The Equifax data breach ranks as one of the largest of its kind in history and, as data breaches become more common, businesses of all sizes are taking notice. According to the Business Continuity Institute Horizon Scan Report 2017, 88 percent of businesses worldwide are "extremely concerned" or "concerned" about the threat of a cyberattack.
Cyberattacks can harm your business's reputation and result in financial losses. A 2017 Kaspersky Lab survey put the average cost of a cyberattack at $1.3 million per incident for large businesses and $117,000 for small to medium-sized businesses.
Being able to recognize the most pervasive types of cyberattacks can help you establish a firm line of defense against hackers and keep your business financials intact.
1. Spear-Phishing Scams
Spear-phishing scams are by far one of the most common types of cyberattacks to which businesses are vulnerable. While a phishing scam may come in the form of an email from a trusted source, spear-phishing can take it one (or more) steps further, by sending the message from a friend or someone the employee knows, and often containing personal information. The goal is the same: to acquire personal and financial data.
According to Symantec, the number of spear-phishing attacks targeting employees increased 55 percent in 2015. The purpose of these attacks may be to allow hackers to steal financial data or install malicious software on the target's computer.
For example, an employee may receive a seemingly legitimate email from a vendor asking them to execute a wire transfer to pay an outstanding invoice. By the time they realize what's happened, the money is already on its way from your bank account to the scammer.
Why it's a problem for your business
Spear-phishing can essentially give hackers blanket access to your client records including their financial information, as well as your business's financial records and accounts. Hackers can install key-logging software to track login information, which may allow them to drain your bank accounts or intercept payments from your customers. Even if just one employee is targeted, it can put your entire business at risk.
2. Denial of Service (DoS) Attacks
In simple terms, a denial of service attack — a variation of which is a DDoS (distributed denial of service) attack — is an attack on your online services. Cyberattackers can flood your business website with false traffic until it reaches a point where it fails to respond to legitimate users. This can dramatically slow down your website or network function, or shut the website down altogether.
In a DDoS attack, an attacker may use your computer to launch a DoS attack on another computer.
Why it's a problem for your business
A Denial of Service attack can completely incapacitate your website. When customers can't access your site, they can't use it to purchase your products or services, which means potential loss of revenue for your business. In a survey conducted by software company Corero, 45 percent of IT security professionals said loss of customer trust and confidence was the most damaging consequence of a DDoS attack on their business. Thirty-four percent cited lost revenues as the worst effect. While DoS attacks more frequently target larger companies, smaller businesses aren't immune.
3. Man-in-the-Middle Attacks
The man-in-the-middle attack is a subtle way for hackers to obtain your business's credit card or banking information. Essentially, the attacker intercepts and forwards an electronic communication with a third party, such as your credit card company or bank. While you are transferring financial or business information to that third party, the hacker is able to steal it or alter the contents.
Around 15 percent of organizations included in SANS Institute's 2017 Threat Landscape Survey had experienced a man-in-the-middle attack in the previous 12 months.
Why it's a problem for your business
Once a cyberattacker has your credit card number or bank account number, they can essentially launch a free-for-all against your financial accounts. For example, they can use your credit card to make fraudulent purchases and take cash advances, or execute wire transfers out of your bank accounts. Even worse, they could sell your account details to someone else, potentially exposing you to additional instances of financial fraud.
4. Ransomware Attacks
Recently making headlines, ransomware attacks are a way for hackers to hold your business's financial information hostage. A cyberattacker can lock specific files in your company's database or shut you out of the system entirely.
Although the hacker claims that they will unencrypt the data in return for paying a "ransom," often, either the data can't be unencrypted or the hacker's true motive is to distract the business or destroy systems and data.
Why it's a problem for your business
Ransomware can hurt businesses both large and small by compromising their files and it can also do extensive financial damage. According to Malwarebytes' Second Annual State of Ransomware Report, conducted by Osterman Research, 22 percent of small and medium-sized businesses that fell victim to a ransomware attack had to cease operations immediately. Fifteen percent lost revenue because of the attack, resulting in an average loss of over $100,000 due to extended downtime.
5. Drive-By Downloads
Drive-by downloads are an especially sneaky type of malware attack.
It works like this: You or one of your employees visits a legitimate website that has malware embedded. The malware is unintentionally and unknowingly downloaded onto a single computer. From there, it can spread throughout your entire business network.
Why it's a problem for your business
Part of the reason drive-by download attacks are so dangerous is that they're difficult to detect. Your employees may assume they're visiting a trusted website without realizing they're giving the malware an opportunity to run rampant and pose a threat to your financial accounts.
Knowledge Is the First Step
Getting hit by a cyberattack can create serious financial repercussions for your business. Knowing the different forms these attacks may take can put you a step ahead of the game when it comes to defending yourself.
Armed with this knowledge, you can better focus your efforts, which may include strengthening your security systems and training employees in security best practices. And purchasing cyber insurance can safeguard your business financially from a lawsuit if a hacker does manage to break through.
Overall, the more aware you are of potential threats – and the more lines of defense you have in place – the less vulnerable your business may be to a cyberattack.
