4 business hackers you need to know (and how to stop them)

Have you ever thought about what your business looks like inside the mind of a hacker? There’s a good chance a hacker has already probed your IT infrastructure and come to the ominous conclusion: Your business is a tempting target. More than 85 percent of all businesses in the U.S. were hacked in mid-2015 and many didn’t even know it, according to the Duke University/CFO Magazine Global Business Outlook Survey.

To a hacker, small businesses are the ideal target because they are typically less secure than enterprise business, yet have significantly more money in circulation than individual consumers. Stephen Cobb, Security Evangelist at ESET, calls small businesses the “cybercrime sweet spot.”

When it comes to cybercrime, what you don’t know can and probably will hurt you. Here are four types of hackers you need to know and how to defend your business from them:

The ‘Insider’

This inconspicuous employee could be the victim of the most recent round of corporate downsizing, or may be sitting in the cubicle right next to you operating completely unnoticed. The Insider plots unseemly ways to take down the company or turn a buck, or both. The Insider squirrels away network credentials and propriety information waiting for the glorious day of revenge.

Their Attack Strategy: The Insider likes to lurk around, operating from within the company’s own firewalls. Maybe they’ll use a tiny removable device to inject malware, spread malicious files or steal data. Or take advantage of weak on-prem security to gain access. Sometimes they operate from afar and partner with another ‘Insider’ within the company to do the dirty work.

Your Defense: Maximize your endpoint protection to disable or quarantine removable devices. Tightening internal security controls by restricting access to physical servers, computers and devices will stop an insider in their tracks. Choosing an endpoint security solution like EnCase Endpoint Security is a great way to detect, validate and prioritize unknown threats. EnCase also returns devices to a trusted state if they are lost, stolen or in the possession of an Insider.

The ‘Cybercriminal’

Cybercriminals use their coding skills to engineer elaborate hacks and develop ready-made crimeware applications that less technical hackers buy to conduct their own cybercrime ambitions. Either way, Cybercriminals are always looking to turn a profit, and as a result, push IT security development to new frontiers.

Their Attack Strategy: When they’re not using their elite coding skills to exploit network vulnerabilities, Cybercriminals deploy the latest viruses, malware, ransomware, phishing and spamming schemes. They often use ready-made crimeware applications that are easy to use and capable of launching automated attacks across the globe.

Your Defense: Encryption makes data unreadable without a key and is one of the best ways to starve data-hungry hackers. Encryption works because it is so complex that attempts at decryption become an exercise in futility. Avoid being among the 80 percent of companies do not use encryption on laptop computers or encrypt mobile devices. Consider security solutions such as the Sophos XG Firewall with Security Heartbeat, Kaspersky Endpoint Security for Business, Trend Micro’s Smart Protection Complete and Smart Protection for Endpoints, and McAfee’s Small Business Security suite to protect your business.

The ‘Bots’

Imagine an evil ruler has an underground robot army to do their bidding, and imagine that army being able to replicate and deploy itself at will. Scary, isn’t it? Unfortunately this is real in the world of hacking. Bots are deployed by Cybercriminals to collect personal information, infiltrate IT systems and distribute spam. Like an army of mad ants, bots are everywhere, constantly crawling the internet for a weakness to exploit.

Their Attack Strategy: Cybercriminals will use bots to exploit software vulnerabilities, break into accounts guarded by weak passwords, or by tricking you into installing their malware. They can do that in a variety of ways, including: getting you to install fake software, offering to run phony antivirus scans, advertising fake retail giveaways or posing as a fake customer service rep who needs you to login to your account to resolve an issue. Once inside, bots get right to work relaying vital information and resources that can be sold, ransomed or exploited.

Your Defense: Install antivirus and antispyware programs from industry leaders who deploy the latest in endpoint and network security, such as Intel Security (formerly McAfee), Trend Micro and Kaspersky Labs, who each offer full security suites for all business types and sizes. Anti-malware programs scan and monitor your computer for known viruses and spyware. When they find something, they warn you and help you take action.

The ‘Script Kiddie’

The ‘Script Kiddie’ is an ambitious young hacker in their teens or early 20s looking for the easy score. They typically lack the ability to write programs on their own, but can do considerable damage if they stumble upon an obvious network vulnerability.

Their Attack Strategy: The ‘Script Kiddie’ uses borrowed programs and common exploits to identify and take advantage of your vulnerabilities. They may happen upon your insecure data, weak passwords or careless employees.

Your Defense: Consider implementing a stricter password policy for your end users. They may not realize that ‘Passwd1234’ makes your business vulnerable. If one-factor authentication of a username and password isn’t enough to protect your business, use advanced authentication which requires an additional, non-password factor eliminates some of the most common forms of hacking. Consider going with 2FA, a cybersecurity leader in advanced authentication with user-friendly solutions.

Next Steps

Now that you know some of the potential threats to your business, you are ready to strengthen your IT security plan. Here’s what you need to do:

1) Get a network security assessment to reveal potential threats. CCB’s network security assessment tests the strength of your existing policies, sniffs out your vulnerabilities and delivers a report so you can show your boss all the details.

2) Based on your report, implement the security solutions to close the gaps. CCB partners with industry leaders in network and endpoint security to keep you up-to-date with ever-evolving security needs.

3) Educate your employees about your IT security plan. Your security measures will be wasted if your end users don’t learn how to use them. Get buy-in from upper management and implement user-friendly controls that every employee can follow.

We are always happy to give you some professional insight into what solutions are best for you. Send us a message and let us know how we can help.


Related Posts