Cybersecurity, cyber attacks, firewalls, malware, hacking.
Most of these words make you think of Wikileaks and Russian spy movies. As a small business owner, you don’t have anything to worry about, right? You don’t have anything to hide.
However, cyber attacks cost small businesses an average of over $2 million in 2017. Your livelihood could be in more danger than you know.
Do we have your attention now? But what is cybersecurity? We’re here to explain to you what kind of cyber attacks are out there and how you can defend yourself and your business.
What Is Cybersecurity?
Cyber attacks can come in many different forms. Most will be to either steal information or insert malware. Cybersecurity means having firewalls, encryptions, and other software in place that keep malware and hackers from infiltrating a computer’s stored files and basic functions.
High-status individuals can often be targeted, but the average hacker is more interesting in businesses that have large databases. Manufacturing companies may think that they’re immune because they don’t deal directly with customers, but because of all of their professional interactions, they’re actually one of the most popular targets for hackers.
While you may think that your business is too small to get hacked or even noticed, think again.
Why You Should Care
With email, online bank transactions, and the Cloud, technology has made it easier to do most business negotiations, advertisements, and transactions online. One capable person with a laptop can wear as many hats as they need to to run a successful company. This is great news for small to mid-sized businesses who might not have the budget to sustain a large staff.
Unfortunately, it’s also great news for hackers.
Hackers are the cockroaches of the online world. They can survive anything and, despite all the traps you lay, they somehow manage to get in.
It’s a dangerous game to think that these malicious hackers won’t target your company because you’re small. In fact, hackers are more likely to target small to mid-sized companies. This is because you have more useful information than an individual consumer. You also have less sophisticated security than a Fortune 500 company.
It is paramount that you take control of your security to protect you and your client/customer information as soon as possible.
The first step to any powerful defense is knowing how your opponent will attack.
What You’re Up Against
As mentioned above, the key to any defense is knowing your opponent. Here are 9 different ways a hacker might attack your systems.
1. Man in the middle (MitM) attack
A Man in the middle attack (or Middle Man attack) occurs when a hacker intercepts a “packet” of information while it’s traveling from one server to another. A packet could be anything from an email to login information to a transaction.
Once an outside party has intercepted this packet, they can alter it, replace it with their own, or even keep it all together and send nothing. This is a sneaky way for hackers to coerce people into giving them information without having to break into their company’s actual system.
2. Password attack
Obtaining someone’s password is a key component in compromising their system. Hackers do this through social engineering, combing through unencrypted data, and guessing. They do this through two different methods:
The brute-force method entails gathering information about the person’s family, interests, and lifestyle. They then try different combinations until they find one that works.
The dictionary attack is much more technical and involves a file or packet of information that has already been obtained. If that The dictionary attack is much more technical and involves an already obtained file or packet of information. If that packet is password protected, the hacker will apply a dictionary of common passwords to see if any of them hit the mark.
3. Eavesdropping attack
Businesses are vulnerable to eavesdropping attacks if their network and information aren’t encrypted. With this method, an attacker can gain credit card numbers, passwords, and other information.
Passive eavesdropping is when an attacker listens to or reads a packet of information that is being transmitted.
In a less subtle fashion, active eavesdropping is when the attacker disguises itself as a friendly server and requests info.
Both are worth watching out for. An attacker will often use passive eavesdropping to decide when and how they will perform active eavesdropping.
4. Denial of service (DoS) and distributed denial of service (DDoS) attacks
Denial of service attacks doesn’t attack the initial system itself. Instead, it targets the resource systems that the victim interacts with so that it can’t perform any basic service requests.
On the other hand, a distributed denial of service attack won’t even attack the victim’s direct sources. Instead, it will infiltrate it with a wide variety of other host services that are already infiltrated, cutting it off on all sides.
This kind of attack isn’t used to obtain information, but it can often cripple a system and make it vulnerable to future attacks.
5. SQL injection attack
SQL stands for Structured Query Language. This means that a hacker is using the language of the computer database rather than a human language. An attacker will gain control this way by disguising itself as a client and sending a request in this language.
Once they have access to the database, they can send requests for specific user information like usernames and passwords. They can also perform functions such as system shutdowns. The older an interface is, the more likely a hacker will be able to obtain the SQL injection.
6. Phishing and spear phishing attacks
Phishing is straight-forward. The attacker sends an email to their target that either requests personal information or encourages the target to open a link. That link leads to a website that encourages them to download malware. Once the victim downloads the malware, the attacker will be able to infiltrate their system to perform further attacks.
7. Drive-by attack
A drive-by download attack targets un-updated emails, apps, or web pages, and it doesn’t require the company or user to actually do anything.
They do this by embedding their own script into a website’s HTTP or PHP code. When anyone visits that page, the embedded code might send them to a site that the hacker controls or even send out malware.
It’s called “drive-by” because the hacker gets in, leaves their code, and gets out.
8. Cross-site scripting (XSS) attack
XSS attacks target someone’s web browser by implanting script into a third party’s code.
For instance, almost every website on the internet uses some form of JavaScript. An attacker will place the malicious script into Javascript’s page or packet. When an outside source requests that information, the script uploads malware onto the victim’s browser or system.
9. Malware attack
We’ve mentioned malware many times so far, and rather than stealing information, it hinders a targets functions. There are many different types of malware, some you may have already heard of:
• Macro Viruses – -infect applications like Microsoft Word and Excel
• File Infectors – infects a file with code that executes once it’s opened
• Polymorphic Viruses – disguises itself as encryption and decryption cycles
• Stealth Viruses – infect malware detections software to hide future malware
• Logic Bombs – set to only go off in specific circumstances (ex. date/time)
• System or boot-record infectors – attaches itself to hard disks
• Trojans – hides in a useful program to establish a backdoor into a system
• Worms – spreads itself across email servers
• Droppers – transports, installs, and updates viruses
• Ransomware – blocks access to a victim’s data until the victim pays “ransom”
• Spyware – steals system information without revealing itself
• Adware – forcibly shows ads through popups and side-bars
What You Can Do
This list undoubtedly seems very intimidating. In truth, you have every right to be fearful of hackers. They can cause a lot of damage, and inadequate cybersecurity can lose you customers and forever damage client relationships.
AND NOW FOR SOME GOOD NEWS!
There are steps you can take to prevent these attacks from happening. The first step is to make sure that you have basic security software enabled. Protect your databases and encrypt your information.
Once you’ve done that, your next step is to perform penetrating testing. This essentially means paying a hacker to test your security measures.
This might seem like asking for trouble, but there is a class of hackers out there known as “ethical hackers” who get paid to hack into a company’s systems and report back with their security recommendations. The better they are at hacking, the more high-profile companies they get to work with.
Alpine Security is a Penetration Testing Service that specializes in expert hackers and clear and concise reports that are both prioritized and actionable.
Conclusion
If you’re running a small to mid-sized business, there are a lot of moving parts to consider. The last thing you should have to worry about is where or not a hacker is targeting you. Now that you’ve answered the question “what is cybersecurity” you can begin to protect yourself. Know your enemy and protect yourself immediately so that you can start focusing on what matters: your own success.
Contact us with any questions you might have, and be sure to also read our article on other ways to up your cybersecurity and protect yourself.