Cyber Security for Businesses: Tips to Reduce Risks
Cyber security is a human issue before it is technological. This is why all companies — whatever their size — must work on bringing awareness of these issues to their employees. Today, companies are targeted, because hackers ultimately are looking to access their customers and suppliers. Cyber security is therefore no longer a niche activity and, above all, is no longer something that can be ignored or put aside.
I – Companies Facing Cyber Security Threats
Today’s hackers have changed since the early days of the Internet. Cyber attacks have become sneakier, and hackers no longer try to take on company security systems head on. Instead, one option for them is Social Hacking.
Social Hacking is a technique used by business employees via mailing (for example) to penetrate the business network. This is why a quarter of the attacks recorded target employees.
Another technique often used is a rebound attack. This makes it possible to reach companies with sensitive information, such as those in the medical or defense fields. Hackers go through one of the company’s suppliers or customers to attack by rebound, taking advantage of the links maintained between these companies.
Another important point: hackers don’t just steal data. For example, the vast majority of international trade is done by boat. Hackers can hijack entire ships. And they already have! How? After cutting off communications to the vessel, they directed it to a safe place, and the cargo was not seen again until the ransom was paid. This type of cyber-attack could cost the target business hundreds of million dollars!
Agricultural equipment (tractors, harvesters, riding mowers, etc.), which is now connected to the internet, is another target of choice. It becomes possible to deviate from their initial trajectory. Hijacked, coordinated, and controlled, this material becomes a potentially dangerous weapon.
In the same vein, by simply buying a virus from the darknet for a few hundred dollars, a single individual can block a factory, a road, or even an entire city.
How Companies Are Adapting
Depending on the type of business attacked and the type of information stolen, the solution is not the same across the board. Some industries are forced to give in to blackmail by cyber criminals, while others categorically refuse.
Take, for example, the Rouen hospital. In November 2019, the Rouen University Hospital was the target of a cyber attack. The extreme sensitivity of the stolen information and the lack of backup forced the entity to pay to recover the data. The aim here was to save lives in intensive care, to plan the right operations at the right time for the right patient, to communicate the right health data to the doctors who will prescribe treatment, among others. Quickly retrieving patient data was therefore essential.
In contrast, we can look at the seaside resort of La Croix-Valmer. The municipality’s computer servers were attacked at the end of July 2018. The files were encrypted and the hackers demanded a ransom. According to the municipality, no amount of money has been paid.
Indeed, despite the immobilization of services for a week, the municipality has managed to keep the personal data of the inhabitants safe from attack. This time, the hackers did not gain anything.
3 Ways to Limit the Risk of Cyber Attacks?
1. Develop adequate technical means
The first key step to secure a network is to acquire a firewall that allows partition networks. A typical business generally has several of them: the document network, the accounting network, etc.
This compartmentalization technique makes it possible to cope with an attack, preventing it from spreading to other networks than the one through which the hackers entered. The IT systems manager adds anti-virus, anti-spam, and other services and solutions to optimize network protection.
2. Never ignore awareness
When securing your network, it is also essential to educate your users about cyber security through events, conferences, webinars, etc. An informed user—aware for example that 40% of attacks take less than 30 seconds for the virus to take possession of the entire network—fwill think of disconnecting his computer quickly if he finds that it is under attack.
3. Achieve the security targets required to obtain certifications
Some industries need to prove their level of cybersecurity. This can be established by pursuing certifications. The term “security target” also designates the minimum security required by the industry to achieve a certain protection result. By reaching these security targets, the business can host sensitive data.
II – A Macro Context that Evolves According to Cyber Risks
The cost of computer hardware and software has increased in recent years, as have the salaries of IT professionals. For VSEs and SMEs, IT risk is now well understood and integrated. They are aware of the issues that arise from it and seek to protect themselves. On the other hand, many still believe that they are not a “real” target. The “Why me?” mentality continues.
The Economy of Cyber Security
These companies know, however, that they must invest in security, but this necessity is costly and restrictive! For example, more and more companies are banning the use of USB keys on their IT equipment, which is shaking up employee habits.
Fortunately, insurance is starting to cover cyber security risks for businesses. The first offers appeared a few months ago. This investment is, therefore, becoming more and more attractive for companies. Especially in the current context where the risk of cyber security is very high and will continue to increase exponentially until it becomes the