A report covering cybercrime this past year concludes that there are two main groups of cybercriminals: those that target a specific organization, and those that play more of a numbers game.
The first group knows what they want to breach and possible rewards to be gained. Unfortunately for organizations in their crosshairs, these kinds of cybercriminals are not easily diverted from their goal. Cybercriminals who launch non-specific attacks operate on the theory that if they have enough victims in their crosshairs, sooner or later they will achieve the end result hoped for.
One trend that emerged recently is DNS hijacking where cybercriminals take charge of certain DNS entries. This cyber-attack allows bad actors to silently redirect unsuspecting visitors from legitimate systems to malicious ones with the end game being to install malware or to intercept confidential data and credentials.
Cybersecurity professionals say that while new types of attacks emerge each year, the old ones are also flourishing – such as ransomware attacks. Last year, for example, there were a number of high profile ransomware attacks. The city of Baltimore suffered a massive ransomware attack that affected 7,000 users in city government buildings. Baltimore city government refused to pay the ransom but spent more than $10 million trying to recover the data loss.
Lake City, Utah, and Riviera Beach, Florida, suffered from similar ransomware attacks but chose to pay the hackers a combined $1 million in bitcoin.
Another trend should grab the attention of small business owners: As large companies continue to get serious about data security, small businesses are becoming increasingly attractive targets—and the results are often devastating for small business owners. Truth is, cyber-attacks destroy small businesses.
Recent surveys conducted by the Small Business Authority, Symantec, Kaspersky Lab and the National Cybersecurity Alliance suggest that many small business owners are still operating under a false sense of cybersecurity.
The vast majority of U.S. small businesses lack a formal internet security policy for employees and only about half have even rudimentary cybersecurity measures in place. Also, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker proof and nearly 40% do not have their data backed up in more than one location.
Want to learn more about cybersecurity. Tonex offers Cybersecurity Fundamentals, a 2-day course that covers cybersecurity disciplines dealing with real-world use cases and applications transferring technical, management and policy skills to secure information and infrastructure and combat new attacks.
Additionally, Tonex offers nearly three dozen more courses in Cybersecurity Foundation. This includes cutting edge courses like:
—Automotive Cybersecurity Training (3 days)
—Electric Grid Cybersecurity Master Certification (4 weeks)
—Network Security Training (2 days)
—Software Security Training (2 days)
—ICS Cybersecurity Training (4 days)
For more information, questions, comments, contact us.