Cyber Threats to Small Businesses
概觀:
The number of complaints received by the Internet Crime Complaint Center (IC3) in 2018 was 351,937. This marks a 16% increase from 2017, double that of the 8% increase in reports between 2016 和 2017. 隨著報告的犯罪率繼續上升,,en,對企業的威脅,,en,越來越多地存在,,en,美國人因網絡犯罪而付出的總成本,,en,2017年的數字幾乎翻了一番,,en,從14億美元增加到27億美元,,en,網絡安全是任何企業的重要組成部分,企業領導者必須及時意識到這一現實,,en,儘管比去年更多的數據洩露故事成為新聞了,,en,Google和亞馬遜的家庭助理遭到抨擊,,en,持續的劍橋分析(Cambridge Analytica)醜聞和Facebook引發了幾次重大洩漏,,en,網絡犯罪對小型企業的影響遠大於對公司的影響,,en,小型企業遭受網絡攻擊的平均成本約為,,en,對於一個小型企業來說,這可能是一筆用於企業的資金,,en, the threat to businesses from cyber criminals becomes increasingly present. The overall cost to Americans from cyber crime in 2018 almost doubled 2017’s figures, increasing from $1.4bn to $2.7bn. Cybersecurity is an essential part of any business and business leaders must wake up to this reality before it’s too late.
Though more data breach stories hit the news than ever last year, with Google and Amazon’s home assistants coming under fire, the continuing Cambridge Analytica scandal and Facebook leading the way with several major leaks, cyber crime stands to affect small businesses much more than corporations. The average cost of a cyber-attack to small businesses stands at around $200,000, which could be business-ending money for a small enterprise. When 43% 的網絡攻擊針對中小企業,但僅,,en,準備充分,,en,許多企業主可能沒有意識到他們離開公司所處的脆弱位置,,en,IC3報告突出了一些突出,,en,網絡犯罪,,en,對企業的影響不成比例,,en,這些包括企業電子郵件洩露,,en,工資轉移,,en,勒索和個人數據洩露,,en,這些犯罪凸顯了網絡安全是組織中每個人的責任以及許多策略,,en,可以僱用來訪問您的網絡,,en,商業電子郵件洩露,,en,最常見的網絡釣魚形式之一,,en,商業電子郵件洩露涉及黑客或偽造企業成員的電子郵件,以操縱其他員工移交敏感信息或授權假資金轉移,,en,網絡釣魚,,en 14% are adequately prepared, many business owners are likely unaware of the vulnerable position they leave their company in.
“ 2018 IC3 report highlights a number of prominent cybercrimes which disproportionately affect businesses. These included business email compromise, payroll diversion, extortion and personal data breaches. These crimes highlight how cyber security is everybody’s responsibility in an organisation and the many strategies cyber criminals can employ to gain access to your network.
Also read – Interesting Cyber security Trends
Business email compromise
One of the most common forms of phishing, business email compromise involves hacking or faking the emails of a member of the business in order to manipulate other employees into handing over sensitive information or authorizing bogus fund transfers. Phishing 電子郵件直接針對員工,並使用社會工程策略,例如強調緊迫性,,en,對接受者施加壓力的重要性或威脅,,en,減少此類犯罪威脅的最佳方法是確保公司所有成員都有,,en,培訓,並意識到仔細檢查重要請求的重要性,,en,工資轉移,,en,網絡罪犯有時還會使用網絡釣魚電子郵件誘使員工交出自己的登錄信息,,en,然後使用它來更改其工資單詳細信息並將其付款轉至犯罪分子控制的帳戶,,en,IC3收到,,en,工資轉移的投訴,,en,企業損失了1億美元,,en,強調需要,,en, importance or threat to increase pressure on the recipient. The best way to reduce the threat from this kind of crime is to ensure all members of the company have cyber security training and are made aware of the importance of double-checking important requests.
Must read – 最佳網絡安全習慣 - 您必須實踐,en
Payroll diversion
Cyber criminals also sometimes use phishing emails to convince employees to hand over their own login information, using this to then change their payroll details and divert their payments to an account controlled by the criminal. The IC3 received 100 complaints of payroll diversion in 2018 which cost businesses $100m.
