Take Practical Measures To Avoid An Attack

According to British Government statistics, approximately 2.39m cyber crimes have been recorded against UK businesses in the last 12 months and, as more businesses have chosen to move online, and with technology constantly changing, cyber attacks have become a common issue. 

“Cyber security breaches and attacks remain a common threat. However, smaller organisations are identifying them less than last year... This may reflect that senior managers in smaller organisations view cyber security as less of a priority in the current economic climate than in previous years, so are undertaking less monitoring and logging of breaches or attacks,” says the 2023 UK Government Security Breaches Survey.

These attacks are leaving owners increasingly vulnerable and concerned for the security of their data. With this in mind, Indusface has provided some industry tips on how scams can be avoided and how to securely protect your online business from being hacked in these unprecedented times. 

Venky Sundar,  President of Indusface, has revealed some of the methods that hackers uses to demonstrate how easy it is for a cyber attack to occur.

Run Probes:    Hackers don’t really know your application. The first step is for them to understand the weakest link in your online business application. They can use any of the numerous open-source and free DAST scanners to find open vulnerabilities.  Once they understand vulnerabilities, the next step is to send targeted attacks like an SQL injection to get access to confidential data, encrypt it and then demand ransom.

Take Your Website Down: Hackers use Distributed Denial of Service (DDoS) Attacks to take down websites. It is as cheap as $5 to launch a targeted DDoS attack for a duration of 1 hour. Downtime’s impact could be revenue lost for that duration, cost incurred for restoring operations and a brand image hit that will prevent people from coming back to you.

Takeover Your Admin Consoles:   Running a brute force attack is probably the simplest form of attack. The hacker would use a script to repeatedly hit your admin consoles with various username/password combinations and, when successful, this leads to a demand for ransom too.

Steal Credit Card Information:   Payment processing is the heartbeat of any online business. It is also amongst the most targeted areas in an online application where hackers try to inject code into the payment processing page and just skim all the credit card details that are entered. They store these details for other financial fraud. Businesses will face huge fines because of non-compliance with PCI-DSS and it is also a death knell to your business as customers will never trust you with their credit card information.

Start a Price War:   Leverage bots to crawl the website and scrape critical information such as price and quantity from the website. Then use that data to cause inventory stock-outs or price wars by undercutting the price. While hackers might not do this directly, your competitors could be employing someone who can carry out these tactics.

Although any company could be attacked, the larger and more successful ones are hit the most. In just 2023 alone there have been numerous breaches within some of the world’s largest companies including ABBCapita and many others.

Managing Director Ian Reynolds of SecureTeam emphasises the importance of being cyber-aware whilst running an online business: “Hackers look out for businesses that have vulnerable security systems. These might range from accounts with weak passwords, a lack of two-factor authentication, inadequate security systems. They may also look to target newer or more junior staff, who could be easier to phish... There are several key ways businesses can protect themselves from cyber-attacks. These include training all employees thoroughly and keeping all security software up-to-date."

Failing to achieve these basic security measures is one of the leading causes of cyber attacks. Whilst there is no 100% secure or safe way for business protection, these tips and ensuring all software is up-to-date, as well as staff training could help reduce the risk of a cyber attack.

You Might Also Read: 

How Can We Realise Cyber Resilience Through Education?:

____________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« How To Counter Covert Action In The Digital Age
The Limitations of AI »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Secure Thingz

Secure Thingz

Secure Thingz focus on developing and delivering advanced security solutions into the emerging Industrial Internet of Things (IIoT) and Critical Infrastructure markets.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

CyberSec.sk (CSSk)

CyberSec.sk (CSSk)

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

US Secret Service

US Secret Service

The US Secret Service has a pivotal role in securing the nation’s critical infrastructures, specifically in the areas of cyber, banking and finance.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

Securix

Securix

SECURIX AG delivers holistic IT security solutions that are tailored to the specific challenges and requirements of your company.

Darkstrike / Qeros

Darkstrike / Qeros

Complete your defense in-depth strategy with Darkstrike, the world’s most advanced quantum-secure and ransomware-proof data platform for any use case, ensuring unconditional data security.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

OneZero Solutions

OneZero Solutions

OneZero specialize in cybersecurity operations, information assurance, computer network operations, solutions engineering, and project management.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

Center for Cyber Security Studies & Research (CFCS2R)

Center for Cyber Security Studies & Research (CFCS2R)

CFCS2R's mission is to empower individuals, organizations, and governments with the knowledge and tools necessary to protect against cyber threats.

ecfirst

ecfirst

ecfirst's mission is to establish AI platforms and service capabilities to assess and manage client compliance with global mandates on a continual basis to secure business data and assets.