Cyberattacks are an increasing threat throughout the world as we become more and more dependent on technology. Recent attacks have wreaked havoc on individuals, companies, and whole countries. Criminals hack into computer systems and jeopardize national healthcare services, banks, energy companies, and airlines. The attacks are expanding in both breadth and scope. The major hacks will flood a news cycle, even this blog will review a couple of them. However, the small-scale attacks garner considerably less coverage.
Small Companies at risk
Thousands of small businesses are targeted by cyberattacks every day: according to the 2016 State of SMB Cybersecurity Report, half of all small businesses in the U.S. have been hacked in the last 12 months. To date, our website has prevented over 12,500 malicious login attempts.
So far we’ve been lucky. *knocks on wood*
The US National Cyber Security Alliance detailed that roughly 60% businesses that succumb to a cyberattack will be “out-of-business within a year”! And that’s not all: a study by Verizon claims that the internet is experiencing a 50% increase in ransomware being spread around online. There is a good reason ransomware has increased in popularity: it works!
Take a hospital in California as an example: it fell victim to a ransomware attack and ended up paying nearly $17,000 in bitcoin to unlock their systems. The internet is becoming a more dangerous and volatile place, but malicious software can’t take all the credit. The responsibility to keep a business safe still falls on the shoulders of its owner(s). The proper precautions must be taken to ensure the privacy, security, and integrity of a business’s online infrastructure.
You wouldn’t lay out sensitive information on the street for anyone to discover, would you? Don’t do it on the internet, then.
Notable Cyberattacks of 2017
WannaCry, May 12
It only took one day for the ransomware “WannaCry” to sweep through 150 countries, affecting over 200,000 computers. The attack reached both the public and private sector, and also devastated the UK’s National Health Service. WannaCry was developed from EternalBlue, a malware created by the US National Security Agency (NSA) after the discovered a flaw in one of Windows’ security systems. Oddly enough, WannaCry was designed with a “kill switch”, which has raised greater suspicion of the motive behind the attack.
Shortly after WannaCry introduced a dangerous new frontier in cyber warfare, Petya ravaged through computers in the United States and the United Kingdom. Petya, a revision of its predecessor WannaCry, had its own flaws: like a broken payment system. Although this was a global attack, Petya was particularly damaging to the Ukraine. Reuters reported that the Ukraine made up 80% of the Petya infections worldwide!
Petya shook the country’s infrastructure, crippling its central bank, power plants, air travel, and public transportation. The attacks leads many to believe that there was a political motive behind the attack
Vault 7, March 7
Wikileaks does one thing extremely well: expose government secrets. Their March 7th bombshell titled Vault 7, did just that. In the biggest leak of a U.S. agency in history, Wikileaks leaked roughly 8,000 pages of classified CIA documents. In these leaked documents, the NSA’s own cyber weapon EternalBlue was brought to light. This malware was developed by exploiting a patch in the Windows’ security software. Unfortunately, EternalBlue would prove to be a shiny new toy for hackers everywhere. It was the inspiration for the WannaCry and Petya cyberattacks mentioned earlier. These documents also exposed other terrifying secrets of our government; like using smart TV’s as listening devices. The secrets of the best hackers in the world, the NSA, is now a how-to manual for hackers.
Unlike the WannaCry and Petya, the Vault 7 leak was not an outside attack. Rather, it was an inside job. There is not much to be done to prevent internal sabotage. This is a potential risk for any business with multiple employees.
Deep Roots Analytics, Undetermined
Like above, not all cyber security breaches are orchestrated attacks; sometimes people forget to implement an important step in protecting proprietary business information online. Deep Roots Analytics is a data firm that handles voter information in the U.S. Recently, due to an error in configuration, a terabyte of voter information (approximately the voting records of 198 million citizens in the past 10 years!) was left unprotected and became publicly accessible to anyone with the know-how to access it. It’s still unclear how long the information was available or who saw it. Unfortunately, a misconfiguration in security software is a common risk for too many people.
Basics of Staying Safe Online
We don’t like to use absolutes like ‘always’ and ‘never’ because those words give off hyperbole vibes. However, we recommend to never click on links from strangers and always take responsibility for what you expose your computer to online. The email sender and links should be from trusted sources but even that may not be good enough since malware can be deceiving. Advanced phishing and spear phishing can replicate legitimate emails so well that they can confuse the most sophisticated web browsers. Just remember, don’t disclose personal information unless you are 100% positive that the website is safe and legitimate.
Does that website look a little fishy?
- First things first, does the website have an encrypted connection? An encrypted connection enables secure communication over computer networks.
- Another tell-tale sign of a suspicious website is poor English strewn around the site, such as grammatical errors and simple spelling mistakes.
- Is there contact information available?
- Does the website URL have “https” coupled with a padlock icon to the left of it? Don’t buy or share any personal information with sites (without) this, it is probably a scam. Proceed with caution.
Keep a spare
This is an overall safety tip: don’t keep all of your secrets or information in one place. Backup your data by using another storage device (separate from your operating system) and store it a secure place. Accidents can happen, let alone the risk of the multiple types of cyberattacks waiting to trip you up. In the case of an emergency, don’t fret. You were smart enough to backup your data and hide it in the Rocky Mountains. Safe!
Sneaky Sneaky, Wifi
Unsecured wifi connections are very tempting, especially when there is no other way to connect to the internet. Unfortunately, exposing your computer to unknown forces is not the safest thing to do. Sometimes these unsecured connections allow hackers to peek into your systems. This should go without saying but never shop over unsecured wifi connections either. Verify that the network you are connecting to is a VPN (virtual private network).
Maintenance is key
Stay current. Keep pace with the new ways to stay safe online: check trusted websites for the latest information. Talk to your friends, family, and colleagues about internet safety. If you have employees, encourage them to be smart online. Create company guidelines that keep employees safe and up-to-date. Password difficulty and double authentication (if available) seem tedious but important.
Ready for the next step?
Working with a digital marketing agency can be a highly rewarding experience for a small business owner who is ready for growth and a focus in internal resources on other aspects of their business. Schedule a 15-minute consultation with us today to learn more about how we can help you with your online presence.