threats

Business Threats Online [Video]




threatsBusiness Threats Online – Assess Your Risk

Smaller businesses have become bigger targets for cybercriminals because the bad guys know that they have fewer defense resources than large enterprises.

If cybercriminals can breach a small business and steal credentials (banking accounts, email access, etc.) they can use that information to steal money directly, create attacks on your customers and work their way around the business ecosystem in other nefarious ways.

Dependency on the Internet

National Cyber Security Alliance/Symantec research on small businesses has shown that two thirds (66%) say that their business is dependent on the Internet for its day-to-day operations; 38% characterize it as very dependent and 67% say they have become more dependent on the Internet in the last 12 months.

The research also indicates that businesses have vital information to protect: 69% handle sensitive information, including customer data; 49% have financial records and reports; 23% have their own intellectual property and 18% handle intellectual property belonging to others outside of the company.

Risks Not Addressed By Business

Furthermore, the research indicates that most small businesses have considerable risks that are not addressed:

  • 77% do not have a formal written Internet security policy for employees.
  • 63% do not have policies regarding how their employees use social media.
  • 60% say they have a privacy policy in place that their employees must comply with when they handle customer information and half (52%) have a plan or strategic approach in place for keeping their business cyber secure.
  • More small business owners say they do not (45%) provide Internet safety training to their employees than do (37%).
  • Two thirds (67%) allow the use of USB devices in the workplace.
  • Six in ten (59%) say they do not require any multi-factor authentication for access to any of their networks, and only half (50%) say that all of their machines are completely wiped of data before disposal.

Questions to Consider:

  • What information do you collect?
  • How do you store the information?
  • Who has access to the information?
  • How do you protect your data?
  • What steps are you taking to secure your computers, network, email and other tools?

Source:  Stay Safe Online

5 threats every company needs to pay attention to

Looking back at what we have documented in our Trends papers, we can see the evolution and the changes that companies have had to undergo. Last year we were talking about the corporate worldas our central objective, while this year we are putting the rise of the Internet of Things on the table – not just in the home, but also in the workplace.

“FROM A CORPORATE STANDPOINT, SECURITY IS A PROCESS THAT REQUIRES MANAGEMENT AND SUPPORT FOR KEY AREAS OF THE ORGANIZATION.”

From a corporate standpoint, security is a process that requires management and support for key areas of the organization. The challenge is never-ending, and security teams have to cover different fronts through which malicious code can infiltrate a network, counting on the use of proactive detection technology, management and education as part of their defense plan.

If we take into account the fact that organizations have finite resources, and that IT staff are responsible for information security (among other things), it is important to develop a clear and concise incident response plan. At the same time, it would help to identify the most common points of infection as a way of preparing for any situation.

Below we will take a look at the most common threats facing companies, their impact, and some significant recent cases.

#1 Emails that carry threats (Malware)

Email has an almost central role in companies today, forming a core part of communication with customers, providers, services, etc. It also enables workers to share information within the company. Corporate email accounts are usually one of the main channels for receiving malicious code, and we have already examined cases of the spread of various types of threats that use this form of communication.

One of the most recent email threats is Win32/Bayrob, which spreads in separate waves, masquerading as an Amazon coupon. In less than a month, it became one of the most commonly detected threats in countries such as Argentina, Chile, Colombia, and Mexico, among others.

On top of this, malware received through attached files created huge problems, as seen in the case of CTB-Locker a little over a year ago, in which different waves of attacks in different languages spread a trojan detected by ESET as Win32/TrojanDownloader.Elenoocka.A. This installedransomware to encrypt the victim’s files, demanding a ransom payment to make the files accessible again.

To protect corporate email accounts, we need not only an endpoint security solution that detects malicious attachments, but we also need to protect the email server, and filter these elements before they arrive in people’s inboxes. One recommendation for security teams is to use management tools to generate reports on which threats employees are receiving over email, thereby adjusting their response to incidents if any issue arises.

#2 External devices that can make files disappear

The use of USB memory sticks and other types of external devices is also a very common vector in the spread of malicious code. This is especially the case in Latin America, where we have witnessed a large number of families of malicious code using this technique which, over the years, has been more than a headache for everyone.

The main method of this type of infection is the abuse of direct access links (LNK), where, by connecting the USB device to an infected machine, all the files and directories disappear and are replaced by direct access links. If the same USB device is inserted into a new machine, when the user double-clicks on these links, they infect the system (and the folders open so the victim does not realize).

