Almost every kiwi business now has an online presence. Nilesh Kapoor explains exactly how damage can be done to your business over the Internet, what these threats look like, and makes a plan to strengthen your online defenses.

SMEs with fewer than 50 employees make up 95 to 97 percent of our economy. While we have many billion dollar organizations in this country, it might come as a surprise that often an SMB such as your humble daycare, flower shop, or subway franchise can be a victim of damage delivered over the internet. This occurs more frequently than the widely publicized attacks on Waikato DHB, NZX, NZ Post, Metservice and DOC.

There are a few things wrong with our assumptions about internet damage to businesses.

  • A person does not always coordinate every attack. Some malware viruses have lived online for decades.
  • Getting into your software doesn’t always mean money is being stolen. Data of any kind can be copied as hackers know you are giving them about $ 150,000 to get it back.

Which companies are targeted by cyber attacks may seem random, but what all victims have in common is not investing in penetration testing to identify vulnerabilities.

We are wrong to believe that it is only high earners who are exposed to a cyber attack. Kindergartens can also suffer from this.

Whānau Manaaki, the Free Kindergarten Association, used an IT management tool called VSA provided by Kaseya. An attack on Kaseya in June 2021 harmed users worldwide, causing over 100 member kindergartens in New Zealand to shut down their computers for a week. Penetration testing might have shown VSA made these kindergartens vulnerable and the kindergartens could have chosen a better software provider.

Phishing harms kiwi companies more than viruses.

The most commonly reported cyber damage incidents in New Zealand in 2021 were:

  • Phishing and Credential Harvesting – 50% of attacks.
  • Fraud and Fraud – 25% of attacks.
  • Unauthorized access – 13%.

Phishing often leads to ransomware. You will recognize ransomware when it enters because you will often receive a message that your computer is now locked and the message can give you a digital wallet to pay your ransom into. This happened last Christmas with the small financial management company Staircase in Auckland.

This type of attack often starts with an email asking you to open it. They open up and an exploit comes to life on your computer, meaning the hacker can now see into your network. That happened to Waikato DHB in May 2021. Hackers copied and blocked data, and when the DHB did not pay a ransom, confidential medical information was stored on the darknet – and others were asked to copy and exploit the data.

Password dumps are also a feature of the dark web: a hacker collects a tranche of passwords from companies like yours, publishes the passwords, and invites others to log into the vulnerable company and wreak havoc.

Cybersecurity consulting for SMEs:

  • Remember, the main victim of hackers is phishing (animating employees to open malicious emails) – and it all starts with us opening emails against our better judgment.
  • Keep backups of all your data and records.
  • Consider a distributed network architecture.
  • If you get a ransomware notification, disconnect, isolate, unplug, and call an IT doctor.
  • Don’t pay a ransom. Paying does not guarantee that your data will be decrypted and you will likely still need IT professional help. It can also open you up to future blackmail.
  • Keep your operating system and apps up to date.
  • Make sure to regularly back up your files to an external hard drive or cloud service.
  • Create an emergency response plan, including a plan of who can get help, an action plan, and a plan for communicating with colleagues and customers

Nilesh Kapoor is an award-winning cybersecurity professional and founder of Wellington-based of the penetration test service Blacklock.io and security simplified. He has worked to combat hacking threats to many New Zealand businesses.

.

Source link
#Time #test #companys #defenses

Leave a Reply