Page 6 - Cyber Defense eMagazine - March 2018
P. 6

4 AREAS WITH A GROWING CYBER RISK OF DIGITAL

               EXTORTION

               by Derrick Rice, Principal Consultant, Asylas


               In a world where it’s becoming the norm to use digital assets as a medium of exchange
               and to see systems updating information as soon as it’s received, it’s no secret that our
               digital footprints are growing exponentially. This growth in our online presence and our
               reliance on online tools increases the cyber risk that your business can be taken out
               entirely by a digital extortion attack.

               Many attackers use ransomware as their weapon of choice, denying a business access
               to its data and demanding a sum of money for its return. And, as the internet expands,
               attackers are finding more ways to interrupt critical processes in hopes that it will force a
               business into paying them off.

               So, what new technologies are attackers targeting, and what can you do to keep your
               business up and running? Here are some things to keep an eye on:
                   1.  Phones:  Now  that  you  can  share  money  and  files  away  from  your  desktop,
                       computers aren’t the only devices you need to worry about protecting. Once a
                       hacker taps into your mobile phone, he can listen to your calls, read your text
                       messages and access your address book and apps. He can also guide you to
                       download malware that leads to a ransomware attack.

                       What  can  you  do?  Always  be  wary  of  what  company  information  your
                       employees can access from their personal devices. If they store sensitive data or
                       files on their phones and later connect them to an unsecure network (i.e. a public
                       WiFi  network),  bad  actors  can  access  that  information  rather  easily,  steal  the
                       data and demand ransom. Any personally identifiable information should only be
                       made available through your company’s secure network. Make sure employees
                       understand and are trained on these policies.

                   2.  Social  media:  If  an  attacker  gains  access  to  your  company’s  social  media
                       account  or  creates  a  fake  account  under  a  name  similar  to  yours,  he  can  do
                       instant and irreversible damage to your organization’s reputation. Attackers can
                       share fake information on behalf of your business, gain the trust of your clients
                       and followers and post sensitive information for the world to see, demanding a
                       hefty fee to give you access to the account(s). Once this information has been
                       shared, it’s difficult to remove from the public eye.

                       What  can  you  do?  Businesses  should  treat  their  social  media  accounts  as  if
                       they’re bank accounts. Set up two-factor authentication, create strong passwords
                       and limit account access to only a few employees. Monitor social platforms for
                       any  fake  accounts  that  may  have  been  created  in  your  company’s  name,  as



                     6   Cyber Defense eMagazine – March 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.
   1   2   3   4   5   6   7   8   9   10   11