Some malware families over the years have used this technique to spread Win32/Dorkbot,Python/Liberpy.A, JS/Bondat, VBS/Agent.NDH, and even variants of Win32/IRCBot.

It is important that organizations set out usage policies for external digital storage devices, primarily because this can also pave the way for information theft. Depending on the business or the decisions taken by the organization, using a solution that enables the selective blocking of their use is highly recommended.

#3 Exploits

The exploitation of software vulnerabilities is another way that malicious code is spread, mainly through office applications, browsers, and websites. The challenge regarding flaws in applications or browsers is that if users fail to update a vulnerable application, or where no patch yet exists, companies can remain exposed to threats.

A few days ago, we shared a study on vulnerabilities reported in Microsoft operating systems. This is the most commonly used OS in the world – especially in the corporate world. This report tells us that Internet Explorer was one of the applications with the most incidents. The risk of an exploit is mainly associated with the installation of malicious code. This is remotely executed code which, in layman’s terms, enables an attacker to control a system remotely .

Exploits do not only affect the endpoint. Web servers and other devices directly connected to the internet can be subject to these kinds of flaws. To combat this type of threat, we need proactive security solutions with functionalities such as the ESET Exploit Blocker. These help to prevent the execution of exploits, and protect users from such famous examples of these threats as 0-dayexploits. As for other services such as web servers, databases, and various devices on which security solutions are not often installed, regularly running pentesting services helps prevent all kinds of incidents.

#4 Ransomware

Ransomware is one of the most frustrating threats to face large, medium, and small companies across the globe. An infection with this type of malicious code can leave a lot of an organization’s vulnerable points exposed. Whether companies perform the configuration of antivirus solutions or undergo frequent security reviews, an attack of this kind means the very continuation of the company’s business is under threat, depending on what information is hijacked.

Any company seeking to implement a proactive security policy will try to avoid any kind of infection, but when such things occur, damage recovery tools are of vital importance. Before any ransomware infection occurs in a company, the time needed to obtain a backup of the information and get the business up and running again is key for minimizing the impact.

#5 Unprotected mobile devices (BYOD)

Another factor of renewed concern to companies are their mobile devices. Last year, we noted in an ESET security report that just one in every 10 companies in Latin America had security solutions for their mobile devices. If we take into account that these devices, in many cases, connect to the same network as the company’s computers – and are not protected – they can be a vector for attack, opening the doors to information leaks.

Protecting mobile devices not only protects against infection by malicious code, but also helps to continue to protect the internal network when these devices are connected to it. In relation to this point, mobile devices can be managed from a single management console for the endpoints.

It is possible for companies to have effective policies for mobile devices and therefore have clear rules governing the use of smartphones and other devices.

What can we do?

The challenge for company security teams is to protect the organization, ensuring that no equipment in their network is infected and, in the event that any infection does arise, that they can respond as quickly as possible to minimize the impact on business. It is a difficult challenge, but not impossible if we take the decision to confront it proactively.

To do this, a good starting point would be to know which threats to an organization will do them the most harm. This may take some time to achieve, but understanding what detections are made by the security solutions on a day-by-day basis will help bolster a support plan to run alongside a company’s security policies. Taken together, all this will help to keep businesses – and above all their information – safe.

…read more

Source: We Live Security

6 Biggest Business Security Risks and How You Can Fight Back

Risk No. 1: Disgruntled Employees  (Insider Threats)

Risk No. 2: Careless or Uninformed Employees

Risk No. 3: Mobile Devices (BYOD)

Risk No. 4: Cloud Applications

Risk No. 5: Unpatched or Unpatchable Devices

Risk No. 6: Third-party Service Providers

…read more

Source: CIO

Thanks Stay Safe Online, We Live Security, CIO and for reading Business Threats Online

Your Donations Help Support Our Work

Like and Share on our Facebook page

Print Friendly, PDF & Email
Dr Don
Founder/Admin The Internet Crime Fighters Org, Admin DrDony's Reviews, http://drdonysreviews.com, Author The Internet Users Handbook, See more http://about.me/drdony
Dr Don
Dr Don
Dr Don

Latest posts by Dr Don (see all)

Tags: ,
Previous Post
threat
Business Crime Security Home

Cyber Threat Attack [Video]

Next Post
data Breach
Business Crime Security Home

Data Breach Hack [Video]

