With the growing number of cyber attacks on businesses-including Target, Home Depot, Kmart and Staples-attacks can easily seem commonplace in today's increasingly connected world. Cyber attacks lead to exposed personal, financial and business information. These exposed documents may jeopardize the security of your customers' or employees' identities, create fraud within your business or simply leave you with a hefty IT bill to repair the damage.
As a small business owner, you might not have a fully stocked IT department monitoring cybersecurity around-the-clock. But even the most basic understanding of a cyber attack against a small business will allow you to spot vital warning signs, thwart unwanted digital attacks and prepare for the future.
Cybercriminals use a variety of tools and tactics to steal information from unsecure or under-secured networks and devices. There are a few basic steps of an attack: reconnaissance and enumeration, intrusion, malware insertion and clean up. Each step varies based on the vulnerability and the advanced attacks and malware used. Knowing how a cybercriminal operates is the best way for you or your team to address possible computer vulnerabilities:
Step 1: Reconnaissance and Enumeration
The first objective in a cyber attack is to find the hacker's target and map out a course of attack. Reconnaissance is the gathering of information before a plan is set in motion. Information collected includes the understanding of a network's or computer's credentials, software versions and misconfigured settings. Enumeration is the testing of these discovered vulnerabilities. If the testing uncovers something like an out-of-date antivirus software, the cybercriminals will begin to plan out their attack.
Step 2: Intrusion and Advanced Attacks
Once a vulnerability is identified, the cybercriminal can penetrate the network or use advanced attacks to render it inoperable. Common advanced attacks include zero-day and denial-of-service (DoS) attacks.
Zero-day attacks are the exploitation of a previously unknown weakness in software or an operating system. These weaknesses are typically shared on the black market among the network of cybercriminals. With this information, attackers can use malware to execute a more destructive attack. On average, it can take 10 months before the vulnerability is discovered by developers and a patch is created.
DoS attacks make a computer or network unavailable to its intended users by flooding it with useless traffic until it crashes. Business websites are common targets as attackers try to halt traffic and disrupt regular business operations. In 2012, arguably the largest DoS attack in history halted operations at major financial institutions. Some attackers will even hold a computer network ransom using this method. If your company receives threats regarding a cyber attack, contact your local police department immediately.
Step 3: Malware Insertion
Once the network is infiltrated, cybercriminals can insert malware to gain control of the system. There are three forms of malware: nuisance, controlling and destructive.
Nuisance malware is used by unethical marketers to bombard a user with advertisements or to track activity. Spyware is most commonly associated with nuisance malware. Cybercriminals can use it to obtain online passwords, trade secrets or financial information you accessed from your device.
Controlling malware allows a cybercriminal to take over your device or network. Trojan horses are a type of controlling malware designed to hide in an application until a user unknowingly launches the malware. Trojans will gain remote control of the device or create backdoor access for intruders. This is a prime entry point for intruders to steal business or consumer information that they can later leverage to commit identity theft or fraud.
Destructive malware is the final form. It is designed to infiltrate a device, typically using a virus or worm. Viruses can sometimes purge an entire hard disk and are commonly downloaded through shared files or email attachments. Unlike viruses, worms can spread themselves throughout networks without user activation. Destructive malware is particularly concerning for small businesses that may not take the precautionary measure of backing up their information externally.
Step 4: Clean-up
The final stage of a cyber attack is for a criminal to hide their tracks. The intruder typically deletes the command line or event logs, upgrades outdated software or deactivates alarms after the attack. Additionally, hackers and cyber thieves often use viruses and worms to destroy potentially incriminating evidence.
What should you do to secure your small business?
- Keep all software and operating systems up-to-date, especially anti-virus software
- Back up your system to an offline, off-site hard drive and store it securely
- Change passwords often
- Restrict Bring Your Own Device (BYOD) policies in the workplace
- Be cautious when clicking on links on the Web and in emails (and avoid anything that sounds too good to be true)
- Coordinate and communicate security goals and best practices in the workplace
- Never use unsecure Wi-Fi
Article adapted from Dell's "Anatomy of a Cyber Attack."