Take Practical Measures To Avoid An Attack

Uploaded on 2023-06-05 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, JOBS-Training, FREE TO VIEW

According to British Government statistics, approximately 2.39m cyber crimes have been recorded against UK businesses in the last 12 months and, as more businesses have chosen to move online, and with technology constantly changing, cyber attacks have become a common issue. 

“Cyber security breaches and attacks remain a common threat. However, smaller organisations are identifying them less than last year... This may reflect that senior managers in smaller organisations view cyber security as less of a priority in the current economic climate than in previous years, so are undertaking less monitoring and logging of breaches or attacks,” says the 2023 UK Government Security Breaches Survey.

These attacks are leaving owners increasingly vulnerable and concerned for the security of their data. With this in mind, Indusface has provided some industry tips on how scams can be avoided and how to securely protect your online business from being hacked in these unprecedented times. 

Venky Sundar,  President of Indusface, has revealed some of the methods that hackers uses to demonstrate how easy it is for a cyber attack to occur.

Run Probes:    Hackers don’t really know your application. The first step is for them to understand the weakest link in your online business application. They can use any of the numerous open-source and free DAST scanners to find open vulnerabilities.  Once they understand vulnerabilities, the next step is to send targeted attacks like an SQL injection to get access to confidential data, encrypt it and then demand ransom.

Take Your Website Down: Hackers use Distributed Denial of Service (DDoS) Attacks to take down websites. It is as cheap as $5 to launch a targeted DDoS attack for a duration of 1 hour. Downtime’s impact could be revenue lost for that duration, cost incurred for restoring operations and a brand image hit that will prevent people from coming back to you.

Takeover Your Admin Consoles:   Running a brute force attack is probably the simplest form of attack. The hacker would use a script to repeatedly hit your admin consoles with various username/password combinations and, when successful, this leads to a demand for ransom too.

Steal Credit Card Information:   Payment processing is the heartbeat of any online business. It is also amongst the most targeted areas in an online application where hackers try to inject code into the payment processing page and just skim all the credit card details that are entered. They store these details for other financial fraud. Businesses will face huge fines because of non-compliance with PCI-DSS and it is also a death knell to your business as customers will never trust you with their credit card information.

Start a Price War:   Leverage bots to crawl the website and scrape critical information such as price and quantity from the website. Then use that data to cause inventory stock-outs or price wars by undercutting the price. While hackers might not do this directly, your competitors could be employing someone who can carry out these tactics.

Although any company could be attacked, the larger and more successful ones are hit the most. In just 2023 alone there have been numerous breaches within some of the world’s largest companies including ABBCapita and many others.

Managing Director Ian Reynolds of SecureTeam emphasises the importance of being cyber-aware whilst running an online business: “Hackers look out for businesses that have vulnerable security systems. These might range from accounts with weak passwords, a lack of two-factor authentication, inadequate security systems. They may also look to target newer or more junior staff, who could be easier to phish... There are several key ways businesses can protect themselves from cyber-attacks. These include training all employees thoroughly and keeping all security software up-to-date."

Failing to achieve these basic security measures is one of the leading causes of cyber attacks. Whilst there is no 100% secure or safe way for business protection, these tips and ensuring all software is up-to-date, as well as staff training could help reduce the risk of a cyber attack.

You Might Also Read: 

How Can We Realise Cyber Resilience Through Education?:

____________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How To Counter Covert Action In The Digital Age
The Limitations of AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Protocol Policy Systems

Protocol Policy Systems

Protocol Policy Systems specialise in IT policy deployment and management systems that deliver compliance and secure computing environments.

Cybersecurity Collaboration Forum

Cybersecurity Collaboration Forum

The mission of the Cybersecurity Collaboration Forum is to foster information security communication and idea sharing across the C-Suite, enabling leaders to better protect their enterprises.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

Active Countermeasures

Active Countermeasures

Active Countermeasures believe in giving back to the security community. We do this through free training, thought leadership, and both open source and affordable commercial tools.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

SecAlliance

SecAlliance

SecAlliance is a cyber threat intelligence product and services company.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Awareness Software Limited (ASL)

Awareness Software Limited (ASL)

As Hosting Specialists, Awareness Software offer practical and affordable hosting solutions including backup and disaster recovery and a range of cybersecurity services.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.