The fourth week of National Cyber Security Awareness Month is dedicated to Cyber Crime. As new technologies emerge, there will unfortunately always be an opportunity for Cyber Crime. The adoption of these new technologies allows Cyber Criminals to have a never ending supply of opportunity to get to your information.
The Bureau of Justice labels 3 main types of Cyber Crime in their study the NCSS (National Computer Security Survey), though there are references to up to 9 different segments of Cyber Crime within these three sectors. In an effort to raise awareness we will briefly cover the three segments while pointing to many more examples. In the survey, they depict three very distinctive types of Cyber Crime as:
- Cyber Attacks targeting the actual computer system – A good example of this would be a Trojan Virus, designed to make the system function improperly.
- Cyber Attacks targeting valuable property – Primarily money is targeted but may range to other valuables and even intellectual property. Examples are such things as embezzlement and fraud.
- Cyber Attacks with a “leave behind” – Examples may be spyware, phishing, hacking, and even port scanning to gain access to personal information.
Computer System Attacks
Depending on what types of information you are working with on your computer system, you may want to take different measures to protect your computer from physical attacks. If you are using your computer for personal use it is just as important to protect your personal information on your machine. There are a host of solutions to protect your computer. For the professional or business user there are a number of things that need to be taken into consideration before taking action.
How do I protect my organization from Cyber Attacks on our System?
First and foremost, your organization should commission that a thorough security assessment be done which may include penetration testing, web vulnerability testing and risk assessments. Once the vulnerabilities have been identified, you need to implement and remediate appropriate security controls/safeguards along with applicable policy and procedural changes giving guidance to the staff in conducting their day-to-day activities in a secure and compliant manner. This is the only way that your organization can truly mitigate loss and remain ahead of the “hacking curve”, because if you haven’t assessed where you are at risk, you won’t know what needs to be addressed.
Cyber Attacks targeting Valuable Property
This type of Cyber Attack is built to target tangible things with real value. Most of the time money itself is the end goal when attacking this way. With the exponential growth of Social Media, individuals are carelessly putting all sorts of personal information out for the world to see. When savvy hackers look at most of our facebook pages, they would be able to tell where we live, if we have any family (to steal from them as well), and even what types of personal property we may own. This same rule applies for organizations.
What can my organization do to protect our valuable property?
Though some information such as annual revenue and location can be found, there are certain measures that can be taken to limit the amount of information that your organization releases pertaining to holding and handling personal or financial data. There should be policies and procedures in place for each and every member of your organization’s staff from the lowest employee to the highest figurehead. Additionally, modularized workforce security awareness training should be conducted regularly based on an individual’s role within the organization, their access to sensitive data and applicable regulatory requirements.
Cyber Attacks that “leave behind” a virus
Everyone nowadays has heard of “phishing” or “spyware”. Do we really know what makes these types of attacks so dangerous? There are many methods of gaining access to your computer. These methods tend to play on the human psyche to “opt in” to some type of program through hyperlinks on an email or an advertisement on a website. These programs are dangerous because most of the time we do not realize that we have them or are running them. While running in the background these programs usually monitor your usage to gather information in whatever capacity they can. Since they cannot be seen, they can run for an inordinate amount of time, continuing to capturing data. This can include credit card information, personal data, health information, email information, logins, passwords, and pretty much anything else that you can do on your computer.
How can I protect my organization from “leave behind” viruses?
There will always essentially be vulnerabilities in larger computer systems and there should always be redundant security measures in place. Regular and unscheduled security assessments and penetration tests are a great start. Also be sure that there is a strict filter on all work email accounts which can also work to weed out these malicious programs. It is also a good practice to have a third party IT Security company execute the assessments in order to evaluate the performance of your existing controls and IT staff initiatives.
More information about Cyber Attacks:
Since 1988 we have seen Cyber Attacks move from being a fringe type of crime with very few operators (hackers) to entire nations employing people to utilize the same skill set for another purpose (think what you want of that one). What once was used to gain access to and decipher government and military information for intelligence is now used to gain personal data from the masses for incredible accumulation of wealth and data. We hope these few facts about cyber attacks throughout the years have been helpful. If you have any questions or concerns regarding your organization’s protection from cyber attacks, please CONTACT US for more information regarding security assessments.