Cyber-attack… it follows a process
As we are currently very aware, “attack” on our world can come from many angles. But there is still one that businesses, perhaps more than ever, need to protect against constantly; cyber-attack. Some businesses don’t think they’ll be a target, but the problem is that if it does strike it can have a considerable impact on operations, cash flow and reputation; and in reality all businesses are potential targets. So with that said, what happens? And what can you do to help prevent it?
Watch out for the four key stages
Reconnaissance: This is when the attacker is checking you out. They’ll be looking at your email addresses, passwords etc. checking stuff out on the dark web. They’ll be listing your IP addresses. Testing your email system. And seeing if you’re actually worth their time.
Attack phase: When they decide to pounce, they’ll attempt to gain access – having sussed your passwords etc. – and then amend system privileges to give themselves free rein. At this point, you won’t even know they’re there. They’ll often simply watch your behaviour and install new backdoors whilst they observe.
Expansion: This next phase is where the trouble really begins. They may steal your accounting info, address books, databases etc. And they may well install malware and start phishing others via your system because you’re a trusted system elsewhere. Nasty stuff!
Obfuscation: And once they’ve done their dirty work, they’ll take steps to conceal their tracks. They’ll delete logs and do whatever they can to frustrate forensic experts from tracing who they are. And it’s very likely
they’ll also set things up for another attack in the future. Yeuch!
So what can you do to protect yourself? Well, we’d recommend many things, including:
• Ensuring patches and updates are always installed regularly
• Having a procedure to change usernames and passwords on a regular basis… and doing it!
• Installing a strong firewall and antivirus etc. software
• Frequent training and updating of staff on cyber security
• Regular system audits
• Getting a Cyber Essentials security certificate
And one final point, if you’re in any doubt about any aspect… get professional advice.
