News

Why Backup Is A Vital Tool In The Fight Against Cyber-crime

Tue, 13/02/2018 - 12:01
Redstor_Why_backup_is_vital_blog
Ransomware , Data Protection

The last 18-months has seen several cyber-attacks and cyber-crimes taking down critical networks and affecting organisations across the globe. As organisations develop cyber-security strategies and attempt to mitigate risk, it is vital to ensure that processes are in place to recover, should an attack strike.

                “Cyber-crime is simply any criminal activity that occurs by means of computers or the        internet.”

The evolving threat of cyber-crime

The threats of cyber-crime are not only growing in volume but the way in which attacks are focused are changing. Cyber-criminals have realised that by combining strains of code they can boost the effectiveness of attacks, often resulting in being paid large sums. The WannaCry cyber-attacks, which took place in May 2017, for example, utilised a ‘worm’ code to speed up the rate of infection; the ransomware strain was responsible for infecting over 300,000 organisations in over 150 countries in just 3-days.

As many attacks still rely on some element of human interaction, or error, to initiate, cyber-criminals must regularly update strains of code and the way in which they focus attacks, to be successful; Traditional anti-virus solutions are regularly updated to include protection against new malware strains. By using new methods to spread an attack, cyber-criminals are likely to improve their chances of success and with regards to ransomware, improve the chances of a ransom being paid.

 

Types of attack

Ransomware

Ransomware is one of the most well-known types of cyber-crime today, due in part to its rapid growth in volume through-out 2016. Although ransomware attacks, which encrypt a user’s data or systems and demand a ransom payment for its return, have been around for several years, it is only recently that cybercriminals have really cashed in and begun mass targeting people on a global scale to extort payments. Among those who have made the news having been hit, are hospitals, charities and schools; it is reported that some ransom payments have demanded up to $1million.

Botnet 

Botnet’s are lesser known kinds of attack, in name and nature. Botnet strains of malware infect and control endpoints, such as servers, PC’s or even Wifi routers, so that they can be used for alternative purposes. Often Botnets will take advantage of poor security levels, such as administration passwords and details. The Botnet can then be used to send spam, flood networks or implement other types of cyber-attacks.

Phishing

A phishing attack is usually stage one of a multi-stage attack as it is used to gather information such as account details, email addresses or passwords. A phishing attack is usually indiscriminately distributed by email, is designed to appear as if sent from a legitimate sender and will often link through to an illegitimate site requesting the entry of personal data. In recent years, we have seen the addition of ‘spear-phishing’ and ‘whaling’. These terms refer to increasingly targeted methods of gathering more valuable information from specific information or high-profile targets with access to valuable information.

 

Protecting against cyber-threats

Cyber-threats can clearly cause huge issues for organisations who are not protected or who fall victim to attacks, causing downtime, loss of revenues and even reputational damage. In addition, regulations and data protection legislation also require organisations to reduce the risk of suffering a breach. It is vital to protect against cyber-attacks and although it is difficult to be 100% covered, there are several methods that can be used to reduce risk.

Internal procedures and governance can have a large say in the protection of data and systems. By limiting who can access networks and important applications an organisation can limit where an infection can come from. Governance will also set benchmarks internally for organisations to adhere to and assuming they are regularly tested, IT staff can regularly understand where risk may come from and take actions to reduce it.

Human error or intervention is often still the first step of an attack or infection, either by opening malicious attachments, emails or websites or using infected media. By training and educating staff on the threats of cyber-crime and how to be more aware, an organisation can quickly start to reduce risk associated. Simple things like showing staff how to spot a malicious email or unsecured website can pay dividends in the long-run.

To read the full whitepaper on the evolving threats of cyber-crime and to learn how to protect against threats, download the whitepaper now.

Recent Articles

Redstor-DR_or_reduced_downtime_blog Disaster Recovery

Disaster Recovery or Reduced Downtime?

Disaster recovery (DR) has historically been out of reach to some organisations. The need for expensive equipment or services outweighed the... read more

June 19, 2018
Redstor_UK Data Breaches_blog Data Protection

Data Breaches In The Public Sector

Data breaches are an expensive problem and are about to become even more costly. The introduction of the GDPR will make them more expensive,... read more

June 14, 2018
Redstor-_Why_great_support_is_vital_blog Disaster Recovery

Why Great Support Is Vital To IT Strategy

An organisation’s IT strategy must deal with many aspects, from ensuring users have a seamless experience to protecting against the threats of... read more

June 12, 2018