Why Backup Is A Vital Tool In The Fight Against Cyber-crime

Why Backup Is A Vital Tool In The Fight Against Cyber-crime

posted in Ransomware ● 13 Feb 2018

The last 18-months has seen several cyber-attacks and cyber-crimes taking down critical networks and affecting organisations across the globe. As organisations develop cyber-security strategies and attempt to mitigate risk, it is vital to ensure that processes are in place to recover, should an attack strike.

                “Cyber-crime is simply any criminal activity that occurs by means of computers or the        internet.”

The evolving threat of cyber-crime

The threats of cyber-crime are not only growing in volume but the way in which attacks are focused are changing. Cyber-criminals have realised that by combining strains of code they can boost the effectiveness of attacks, often resulting in being paid large sums. The WannaCry cyber-attacks, which took place in May 2017, for example, utilised a ‘worm’ code to speed up the rate of infection; the ransomware strain was responsible for infecting over 300,000 organisations in over 150 countries in just 3-days.

As many attacks still rely on some element of human interaction, or error, to initiate, cyber-criminals must regularly update strains of code and the way in which they focus attacks, to be successful; Traditional anti-virus solutions are regularly updated to include protection against new malware strains. By using new methods to spread an attack, cyber-criminals are likely to improve their chances of success and with regards to ransomware, improve the chances of a ransom being paid.

 

Types of attack

Ransomware

Ransomware is one of the most well-known types of cyber-crime today, due in part to its rapid growth in volume through-out 2016. Although ransomware attacks, which encrypt a user’s data or systems and demand a ransom payment for its return, have been around for several years, it is only recently that cybercriminals have really cashed in and begun mass targeting people on a global scale to extort payments. Among those who have made the news having been hit, are hospitals, charities and schools; it is reported that some ransom payments have demanded up to $1million.

Botnet 

Botnet’s are lesser known kinds of attack, in name and nature. Botnet strains of malware infect and control endpoints, such as servers, PC’s or even Wifi routers, so that they can be used for alternative purposes. Often Botnets will take advantage of poor security levels, such as administration passwords and details. The Botnet can then be used to send spam, flood networks or implement other types of cyber-attacks.

Phishing

A phishing attack is usually stage one of a multi-stage attack as it is used to gather information such as account details, email addresses or passwords. A phishing attack is usually indiscriminately distributed by email, is designed to appear as if sent from a legitimate sender and will often link through to an illegitimate site requesting the entry of personal data. In recent years, we have seen the addition of ‘spear-phishing’ and ‘whaling’. These terms refer to increasingly targeted methods of gathering more valuable information from specific information or high-profile targets with access to valuable information.

 

Protecting against cyber-threats

Cyber-threats can clearly cause huge issues for organisations who are not protected or who fall victim to attacks, causing downtime, loss of revenues and even reputational damage. In addition, regulations and data protection legislation also require organisations to reduce the risk of suffering a breach. It is vital to protect against cyber-attacks and although it is difficult to be 100% covered, there are several methods that can be used to reduce risk.

Internal procedures and governance can have a large say in the protection of data and systems. By limiting who can access networks and important applications an organisation can limit where an infection can come from. Governance will also set benchmarks internally for organisations to adhere to and assuming they are regularly tested, IT staff can regularly understand where risk may come from and take actions to reduce it.

Human error or intervention is often still the first step of an attack or infection, either by opening malicious attachments, emails or websites or using infected media. By training and educating staff on the threats of cyber-crime and how to be more aware, an organisation can quickly start to reduce risk associated. Simple things like showing staff how to spot a malicious email or unsecured website can pay dividends in the long-run.

To read the full whitepaper on the evolving threats of cyber-crime and to learn how to protect against threats, download the whitepaper now.

Is your medical practice a top ransomware target?

Reading, 17 January 2020 – Since the early 2000s, medical professionals have increasingly been choosing electronic patient records over paper. Although digital records are certainly easier to access and harder to lose or destroy, they are by no means immune to disaster – and organisations have more to worry about than just fires and floods.

Continue reading

O365 cyber attacks stress need for isolated backup

Reading, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Reading, 24 October 2019 – Redstor, the UK-headquartered company disrupting data management, will be demonstrating a pioneering technology at the Gartner IT Symposium/Xpo™ in Barcelona that slashes the cost of Office 365 protection.

Continue reading