Seventy-six percent of breaches are financially motivated, according to the 2018 Verizon Data Breach Investigations Report. But, how do attackers make money by infiltrating your system?

MYTH: Hackers Target Specific Businesses

Let’s dispel a common misconception that small businesses have little to offer bad guys. This is simply not true. Small businesses are at risk, because typically attackers have no knowledge of who you are or what your business does.

Imagine your business as a house in a residential area. Your IP address from your Internet Provider is one of thousands in the neighborhood. Like a burglar peeking in windows and jiggling door handles looking for openings, an attacker scans large blocks of IP addresses at a time looking for unlocked doors to allow them inside. Like a burglar, attackers note the location of weak IP addresses and come back with another tool to crack logins from lists of previously known passwords or other exploits. At this point, the attacker has a variety of options depending on their skills and tools available.

What Happens After a Hacker Gets in Your System?

1) The bad guys examine your data on your computers. Unprotected data is a treasure trove. Personally Identifiable Information (PII) is a valued commodity on the dark web. W-2s, credit cards, drivers licenses and medical records are just some examples of what can be sold. Just like any other item in bulk, the initial attacker may sell a batch of records for a few dollars apiece to someone who intends to either use or sell them, which is the case for a credit card cloner, someone who will make fraudulent cards and sell them individually. This data theft is not easily detected, as the data is simply copied and left intact in your system. Loss of PII creates damage to a business through potential litigation and reputation loss.

2) With the explosion of various cryptocurrencies, bad guys will use attacks through infected ads and websites, phishing campaigns and other means to enlist computers into “mining” cryptocurrency. The computer is not damaged or altered but now is using Central Processing Unit, or CPU, resources to provide financial gain for the bad guys and slowing the computer down. Businesses, who don’t have risk management, must use some form of IT support to diagnose and solve these performance issues.

3) Ransomware is popular for a quick buck. Ransomware encrypts your data files, making them unavailable to you and your users. You are required to pay the ransom in the form of a cryptocurrency in hopes of being given the key to unlocking files. Unsurprisingly, not all bad guys are honest people, and many won’t hand you the key back to the data castle. This is becoming less popular with attackers as it’s a one-shot deal for them, whereas remaining on your network to harvest PII or mine cryptocurrency is a continual revenue stream. Businesses without good backups are most impacted from ransomware.

How Do I Stay Safe from Cyber Attacks?

Educating your employees is the single most important step in combating cyber attacks. Attackers have many tools to infiltrate your network through phishing emails and weak passwords. Training your employees goes beyond phishing tests and includes password hygiene and data breach awareness for management.

A proper layered defense will catch attacks that bypass humans. Many attacks are designed to run only in memory and are difficult to stop with traditional anti-virus software. Access Systems offers information security solutions that detect those attacks early to minimize the damage. If you are worried about your cybersecurity, please reach out for penetration testing or other services.

Having off-site backups can make the difference:

• Backups are both available on-premise and a separate off-site solution.
• Cyber attacks often target the on-site backup to make targets more likely to pay ransoms.
• Any backup is only as good as the last test restore. Backups should be frequently tested to make sure it can restore the data through disaster drills.

Backups are essential to cybersecurity, so much so that is the first thing Access Systems’ Network Operation Center (NOC) technicians do every day.

Backups Can Take the Power Out of Hacker’s Hands

Attackers are highly motivated to infiltrate your network. Their paycheck relies on it, but there are steps you can take to prevent cyber attacks. Besides strong passwords and phishing training for your employees, backups are your key to minimal downtime.  Explore more about how backup and disaster planning can protect you on multiple different levels.