Understanding Cyber Attacks Impact and How to Safeguard Your Digital World
Oh, the sweet and warm memories of the romantic movie light up in many a heart whenever this phrase shows up
And yet, for those who eat, sleep and breath IT (for instance Portman Tech in the heart of London), it only serves as a grim reminder. In May of 2017, this very phrase cast disaster in the lives of many who thought they received an email from one of their known contacts asking to collaborate on a Google Docs document. The emails appeared legitimate, and the recipients were directed to click on a link to view the document. However, the link led to a fake Google login page that mimicked the real Google login interface. If the recipient entered their Google credentials on this fake page, the attackers gained access to their Google accounts, including emails, contacts, and other sensitive information.
This phishing attack spread rapidly due to the convincing nature of the email and the familiarity of Google Docs as a widely used collaboration tool. The attack affected a significant number of users who fell victim to the scam, compromising their Google accounts and potentially exposing personal and confidential information.
Google quickly responded to the phishing attack, taking steps to disable the malicious pages and block the attacker’s email addresses. They also implemented measures to prevent similar attacks in the future, including improving their detection systems and warning users about potential phishing emails.
Fast forward to September that very year, one of the most prominent multinational agencies handling sensitive personal information of over 800 million individuals, experienced the ‘Great Train Robbery’ of the computer age. It was a massive Cyber Attack on the credit reporting company where Social Security numbers, driver’s license numbers, email addresses, and credit card information of approximately 147 million individuals were stolen.
Numerous legal and regulatory investigations only ensured the loss of customer trust, and the company’s stock price significantly dropped in the aftermath. Not only did the company suffer a substantial financial loss, but in addition, they had to part with a massive settlement amount of $575 million. Multiple lawsuits from affected individuals and shareholders further added to their financial burden.
This breach, and the phishing attack mentioned earlier serve as a stark reminder of the devastating impact unauthorized access to sensitive data can have on individuals, businesses, and the overall economy. It underscores the importance of being vigilant when receiving unsolicited emails, verifying the authenticity of login pages, and regularly updating passwords to mitigate the risk of falling victim to such attacks. Organizations now need to build robust cybersecurity measures, proactive detection and response mechanisms, and prioritize the protection of sensitive data to try and prevent such unethical incidents.
The National Cyber Security Centre (NCSC) received hundreds of Cyber Attack cases in the past 12 months. According to some reports, the number of UK companies that suffered breaches could be as high as 88% (Germany – 92%, France – 94%, and Italy – 90%).
Whenever we read about Cyber Attack victims, large companies that roll in large numbers come to the forefront. If a multinational loses a million to such a scam, it catches everyone’s eye, and becomes the next day’s headlines. Unfortunately, no one worries about the one quid that was stolen from an individual; the hacker may have been a rookie, who just went through all that trouble for a single pound. And, in this way, when a million individuals think that getting robbed of just one quid doesn’t matter, the rookie starts to ‘rock-n-roll’!
An alternative study says that a small business in the UK is hacked every 19 seconds – 65000 attempts every day, of which 4500 are successful. These attacks range from ransomware, reconnaissance, malware and network intrusions, data exfiltration and disruption of services and systems. And yet, only 37% of those attacked have reported a data breach incident to the Information Commissioner’s Office (ICO) in the last one year.
The NCSC’s Cyber Incident Response (CIR) plans to introduce a Level 2 scheme which will provide technical response for incidents affecting small to medium-sized enterprises, thus supporting victims of common, often financially motivated Cyber Attacks. Hopefully, more businesses that have fallen victim, will surface and thus make us aware of more types of frauds that are happening around the country.
As a business, we want to focus only on our trade, and not worry about anyone trying to steal from us. Partnering with IT service companies (like Portman Tech) and ensuring that Safety Protocols are introduced, will only help us in the following ways:
- Privacy: Your sensitive data (personal, financial, or confidential information) that, if accessed by unauthorized individuals, can lead to privacy breaches. Protecting this data helps ensure the privacy and confidentiality of individuals and organisations.
- Identity Theft: Unauthorized access to accounts can result in identity theft, where personal information is used fraudulently to impersonate someone else. This can lead to financial loss, damage to one’s reputation, and disruption of personal and professional life.
- Financial Loss: Unauthorised access to financial accounts can result in theft of funds, unauthorised transactions, or fraudulent activities. Protecting accounts prevents financial losses and safeguards assets from being compromised.
- Compliance and Legal Requirements: Many industries have regulatory requirements and legal obligations to protect sensitive data. Failing to adequately secure data can result in non-compliance, legal penalties, and damage to goodwill.
- Business Continuity: For businesses, unauthorised access to accounts or critical data can disrupt operations, lead to loss of customer trust, and impact overall business continuity. Protecting sensitive data ensures the smooth functioning and stability of business processes.
- Intellectual Property Protection: Organisations may possess intellectual property, trade secrets, or proprietary information that needs to be safeguarded from unauthorised access. Protecting such assets helps maintain a competitive advantage and prevents unauthorised disclosure or misuse.
- Trust and Reputation: Maintaining the trust of customers, clients, and partners is essential for any organisation. By safeguarding sensitive data and accounts, businesses demonstrate their commitment to data security and strengthen their reputation.
- Cybersecurity Threats: With the increasing frequency and sophistication of Cyber Attack, protecting sensitive data and accounts is critical to mitigate risks from malware, phishing, hacking, ransomware, and other cyber threats.
Let us ultimately look at what Construes a Cyber Attacks:
- Denial of service attack: Denial of service attacks try to slow or take down organisations’ websites, applications or online services, to render these services inaccessible.
- Hacking: In the context of this study, we define two forms of hacking. Firstly, unauthorised access of files or networks, or entry into video conferences or instant messaging. Secondly, online takeovers of organisations’ websites, social media accounts or email accounts
- Malware: Malware (short for “malicious software”) is a type of computer program designed to infiltrate and damage computers without the user’s consent (for example viruses, worms and Trojan horses)
- Phishing: Phishing involves fraudulent attempts to extract information such as passwords or personal data (for example through emails or by filling in forms on websites), or to install malware on the recipient’s device or network. In the context of this study, we define phishing as staff receiving fraudulent emails, or arriving at fraudulent websites.
- Ransomware: Ransomware is a type of malicious software designed to block access to a computer system until a sum of money (a ransom) is paid
- Social engineering: Social engineering involves manipulation of specific individuals to extract important information, such as passwords or personal data, from an organisation, for example, through impersonation.
In our next blog, let’s chat a little more about Passwords, Multi-Factor Authentication, Hardware Security Keys like YubiKey, etc. And, if you also feel that the threat is omnipresent, don’t stress; simply pick up the phone and give us a call…