Is your organization thoroughly prepared to combat cyber attacks? Are you sure you know all you need to know to protect your assets from the dark cyber world? For example: Do you know how quickly an average hacker can infiltrate a network? Do you know how long it takes for the average business to detect a breach? Is a dynamic IT department enough for formidable cyber security?
Not so sure? Run through our Crime Crime IQ Quiz and find out what you didn’t know.
Test Your Cyber Crime IQ
- Aren’t the threats of cyber attacks just a lot of hype? Does our company really have to worry?
A: No, the threats are not just hype. And yes, you should worry. Cyber attacks have been escalating every year. In 2018, total global attacks increased a whopping 62% at 210 million. Additionally, 49% of global business leaders anticipate some form of cyber attack upon their organization in the near furture.4
- But aren’t cyber criminals mostly interested in mammoth corporations that offer copious amounts of data and money?
A: Not Always. Businesses with less than 5,000 workers account for 70% of all cyber attacks. Dark actors typically search for the path of least resistance. Regardless of size, organizations with light cyber security offer easy access.
- If our organization doesn’t handle highly valuable information, such as intellectual property, financials, or personal identification data, could we still become a target?
A: Increasingly, cyber criminals are going after direct financial payout (ransomware) or confiscation of CPU power for financial gain (cryptojacking).
- What is ransomware?
A: It’s a form of malware (bad software) usually delivered through an infected email or link. Once activated, it infects an organization’s network. But rather than confiscating your data and selling it for profit, malicious players deny you access to your data until (maybe) you pay their requested ransom.
- How does cryptojacking work?
A: A cyber criminal imbeds a malignant code into a website, online video, or link. Once you land on the infected site, open the video, or click the link, a process begins that redirects a large portion of your CPU’s power back the cryptojacker for his or her financial gain.
- If cryptojacking just steals computer processing power, can it really be that dangerous?
A: If enough computers in your network become infected, the assault could gravely slow down your processes or crash your entire system, resulting in gaps in production, missed deadlines, and encumbered customer communications, etc.
- We don’t have the budget for a big IT department or the “latest and greatest” cyber security technology. Will a good firewall and anti-virus software be enough?
A: Reliable cyber protection doesn’t have to break the budget, but it does require more than software. Comprehensive cyber security is an enterprise-wide, multilayered approach, including:
• Routine cyber security risk assessments
• Frequently updated software and systems
• Investigation and verification of third-parties’ cyber security practices
• Development, testing, and documentation of security protocols
• Strenghtening of authentication methods, such as using dual authentications and regularly scheduled password resets
• Awareness of current cyber crime trends
• Employee education of cyber security best practices and cyber crime schemes
- But if we do have a substantial IT department and high-end security tools, then we don’t need to train employees, right?
A: Wrong. IT and cyber security technology are only a portion of your protection. Staff must be made aware of current cyber risks and their part in cyber breach prevention. A 2018 Netwrix IT Risks Report found that more than 50% of data breaches are perpetrated unintentionally by insiders. A Dell End-User Security Survey also revealed that “72% of employees are willing to share sensitive, confidential, or regulated information.”2 Further driving this home is this statement from Experian Data Breach Resolution’s vice president declaring that “…80% of all breaches we service have a root cause in some type of employee negligence.”
- What are some ways personnel can pose threats to our cyber security?
Unwittingly opening a malware-infected email
• Losing or having a device stolen that contains business data and applications
• Logging onto unsecured networks with a device that harbors enterprise data
• Storing passwords on portable devices or other unsecure locations
• Sharing confidential business information on social media
• Failing to provide strong passwords
- We’ve cut costs by allowing employees to use their personal devices rather than company-issued laptops. Are there risks in BYOD (Bring Your Own Device)?
A: Yes. Many workers are now accessing company data and applications from their personal laptops, phones, and tablets. Should they log into unsecured public networks to do so, they expose business information to any dark actor trolling the network. 50% of Chief Information Security Officers (CISOs) reported that the largest security incident their organization faced was due to phished credentials from employees’ personal devices.6 Also, staff are more likely to download third-party apps and other potentially risky material on their personal devices, which threaten security.
- Then business-issued laptops and devices are much safer?
A: Not necessarily. If workers are permitted to take the devices off company grounds, there’s always the risk of theft or loss, and the same threat posed by unsecured networks. A stunning 86% of IT professionals reported an employee lost or had their laptop stolen; 56% of those incidents incurred a data breach.3
- What is the most common method of cyber attack?
A: Phishing emails launch 93% of all data breaches.5 Cyber criminals masquerade emails, texts, or social posts as litigate communications in order to accomplish one of two things: obtain personal information, such as credit card numbers, or to deliver malware when a victim opens the email or clicks on an infected link.
- What’s the average time span between a data breach and its detection? 1
A: Many organizations do not detect a breach for 200 to 300 days. 1
- How long does it take a hacker to breach an organization’s network?
A: 76% of hackers claim then can breach a protected network in less than 10 hours.1
- Once inside, how much time does it take the average hacker to locate their target data?
A: 55% of cyber criminals claim they can access desired data within one hour, the remainder claimed less than five hours. 1
- Who are the hackers?
A: Many of us hold a similar vision: A dark-hooded, faceless recluse, hunched over a keyboard day and night in some dank, remote basement. But according to the 2018 Black Report – Decoding the Minds of Hackers, they are very much a part of our daylight, inclusive world. The report revealed that 32% declared they worked for populous enterprises with more than 50,000 employees, another 52% work for small to large businesses. Only 9% claimed to be self-employed. Additionally, 43% of hackers stated they are college graduates, with 40% holding at least three security certifications.
How did you do?
This Q & A is only a small sample of the valuable information available to help bolster your organization’s cyber resiliency. The more you know, the better chance you have to defeat the dark forces of the cyber world. And no cyber security efforts are complete without comprehensive risk assessments for deeper prevention and incident management plans for when the unavoidable hits.
For more great industry insights, check out our free infographic:
1. The Black Report, Decoding the Minds of Hackers, 2018
2. How to Prevent Data Breaches Caused by Employees, Security Boulevard, 2018
3. 7 Shocking Statistics That prove Just How Important Laptop Security Is, techspective, 2018
4. Cyber-attack is now a case of ‘when’ and not ‘if’ for UK CEOs, KPMG, 2018
5. Small Business Security 101, SBS CyberSecurity, 2018
6. Phished credentials caused twice as many breaches than malware in the past year, Help Net Security, 2018
Written by Angie Longacre
As a writer for Assurance Software, Angie devotes her craft to promoting business continuity and disaster recovery awareness, and trumpeting Assurance Software’s invaluable benefits for both. When she’s not commanding the keyboard, you can find her outside for a run, searching for her next antique treasure, or lost in a good book.