Ransomware attacks provide one of the most lucrative returns on investment of any “profession,” illicit or otherwise. With little more than technical know-how, criminals can launch attacks against thousands, even millions of potential targets simultaneously. And as adoption of digital technology grows, so too does cybercrime.
In January, Check Point Research reported that it found 50% more cyberattack attempts per week on corporate networks globally in 2021 compared with 2020. Business leaders and owners need to be aware that cybercrime will continue to increase in volume and complexity. Successfully defending your organization with cybersecurity measures is an essential task.
So, what are the most common types of attacks, and what are the best ways to defend against them?
Hacker Target #1: Employees
Cybercriminals typically have two lines of attack: Employees and systems. First, we’ll look at how they target employees, the most common types of attacks, and the best way for employees to defend against them.
By far the most common attack targeting employees is a phishing email. These emails are designed to redirect an employee to an illicit website where they are tricked into entering their username and password. Another phishing tactic is to send an email attachment that, if opened, installs malware that infects the employee’s workstation. In these cases, the hacker either captures credentials that give them the ability to login to a company’s systems or obtains direct access to the network via an infected workstation.
4 Ways to Thwart Phishing
There are four actions that companies should take to help employees defend against phishing attacks.
1. Educate your employees about phishing.
Make sure that every employee is well-educated on how to identify and avoid phishing emails. A phishing email that goes unopened is harmless, but cybercriminals are clever. They work to constantly craft emails that trick even the most guarded employees.
2. Use an email provider with robust spam filtering.
While some phishing emails inevitably make it through the filter, the vast majority will be quarantined.
3. Make sure multifactor authentication (MFA) is enabled for all key systems.
With MFA, even if an employee’s credentials are stolen, cybercriminals will not be able to use them to login to systems.
4. Make sure all employee workstations are running modern, up-to-date anti-malware software.
Anti-malware is another layer of defense that detects and prevents malware from exploiting your company’s systems and data. If phishing email manages to make its way through your spam filter and tricks employees into opening an attachment, anti-malware can detect and prevent it from infecting their workstations.
Hacker Target #2: Systems
The second target is a company’s operational systems, which store sensitive data about your company and customers. Cybercriminals often use stolen credentials to illicitly access systems. But they also use other infiltration techniques, and there are steps you can take to protect your business.
1. Ensure all systems are behind a well-configured firewall.
A firewall should only allow necessary traffic to enter and leave your company’s network. It should also identify and block common exploits used by cybercriminals to overcome a firewall’s defenses.
2. Make sure systems are configured to protect against invasive hacking techniques.
The Center for Internet Security (CIS) provides some excellent guidelines on how to harden servers, and if followed, can make it significantly more difficult for a hacker to successfully gain access.
3. Make sure systems are regularly patched to address any security vulnerabilities.
New vulnerabilities are identified every day, and by quickly patching, you can close off one of the most likely paths a cybercriminal uses to access your systems.
4. Like your company’s workstations, make sure every server is running a modern anti-malware solution.
Even if hackers manage to infiltrate a device, good anti-malware software can thwart their efforts and alert you to their presence so you can remove and block them from the system.
While there are many more steps you can take to improve your company’s cybersecurity posture, acting on these recommendations is an excellent first step, and will significantly strengthen your defenses.
Epicor can help, too. Epicor Security Suite provides solutions that help SMBs defend against, and recover from, ransomware attacks. And companies of any size can benefit by moving their ERP system to an Epicor cloud platform where a dedicated team of security professionals work 24x7 to safeguard your systems and data.
Visit epicor.com to learn more now about industry-specific cloud ERP solutions.
