IT Support Birmingham & West Midlands | Superfast IT

Cyber Security

With a new cyber attack or malware infection in the news almost every day, it can seem like a daunting task to protect your business. As the world becomes more connected by technology, cyber security has become a necessity, not a choice. Fortunately, we’re here to help.
At Superfast IT, we’ve been helping businesses with their cyber security for over 15 years. We’ve seen cyber defences change over those years as threats have become more sophisticated and complex.

Consider this page your one-stop shop for everything cyber security. We’ll cover a broad range of topics including;

  • What are the Risks?
  • Who will Attack you?
  • How will they Attack you?
  • 12 Cyber Security Controls
  • Cyber Security Grader

The first thing we want you to do is to think about your business. How big is your business? Does it have anything of value to a cyber criminal? Are you cyber secure? What do you want to know about cyber security?

What are the risks?

By understanding the risks, cyber attacks can pose to your business it should encourage you to make sure your cyber security is in the best condition possible. Even the most basic cyber security measures are now a necessity, or you will leave yourself open to these risks.

Leaking of Sensitive Company Information

How much data does your company store? Client, employee and business-critical data are all at risk from inadequate cyber security. If this information got leaked into the public domain how much damage could it do to your business?

Malware Infection

Poor cyber security on your network is an open gate for malware. Worms, viruses, ransomware and more will all cause problems for your business and could cause extended periods of downtime.

Attacks on Your Customers (Using Your Systems)

What do you think your customers would say if your systems were used to launch a cyber attack against them? Your systems could be used as part of a botnet if you have inadequate cyber security.

Damage or Defacement of Your Company Resources

Your website is your first sales pitch to potential customers. Now imagine if that was taken over by somebody looking to cause harm to your business reputation.

Unacceptable Use of your Systems

If cyber criminals get access to your systems, they could use it for several reasons. Not only could they damage your systems they could use yours to damage other people’s too.

Legal and Regulatory Sanction

Did you know poor cyber security can now get you fined? By not sufficiently protecting your clients’ data you run the risk of lawsuits, government fines and more.

Reputation Damage

Some companies never recover from a cyber attack. While they may be able to recover data and get systems back up and running the reputational damage can cause more harm than the attack. Customers can quickly lose trust in your business if you’re not protecting their data.

Financial Loss Through Fraud

If somebody got full access to your systems how much money would be at their fingertips? Online fraud is on the rise, and it’s more important than ever to protect your company accounts.

Unauthorised Changes on your Systems

Cyber criminals can make changes to your systems without you knowing. Not only will these changes affect you in the short-term, but they can leave an ‘open gate’ on your network for them to visit any time they want.

Business Disruption from Security Incidents

How much would one minute of downtime cost you? What about one hour? What about a whole month? Cyber attacks can disrupt your business in several ways. Not only will you spend money fixing the attack you could be losing money from downtime at the same time.

Loss of Data

Every record, document, file and more is always under threat from cyber attacks. If you were to lose data due to weak cyber security, there’s a very slim chance you would ever see that data again.

Loss/Theft of Devices

If your device falls into the wrong hands would they be able to access your data? Make sure things such as two-factor authentication, secure passwords and the ability to remotely disable a device are implemented in your business.

Who Might Be Attacking You?

When you think of hackers, you may imagine somebody sat in their bedroom having not seen sunlight for the last three days trying to breach a system. This couldn’t be further from reality. Cyber criminals are now part of organised groups with a vast amount of resources. They’re not the only people who could be attacking you; it may even be somebody in your office right now.

Who Might Be Attacking You?

Cyber Criminal Attack Cyber criminals are the likely suspects. They’re interested in making money through online fraud or the collection of valuable information.
Cyber Attack from Competitors Competitors in both businesses and politics (Foreign Intel) will try to gain information to give themselves an economic or market advantage.
Hackers will enjoy launching cyber-attacks. Hired for their hacking skills they’re experts at getting past network defences.
Protect from Hactivists Hacktivists, unlike hackers, will have a motive for their actions. The reasons often get based on politics or a company’s beliefs.
Employee protection Not only employees but anybody who has legitimate access to your network. The attacks may happen on purpose out of spite against a company. Attacks can also occur on accident if a user doesn’t have the correct training.

How will they Attack You?

Commodity vs Bespoke Capabilities

Commodity Capabilities

Commodity capabilities are tools and techniques for hacking that are openly available online. They can also be used for security testing (Kali Linux, Metasploit) to see how cyber secure you are. Easily accessible commodity capabilities only work because basic cyber security principles do not get correctly followed.


Bespoke Capabilities

Bespoke capabilities are for the most intelligent and advanced hackers. The tools get developed for specific purposes with high detail code that can be effective immediately due to them being specific to the targeted system. Once the hidden bespoke capabilities get discovered, they become known as the previously mentioned commodity capabilities.

 

Untargeted vs Targeted Attacks

Like there are two types of capabilities there are two kinds of attacks. We’ll look at both untargeted and targeted attacks with different examples of each type of attack.

Untargeted Attacks

Untargeted attacks get massed produced without a real end goal in mind other than trying to hack into an unprotected system. Hackers will not target a set system/user they just want to find unprotected accounts. They could do it for several reasons;

  • Finacial gain
  • As a hobby
  • Data collection

They will try to get into as many accounts at a time and keep repeating this process. Entry-level cyber security measures will block most these attacks.