Comments

  1. Reply

    How Ad Fraud Ruins the Internet https://www.entrepreneur.com/article/277239

  2. Reply

    The Challenges Of A Bring Your Own Device (BYOD) Policy https://simplemdm.com/2017/01/05/challenges-of-bring-your-own-device-byod-policy/

  3. Reply
  4. Reply
  5. Reply
  6. Reply

    Reference

    What Are a Business Owner’s Benefits & Risks of Doing Business on the Internet? http://smallbusiness.chron.com/business-owners-benefits-risks-doing-business-internet-102.html

    Evaluate business risk Be aware of risks so you can keep your business on track. http://www.business.vic.gov.au/disputes-disasters-and-succession-planning/how-to-manage-risk-in-your-business/types-of-business-risks

    6 Biggest Business Security Risks and How You Can Fight Back http://www.cio.com/article/2872517/data-breach/6-biggest-business-security-risks-and-how-you-can-fight-back.html

    8 Simple Ways to Minimize Online Risk https://www.entrepreneur.com/article/243233

    The Potential Risks Faced by Online Businesses http://www.opportunitiesplanet.com/internet-marketing/online-businesses-risks/

    How to Identify Risk In Your Online Business https://www.quietlightbrokerage.com/selling-tips/how-to-identify-risk-in-your-online-business

    Cyber security: Business leaders are inadvertently leaving their companies open to threats from social engineering http://www.cityam.com/237606/cyber-security-business-leaders-are-inadvertently-leaving-their-companies-open-to-threats-from-social-engineering

    The Legal Risk of Doing Business Online http://www.podlegal.com.au/the-legal-risk-of-doing-business-online/

    The Risks of Selling Online Protect yourself with these legal measures. https://www.entrepreneur.com/article/43516

    Small Business Administration (SBA) Threats https://www.sba.gov/tools/search-result-page?search=online%20threats

    Is Your Business Cybersecure? Five Steps to Find Out https://www.sba.gov/blogs/your-business-cybersecure-five-steps-find-out

    How to Prevent and Detect Business Identity Theft https://www.sba.gov/blogs/how-prevent-and-detect-business-identity-theft

    Selling Online – Is It a Hobby or a Business? https://www.sba.gov/blogs/selling-online-it-hobby-or-business?page=1

    Risk Management for the Small Business https://www.sba.gov/sites/default/files/files/PARTICIPANT_GUIDE_RISK_MANAGEMENT.pdf

    Taking your business online? Here are 6 risk assessment questions you need to ask http://ventureburn.com/2014/03/taking-your-business-online-here-are-6-risk-assessment-questions-you-need-to-ask/

    10 Ways To Mitigate Risk When Starting An Online Store Or Business http://mywifequitherjob.com/10-ways-to-mitigate-risk-when-starting-an-online-store-or-business/

    3 ways to improve your small business’ online security http://www.itnewsafrica.com/2016/12/3-ways-to-improve-your-small-business-online-security/

    6 Ways to Improve Your Business’ Online Security http://www.businesszone.co.uk/community/blogs/kunjalpanchal/6-ways-to-improve-your-business-online-security

    Understanding Online Systems Security – the Technology and Latest Security Updates http://www.business2community.com/cybersecurity/understanding-online-systems-security-technology-latest-security-updates-01723581#prUXfMSTRVKhtypx.99

  7. Reply

    Reference BYOD

    Consumerization, BYOD and MDM: What you need to know Consumerization and BYOD is reshaping the way IT is purchased, managed, delivered and secured. We delve into what it means, the key products involved, how to handle it and where it’s going in the future. http://www.zdnet.com/article/consumerization-byod-and-mdm-what-you-need-to-know/

    All About BYOD BYOD (Bring You Own Device) promises many benefits such as greater innovation, better work-life balance and improved productivity, but it also increases pressure on IT to manage and secure devices and data. How to do BYOD successfully is a challenge. CIO.com’s BYOD guide offers a variety of resources and strategies to help you navigate the many pros and cons, security issues, costs and more. http://www.cio.com/article/2396336/byod/all-about-byod.html

    BYOD (School Example) http://www.cpschools.com/BYOD/BYOD.php

    The Pros & Cons of BYOD http://tech.co/the-pros-cons-of-byod-2016-08

    5 BYOD security implications and how to overcome them http://trilogytechnologies.com/5-byod-security-implications/

    BYOD security strategies: Balancing BYOD risks and rewards Allowing employee-owned mobile devices doesn’t have to mean accepting all BYOD risks. Infosec pros share their BYOD security strategies.
    http://searchsecurity.techtarget.com/feature/BYOD-security-strategies-Balancing-BYOD-risks-and-rewards

