It’s a heart-stopping situation. A zero-day vulnerability has helped attackers bypass conventional antivirus protections. Your client data is being extracted for use by online criminals and essential business files are encrypted and beyond use. You see a message on your screen demand a fee to get your data back. What are you going to do?
What is a zero-day vulnerability?
That’s because zero-day vulnerabilities are security flaws in software and hardware that your provider is unaware of. It’s only when the provider finds out these flaws are being exploited that they know they’re there, and the race begins to create a patch.
How can it affect your firm?
Attackers are free to exploit these flaws to gain access to computers, phones, websites, apps and even servers. They have a host of tools to exploit these vulnerabilities:
- Spyware. Once they gain access to a device in a business, hackers can install malware that will covertly track and steal any customer information that is stored on or passes through that device.
- Ransomware. This type of malware has grown quickly over the past five years, and is now a serious problem. It’s used to lock access to critical files and demand payment for these files to be unlocked.
- Compromised websites. If your firm’s website is compromised, every visitor that arrives on your site is vulnerable to the malware installed there.
The cold reality of cybercrime
This year, the FCA reported a 1,400 percent rise in cyber-attacks against UK finance groups, and that number continues to rise. Your business is not the exception to the rule: your business is not immune.
65 percent of large firms were affected by a breach last year, 25 percent of whom were affected once per month, and the average cost of those breaches was £36,500 according to the UK government’s Cyber security breaches survey 2016.
You know you can’t afford to be one of those victims. You promise your clients’ data confidentiality and, if you intend to remain trustworthy and profitable, you need to keep that promise.
One crack in your security could mean thousands of customers lose their data and your business would be subject to growth-killing fines.
Across 33 separate incidents in the finance, insurance and real estate sector in 2015, 120 million identities were exposed according to Symantec’s 2016 Internet security threat report.
Don’t let your customers become part of that statistic in 2017’s report. It’s your responsibility to ensure your business is equipped with the strongest defences possible.
How to fight back
Far too many businesses ask for help after they have been attacked. By then, it’s too late: prevention is the only cure.
The more sophisticated the attack, the better defences you need to protect yourself. Zero-day threats are highly dangerous, but they are not unstoppable. To fight back, your business needs to employ a multi-layered defence:
- Firewalls and antivirus. Your first line of defence won’t protect against most zero-day threats, but it is still essential for everyday business security. But remember, for antivirus to be effective, all of your endpoints have to be covered. That means computers, tablets, phones, servers: anything that your employees use at work is vulnerable to malware and needs adequate protection.
- Website and email malware scanning. Cyber attackers commonly use compromised websites and email phishing to spread malware, but in most cases these attempts can be detected and prevented by website and email scanners.
- Proactive monitoring. Automated tools alone are not enough, your firm needs an extra level of protection to detect any intruders on your network and prevent them gaining access. For that, you’ll need an IT partner who offers server and infrastructure management.
- Training. In most cases, cyber attackers rely on employee ignorance to launch their attacks. Your employees need to be properly trained in cyber security so that they know what links to click on.
- Careful choices. Cloud services can be a big boost to business efficiency, but many financial firms still have their doubts about the security of these tools. In reality, if your business knows how to pick the right cloud providers, you can negate any security risks.
- Regular audits. A decade ago, no one had heard of ransomware. Now it represents one of the biggest threats to financial firms. The cyber security landscape constantly changes and businesses need to keep up to protect themselves. Strong business security is audited and improved on a regular basis.
- Disaster proofing. No security measure is complete without a failsafe. In the case that their information is compromised, firms need to make sure their data is securely backed up and ready to be recovered using disaster recovery and business continuity tools.
- Third party support. Very few businesses have the inside knowledge to do this job alone. If you need support, Syntax IT Support can help.
Only the paranoid (and well-protected) survive
“Success breeds complacency. Complacency breeds failure. Only the paranoid survive”.
– Andy Grove, former CEO of Intel.