Targeted Attacks

Targeted attacks target a particular thing such as a specific network or user. The attack could get aimed at an individual user or an entire business. The hacker may have numerous reasons for carrying out the attack;

  • Personal Grudges
  • Rival company
  • Been paid to target you

These take much longer to execute than untargeted attacks and can even take months or years to set up depending on the scale of the attack. The majority of these attacks use bespoke capabilities and often go undiscovered even after the attack.

Types of Untargeted Attacks

Phishing Phishing is your typical spam E-mail. Ever had an E-mail telling you, you’ve won a too good to be true prize or amount of money? That’s because it is too good to be true. They’re fake, they just want your bank account details and should be deleted as soon as you get them. They can also tell you about ‘unusual activity’ on your accounts.
Water holing attacks are the act of setting up a fake website that looks very similar to its real-life counterpart. The sites usually are online E-commerce sites such as Amazon or PayPal that people regularly use with their bank account details. At times the previously mentioned phishing leads to water holing. Once people visit and use these sites, the hackers will have the information sent to them leaving the user vulnerable to cyber-attacks or money fraud.
Ransomware This mass attack will infect vulnerable systems before locking the user out of the accounts. The hacker can then demand money or more information before they give access back to the account.
Scanning Scanning tends to be the attack that has the lowest hit rate as it just searches the internet at random. There’s no set direction for the attack as it scans broad areas of the web looking for unprotected accounts.

Types of Targeted Attacks

Spear Phishing Attacks It follows the same guidelines as the previously mentioned phishing except rather than being mass produced. It will target an individual or a company containing specific attachments that appeal to the recipient of the E-mail. Imagine two people fishing at a pool. A fisherman (phishing) would try to catch any fish in the pool. Meanwhile, a spear-fisher (spear-phishing) would target a singled out fish.
When a hacker uses a botnet, it will flood the bandwidth of a targeted system(s) with an overload of traffic from multiple sources making the online service unavailable. Attackers build up a network of infected computers then use them to attack a targeted system(s) at the same time.
Subverting a supply chain is probably one of the hardest ways for a hacker to get access. They try to get their hands-on equipment or software that is being delivered to an organisation and infect it before installation.
People inside your workplace can be the biggest threat to your business. They can have the account passwords and access to several sources of information that should be kept private. Workers could have been paid by a third-party source to gather information for them or could do it out of personal spite. They will know how the system works, so it is worth the hackers’ money paying for somebody who is on the inside.

12 Cyber Security Controls

Network Perimeter Defences

Network perimeter defences will block any external attacks on your network keeping your data safe. With 1.9 billion records lost or stolen in the first 6 months of 2017, this is a critical part of business cyber security.

Secure Configuration

Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.

Software Patching

Is your software up to date? If it’s not it’s a major security risk. You only have to look at the WannaCry ransomware in May 2017 to see the damage that can be caused on unprotected or unpatched software.

User Account Control

Allowing employees access to all your data is a major security risk. Make sure each user only has access to what they need. If a user leaves or moves department make sure the access is revoked.

Malware Protection

Malware is an umbrella term for anything bad on your computers such as viruses and ransomware. Malware protection will help guard you against dangers online that could infect your devices.

Backing Up Your Data

When was the last time you backed up your data? Last week? Last month? Last year? Never?

You should be taking a regular backup of your data with active copies to access and store them in a safe place.

User Education and Awareness

Cyber security is for everybody in an organisation not just a few people. Your network will only be as secure as your weakest link. Make sure everybody has had the correct cyber security training and is aware the company protocols.

Email Protection

Spam protection on your email inbox can help guard against phishing attempts. With 156 MILLION phishing emails sent per day it’s more important than ever to protect your email accounts.

Block Malicious Websites

There are thousands of malicious websites online and some are more easy to spot than others. Take away the risk of these websites by blocking access to them all together.

Removable Media Controls

Removable media provide a common route for the introduction of malware and the accidental or deliberate export of sensitive data. You should be clear about the business need to use removable media and apply appropriate security controls to its use.

Secure Wi-Fi

Do you know who has access to your Wi-Fi? Do you have a list of devices that connect to your Wi-Fi? Is there a secure password on the router? A poorly secure router is an open gate to your network.

Security Monitoring

Dedicate somebody to make sure everybody has the right protection and are following the correct procedures when it comes to cyber security.

Cyber Security Grader

How secure is your business?
Why not take our Cyber Security grader?

How do your cyber security defences stack up? We’ve put together this grader to help you find out how well protected you are and identify areas where you can make improvements.

The tool is designed to be used by small and medium-sized businesses. Achieving a high score will give your business a cost-effective, robust cyber security defence against a range of attacks. The grader takes less than 5 minutes to complete.

Cyber Security Traning

Share
Tweet
Share
< >

Superfast IT are quick to respond, quick to resolve problems, and very pleasant to deal with. Based on my experience, I can strongly recommend them.

Jonathan Shephard | Autism West Midlands

“I have been delighted with the service at Superfast IT, they are quick and efficient in resolving any issues we have. They provide the personal touch, and after dealing with faceless IT departments in the past, this is really refreshing.

Wendy Ashley | Gravity Risk

The service we receive from Superfast IT is excellent. With their help desk, we get a virtually instant response. Not someone on a mobile phone who is stuck under a desk somewhere.

Paul Kalinauckas | BCRS Business Loans

The Ultimate Guide to IT Support with Superfast IT

Download your FREE ebook below

Download

get in Touch

Let's have a chat and see if we can help you
with your IT support needs

Get In Touch
Remote Support Tool