80 percent of hacking related breaches leveraged either stolen passwords or weak, guessable passwords. The thing is, about 76 percent of people use the same or a similar password for most, if not all, websites. Which means if an employee has their personal life hacked, your organization could be compromised in a matter of minutes.
Because ransomware is so common, that’s what businesses expect now. Yes, ransomware is easier monetization for the hacker. But it’s not the only risk. There are all sorts of malware strains and attack types that skim credit card details, health information, social security numbers and financial data – all that they can sell on the dark web.
We know of a company that lost $800,000 because one of their vendors got hacked and didn’t know it. The attacker watched email traffic for a couple of months, observed and copied how they requested money and changed the financial transaction information to an offshore account. This is just one example of how creative and unexpected these attacks can be.
How malware is detected
It takes an organization an average of 191 days to identify a data breach.
Malware used to be so obvious. Things would break, computers would slow down dramatically and disk drives would spin loudly, whirring into action even though you were just playing a game of Solitaire. It was clear something was running that wasn’t supposed to be. Things changed.
Hackers today realise that getting detected works against them, so they are all about stealth mode. That’s why it takes an average of months to detect anything. The symptoms we all came to expect aren’t there anymore.
It often isn’t until unauthorised transactions start taking place or someone receives notifications that their accounts are logged into that they realise something is wrong. By that point it’s too late to do damage control.
If you’ve been hit with ransomware or malware
Once you’ve been breached, it can bring any organization (corporate, small tax firms, nonprofits, cities, you name it) to their knees. Extensive data breaches or ransomware almost always go public and cause exposure of intellectual property, financial records, client files and other information.
Any data exposure can be very costly. Your company can’t operate until things are remediated, and your reputation will take a hit.
If you’ve been hit successfully at any point, you stand a higher likelihood of becoming a target again. Not to mention that there could be trace malware on your systems that you have not yet detected. The safest thing to do is to wipe and restore your backup files then change all accounts and passwords. Yes, all of them.
Next, start taking immediate steps to heighten your security:
- Use complex passwords and make sure nobody is using the same passwords across multiple accounts
- Add local disk encryption to prevent access to files
- Use encryption in email to avoid stealth attackers and man-in-the-middle attacks
- Enable multifactor authentication – this reduces data breaches significantly
- Ensure regular systems patching; new vulnerabilities are discovered regularly and those patches close those holes
- Have a user cybersecurity awareness training session. This should be done annually, but if you’ve experienced a breach, a remedial session is in order.
- Leverage solutions that monitor outbound traffic (as well as inbound) to detect unusual behavior.
- Treat requests for money suspiciously and verify unusual requests by picking up the phone and calling a trusted phone number for the party requesting funds.
- Monitor the dark web to stay in front of information that is out on the dark web that could damage your business.
Multi IT has helped many clients recover from ransomware, malware and other data breaches. If you think you’ve been breached, don’t wait – contact us online or call us on 011 435 0450.