Sadly, companies have to be more vigilant than ever when it comes to digital security. Though cybersecurity technology has advanced tremendously over the years, so, too, has the tech that hackers utilize across the globe. On top of that, many large-scale cyber attacks are now coordinated by state actors with extremely sophisticated technology.
As a result, no organization is safe — especially small companies with little-to-no cyber security budget. That’s a problem. Approximately 43% of cyber attacks are aimed at small businesses.
There are so many ways for digital criminals to hack into a company’s network and access everything from personal information to financial data. Some approaches are extremely innovative and some can be as easy as an email attachment. Approximately 92% of knowledge workers collaborate over documents using email services, and a single click of the wrong email attachment can ruin an entire business, big or small.
According to The Record, a Canadian company — Christie Digital — was recently targeted in a global computer attack, causing worldwide production to halt and employees forced to go home. The attack was a network incident involving malware that spread itself across Christie’s international operations.
“It was basically a network server issue involving malware,” said Dave Paolini, Christie Digital’s public relations manager. “When we have reported (the incident) to the authorities and are working with them.”
Over the past six months, eSentire, a company that provides managed detection and response services to hundreds of businesses spanning all industries, detected more than 1.4 billion potential threats or unwanted cyber activity across its clients’ digital traffic.
Computer Weekly adds that 43% of organizations surveyed across 12 nations admit that they have been impacted by a business process compromise (BPC) cyber attack. Despite this, business process compromise (BPC) attacks are not on the radar of 50% of management teams.
The study was carried out by Opinium surveyed more than 1,000 knowledge workers and IT decision-makers responsibly for cyber protection across the United States, United Kingdom, Germany, Spain, Italy, Sweden, Netherlands, Poland, Belgium, Czech Republic, Finland, and France.
“We’re seeing more cyber criminals playing the long game for greater reward,” added Rik Ferguson, vice president of security research for cybersecurity firm Trend Micro. “In a BPC attack, they could be lurking in a company’s infrastructure for months or years, monitoring processes and building up a detailed picture of how it operates.”
Although half of management teams across the globe (involved in the survey) are unaware of BPC cyber attacks, security teams are still not ignoring this risk, with 72% of respondents agreeing that BPC is a priority when developing and implementing their company’s cybersecurity strategy.
“To protect against all forms of BPC attacks, business and IT leaders must work together to put cybersecurity first avoid potentially devastating loses,” said Ferguson. “Companies need protection beyond perimeter controls, extending to detect unusual activity within processes if attackers breach the network. This includes locking down access to mission critical systems, file integrity monitoring and intrusion prevention to stop lateral movement within a network.”
Here are some tips for businesses to protect against BPC threats:
- Develop a comprehensive view of your entire network.
- Consistently audit long-established policies, analyzing baseline and unexpected inputs.
- File Integrity Monitoring and Application Control System Lock Down should be considered for critical systems.
- Implement cybersecurity measures to identify any kind of malware.
Today, there are an estimated 28 million small businesses in the United States, and they face a growing risk from hackers looking to steal data. To protect yourself, learn how to keep your business safe from business process compromise attacks and other common phishing scams.
