Cyber Attacks: Don’t underestimate the risks
Cyber-attacks may seem like a recent phenomenon, but they have been around almost as long as modern computers and computer networking has existed. Things have only become more complex over time, with both hackers and those tasked with cybersecurity continually evolving their methods.
The Oxford dictionary describes a cyber-attack as ‘an attempt by hackers to damage or destroy a computer network or system’. The reasons for doing so can range from a hacker group wanting to show off their skills or most likely to extort money out of an organisation. Disrupting services and weakening Government-controlled entities are also common, and the recent attack on the Irish health system brought to light just how dangerous and damaging such attacks can be.
On 14 May 2020, the Russian-based Conti group carried out a nationwide attack on the HSE which resulted in widespread disruption to the health network. An unknown amount of personal data was stolen with the Conti group threatening to publicly release the information if a ransom of $20m wasn’t paid. Thankfully, the group handed over a software tool soon after to help return the HSE’s systems to normal, however the damage caused was still being felt months later, with delays to bookings and treatments. Some sensitive data about patients was also released.
Don’t Become Complacent
The lesson here is not to become complacent with regards to your organisation’s security measures – the HSE still has almost 30,000 computers running Windows 7 which hasn’t had security support since early 2020. You may think that your company is ‘too small’ to be targeted, but businesses just like yours are regularly victims of cyber criminals, they just don’t make the headlines.
What’s the worst that can happen?
It’s not just basic data that can be stolen, once a cyber attacker has access to your system, they can lock you out of your own files, disable phone lines and delete critical information. The next step will be for them to demand payment to unlock your files and allow you access to your server. Payment doesn’t always guarantee results and you can never be certain that the hackers won’t use the same methods to extort more money out of you in the future.
Losing critical client information, or having sensitive data made public can have huge financial implications as well as damaging your organisation’s reputation. With that in mind, taking a few steps to protect your system against hackers seems like a worthwhile undertaking.
What are your options?
The HSE breach occurred when an employee clicked on an apparently harmless link to get assistance, this allowed the cyber criminals to get access to their system which opened the door to the entire HSE network. Apart from any software or hardware changes, this shows just how important a simple attitude change can be. Be wary of emails or communication from unknown sources. Odd phrases and questionable grammar are all warning signs and clicking on an embedded link isn’t a good idea unless you are certain it’s from a reputable source. With many companies now employing a hybrid working environment, being vigilant has never been more important.
The Weakest Link
The next step is to ensure that all your software is up-to-date (sticking with Windows 7 is not a good idea) and then installing monitoring software like N-Central or Microsoft’s Sentinel 1, both offering web-based control of your network to detect any possible threats. Multi-Factor Authentication using an authenticator app is also a key defence against unwanted system access. Correctly configuring the spam filtering and phishing policies on your network is another hurdle in the way of the cyber attacker. These practices need to be employed system wide to ensure that there are no weak links in the network. It can happen to you
We have seen may clients who have attempted to set up their office systems with a variety of differing solutions. Even though malware programs and filtering agents were installed on each individual computer, the lack of any effective monitoring tools and the inevitable differences in protection across the network left them vulnerable to hackers. Setting up an effective defence against cyber attacks requires a holistic approach and our IT experts at Sleepless are able to guide you through the process and create a bespoke solution for your exacting needs.