    BYOD: data protection and information security issues http://www.computerweekly.com/opinion/BYOD-data-protection-and-information-security-issues

    BYOD Risks & Rewards How to keep employee smartphones, laptops and tablets secure 7 steps to a BYOD security plan https://www.sophos.com/en-us/security-news-trends/security-trends/byod-risks-rewards/7-steps-to-a-byod-security-plan.aspx

    BYOD Security: Expert Tips on Policy, Mitigating Risks, & Preventing a Breach
    https://digitalguardian.com/blog/byod-security-expert-tips-policy-mitigating-risks-preventing-breach
    Bring your own device management. https://www.manageengine.com/mobile-device-management/bring-your-own-device-byod-management.html?gclid=Cj0KEQjwyJi_BRDLusby7_S7z-
    IBEiQAwCVvn5tFmhiv9M2ScoxD8kBxrcMdmthmHPORLppcl1bT3DMaAtUM8P8HAQ

    Zimperium reveals 60% of mobile devices in Enterprise BYOD environments are vulnerable to known cyberthreats – A BYOD security strategy must protect the three areas of vulnerability: device, network and applications http://www.prnewswire.com/news-releases/zimperium-reveals-60-of-mobile-devices-in-enterprise-byod-environments-are-vulnerable-to-known-cyberthreats-300365125.html

  8. Reply

    Reference Insider Threats

    Insider Threats 101: How To Detect and Minimize Risks from Within http://wwpi.com/2016/10/05/insider-threats-101-how-to-detect-and-minimize-risks-from-within/

    Building an insider threat program that works – Part 1 Lessons learned from the front lines of insider threat risk management http://www.networkworld.com/article/3113487/security/building-an-insider-threat-program-that-works-part-i.html

    Building an insider threat program that works — Part 2 There is an emerging consensus that a world-class insider threat program must have three core characteristics http://www.networkworld.com/article/3127226/security/building-an-insider-threat-program-that-works-part-2.html

    Insider Threats: What You Need to Know and Do http://www.business2community.com/strategy/insider-threats-need-know-01580427#13H3i6Y4PJL51vUY.99

    New Analytics Research Could Help Thwart the Insider Threat Blending technology and human skill can create a “watchful eye” within organizations that pinpoints troublemakers faster http://www.afcea.org/content/?q=Article-new-analytics-research-could-help-thwart-insider-threat

    4 Ways Companies Protect Their Data From Their Own Employees http://fortune.com/2016/06/30/insider-threat-cybersecurity-tools/

    8 Surprising Statistics About Insider Threats Insider theft and negligence is real–and so are the practices that amplify the risks. http://www.darkreading.com/vulnerabilities—threats/8-surprising-statistics-about-insider-threats/d/d-id/1326653

    Insider threats escalate and thrive in the Dark Web http://blogs.gartner.com/avivah-litan/2016/06/21/insider-threats-escalate-and-thrive-in-the-dark-web/

    Three Things to Improve Security Posture Against Insider Threats http://federalnewsradio.com/sponsored-content/2016/10/three-things-to-improve-security-posture-against-insider-threats/

    Insider threats Some attacks, whether from criminals, terrorists or competitors seeking a business advantage, may rely upon the co-operation of an insider https://www.cpni.gov.uk/advice/Personnel-security1/Insider-threats/

    Insider threats may be the biggest cyberthreats an organization faces http://www.cnbc.com/2016/10/05/insider-threats-may-be-the-biggest-cyberthreat-an-organization-faces.html

    The Future Of Insider Threats http://www.forbes.com/sites/realspin/2016/08/30/the-future-of-insider-threats/#3fe35e966726

  9. Reply
  10. Reply

    The 11-Step Guide to BYOD Security. How to Avoid Getting Fired https://heimdalsecurity.com/blog/byod-security/

  11. Reply

    5 Lessons From The FBI Insider Threat Program Finding ways to improve enterprise insider theft detection and deterrence http://www.darkreading.com/vulnerabilities—threats/5-lessons-from-the-fbi-insider-threat-program/d/d-id/1139281?

Leave a Reply

Your email address will not be published. Required fields are marked *