Emphasizing the need for 安全 始終與業務中的其他任何人不共享帳戶信息對於避免此類犯罪至關重要,,en,建立用於更改付款明細的可靠流程還可以幫助避免此問題(如果犯罪訪問登錄明細),,en,瀏覽有關數據安全性的文章,,en,勒索,,en,勒索會影響家庭和工作中的受害者,但一些主要針對企業的策略包括拒絕服務攻擊和勒索軟件,,en,通過確保將在線存儲的所有敏感數據備份到完全獨立的服務器上,可以減輕落入勒索軟件的威脅,以便在信息被勒索的情況下,,en,該公司無需支付就可以恢復大多數數據,,en,拒絕服務,,en. Establishing robust processes for changing payment details can also help avoid this issue should a criminal access login details.
Also read – What is the significance of SSL Certificate?
Explore articles on Data security
Extortion
Extortion affects victims both at home and at work but some strategies which mainly target businesses include Denial of Service attacks and ransomware. Falling prey to ransomware can be mitigated by ensuring all sensitive data held online is backed up on a completely separate server so that in the event of information being held at ransom, the company is able to recover most of the data without having to pay out.
Denial of Service 攻擊涉及向公司的服務器或特定計算機充斥請求和流量,以使其崩潰並變得完全無法使用,,en,許多互聯網服務提供商都有額外的規定,可以在網絡中分配有害流量,,en,讓您的機器不受影響,,en,DoS攻擊可能會極大地影響生產力,並影響計算機的數據丟失,因此請確保採取預防措施,以確保您的業務可以繼續有效運營,,en,個人數據洩露,,en,數據洩露是當今最常見的網絡犯罪之一,,en,報告的數據洩露數量增加了,,en,在過去的四年中,隨著公司和消費者越來越意識到我們在線個人信息的威脅,,en. Many internet service providers have extra provisions to distribute this harmful traffic across their network, allowing your machines to remain unaffected. DoS attacks can result in huge dents to productivity and the loss of data from affected machines so ensuring precautions are taken ensures your business can continue operating efficiently.
Also read – New Cyber-Security Threat is “Brainjacking”
Personal data breaches
Data breaches are one of the most common cybercrimes happening today. The number of data breaches reported has increased by 150% in the last four years as companies and consumers become more aware of the threat to our personal details online. 許多大型公司負責數百萬條洩露的記錄,,en,通常認為這種問題不會影響較小的公司,,en,記錄一直從較小的公司中洩露出去,而沒有被媒體報導,數據洩露的後果可能是嚴重的,,en,除了損壞的費用,,en,公司可以面對保險索賠,,en,數據洩露造成的聲譽損失和收入損失,對企業的規模越小,影響就越大,,en,減少數據洩露損害的唯一方法是確保企業使用複雜的網絡安全軟件和策略,並擁有可以在發生洩露事件時覆蓋消費者索賠的網絡保險。,,en, it’s common to think that this kind of issue doesn’t affect smaller companies. 但, records are leaked from smaller companies all the time without being reported by the media and the fallout from a data breach can be drastic.
In addition to the cost of the damage, companies can face insurance claims, a loss of reputation and a loss of revenue from a data breach which has a much bigger impact the smaller the business. The only way to reduce the damage of a data breach is to ensure the business is using sophisticated cyber security software and strategies and to have cyber insurance which can cover consumer claims should a breach occur.
Also read – Network security v/s Cyber Security
結論
隨著犯罪分子發現新的和復雜的方式來破解和操縱員工和網絡,所有企業的網絡環境變得越來越危險,,en,最低限度的網絡安全措施將永遠無法使用,小型企業主應認真考慮黑客的代價而不是先佔保護的代價,,en,閱讀有關網絡安全的更多文章,,en,本文由網絡安全專家Damon Culbert撰寫,,en,全球網絡安全工作現場,,en,駭客,,en,techalpine.com/cyber-threats-to-small-businesses,,en. The bare minimum cyber security measures will not work forever and small business owners should seriously consider the cost of a hack over the cost of pre-emptive protection.
Read more articles on Cyber security
Author Bio: This article was written by Damon Culbert from Cybersecurity Professionals, cyber security jobsite worldwide.
