Is my business targeted by cybercriminals? Any business can fall victim to a cyber-attack, but not all businesses are equally targeted – cybercriminals use different techniques to gain access to or disrupt your organisation. Let’s explore some of the ways you can tell if your organisation is the target of cybercriminals.
What exactly is a cyber-attack?
Cyber-attacks have become a popular theme in news headlines in recent years, but what exactly is a cyber-attack? We spend so much of our lives online that cyber-attacks have the ability to disrupt everything from our daily commute, finances, and schedules, to our productivity in the work environment.
A broad definition of a cyber-attack is what happens when criminals (an individual or group) get unauthorised access to computer systems, networks, or devices with the intention of causing harm or purposefully cause a disruption that affects online systems or devices.
These criminals use a variety of methods to launch a cyber-attack, including phishing, ransomware, denial-of-service, and other methods.
What happens when a cyber-attack is successful?
A successful cyber-attack can have direct and indirect impacts on you and your organisation. This includes financial losses, litigation, lasting reputational damage, and intellectual property theft. It could also lead to significant amounts of commercially sensitive data being stolen.
In your personal life, this can translate to you having:
- Your personal data stolen and used.
- Your finances are accessed and used.
- A disruption of service you need, for example, transportation, healthcare, and shopping.
- Your personal files are encrypted.
- Your personal devices are accessed and used.
Why would a criminal target my business?
There are several reasons why cyber criminals target businesses. Some large or key enterprises are targeted for geopolitical or ideological reasons, but for the most part, local business are targeted for profit.
Your information is valuable, and criminals will try any and all means to access your data directly, or indirectly by targeting your employees and the businesses you work for.
How are business like mine targeted?
There are a number of ways to identify whether your business is targeted by cybercriminals.
Phishing is a common method a criminal would use to gain access to your organisation, but these attacks vary in type and the objectives the criminals are aiming to achieve. Take a closer look at phishing emails that have been sent to your organisation.
Are criminals using general “spray and pray” type of emails that aren’t personally addressed to your employees? This type of phishing attack is very common and relies on economies of scale to launch enormous amounts of emails into the email ether.
Are criminals using phishing emails personally addressed to your employees? This type of phishing attack is also common, and employee names are usually derived from email subscription leaks that can easily be downloaded from the internet. They have a more ‘personal feel’ and can address the employee specifically and ask them to perform an action of some kind.
Are criminals using phishing emails personally addressed to your employees with organisation-specific objectives? This type of phishing attack usually indicates that the criminals have performed some form of reconnaissance exercise of your organisation or they have insider knowledge of your processes. These attacks can be difficult to spot or block because they have a ‘personal feel’ and may seem legitimate. They are commonly referred to as Spear Phishing.
Are criminals using emails that seem to be FROM an employee, but it’s a fake business email address? Criminals will often create an email account with an email address that’s almost identical to one in your business to gain trust. This is called a Business Email Compromise, or BEC, and the objective is usually some form of payment to the criminal bank accounts.
Phishing attacks are usually trying to get something from you, like your personal information, or criminals are trying to get you to do something for them, like install a virus or make a payment.
Other cyber-attacks are:
- opportunistic where the criminals find vulnerabilities in your organisation’s system, network, or device defences – and then exploit them.
- Denial-of-Service attacks overwhelm your systems by sending vast amounts of traffic to make systems unstable and eventually crash. Systems can only handle finite requests at a time.
What can I do to protect my business?
Businesses are targeted through people – using phishing, malware and online scams. Enable your business to become cyber smart and by equipping your staff with practical, ongoing, and relevant knowledge, tools and ideas through a robust security awareness programme.