operations into ransomware and phishing, particularly targeted forms such as spear-phishing and CEO fraud, due to the fact these avenues are proving far more lucrative.
Ransomware extorts money directly from the victims. The cyber criminal isn't forced to try and sell stolen data on the black market. Literally millions of dollars are being gleamed via CEO fraud by convincing unsuspecting victims to wire funds directly to the cyber criminal.
What's Trending in Cyber Crime?
It appears that these “new and improved” cyber attacks are growing at the rate of several hundred percent each quarter – a trend cyber security experts say will continue through at least 2020.
Right now, there are more than 4,000 ransomware attacks being perpetrated on a daily basis. Seventy-plus percent of those are occurring within the United States. And if that isn't enough, a recent Cyber Security survey found that:
- 34 percent of businesses surveyed had been the victim of a successful email phishing attack that infiltrated their network
- 30 percent had been the victim of a successful ransomware attack that encrypted data on their network
- 29 percent had been infiltrated via malware through channel(s) unknown
- 17 percent had confidential or sensitive data leaked, accidentally or maliciously, via email
- 14 percent had one or more senior executives who were successfully infected via an email spear-phishing attack
- Only 27 percent reported they had not experienced any form of cyber attack or crime over the proceeding 12 months
Both phishing and ransomware attacks actually have gotten worse over the last 12 months. And, alarmingly, all of these cyber crime trends are continuing. Experts believe that businesses, not individuals, will increasingly be the primary target for phishing and ransomware.
Businesses, even small ones like those ProAdvisors deal with on a day-to-day basis, are more likely to have critical data that must be recovered. At the same time, cyber criminals believe these businesses have the ability to obtain Bitcoins, or other digital currencies, to pay off the ransoms.
Small businesses are far more likely to pay ransom demands than individuals who will simply write off their data loss to “a bad experience.” As such, cyber criminals will focus the bulk of their efforts on invading the domains of small businesses.
On the Horizon
While many of us are dealing with recent ransomware attacks (like those shown here), the rest of cyber crime is also the rise:
A Missouri-based B&B theater company, the seventh largest chain in the country, was hit with a two-year credit card breach that it recently discovered.
On July 4, a sophisticated malware attack affected Point-of-Sale (POS) kiosks at Avanti Markets, which jeopardized credit card accounts impacting 1.6 million customers.
Cyber security experts maintain that credit card machines and POS devices are preferred targets of hackers, because the data pinched is very easy to monetize.
And the next big threat is likely to be something called POS ransomware. Rather than gain access to a Point-of-Sale system to extract credit cards over months or years, cyber criminals appear to be ready to deploy new ransomware that can shut down a POS system. This new form of ransomware could bring the business and its revenues to a screeching halt until it pays the ransom.
Would you, or one of your merchant businesses, pay the price to get a POS operational in a matter of a few hours, as opposed to being shut down for a day or two?
In Part 2 of this series, we’ll look at some specific vulnerabilities impacting the potential for a cyber attack. We’ll also examine some of the steps you can take to reduce your risks of a successful cyber intrusion.