This is a guest article provided by Ryan Senior, Executive Director at Aon.
With more than three billion people online these days, cyber risk is a growing concern for many businesses. According to research conducted by Aon, damage to brand and reputation was the main concern facing global organisations, and cyber risk was in the top ten concerns.
And yet, a survey by Blue Coat Systems found that employees still visit inappropriate websites at work, despite the threats this could pose to the companies. If you ignore the danger of cyber risks, valuable data could be exposed to any number of online attacks.
Most company networks are protected by passwords for access control. So a common method used by hackers to gain access by posing as a valid user. Some older applications do not always protect password information as it goes through the network, so an outside source may be able to discover user’s passwords and log on to the system.
After gaining access to the network, the hacker can modify or delete the date, or modify the server and network configurations.
Social engineering and Trojans
Socially-engineered Trojans, or manipulating people to give up private information, are the number one method of attack used by criminals and hackers. Commonly called ‘phishing’, this method can be used to trick users into giving up passwords or bank information, or allowing access to their computer to install malicious malware.
Phishing usually comes in the form of an email that asks you to click a link: an email from a friend who has been hacked asking to click on a link which turns out to be infected with malware, an email which appears to be from a well-known company responding to a ‘request for help’ asking for your details, or an email informing you that you are a ‘winner’ requiring your details.
A network-travelling worm is a computer programme that has the ability to copy itself from one computer to another and is designed to damage the computer network once it gains access. The spam email attachment worms, which have been serious cyber-security threats since 1988, have been reduced somewhat, thanks to spam controllers; however more recent worms such as Conficker and Zeus can be more difficult to detect.
Worms have the potential to cause severe damage to computer systems. For example, when the Shamoon worm infected oil giant Saudi Aramco’s network, it ended up erasing 30,000 computers in the internal network and destroyed the national oil company’s system.
Most networks identify the user by using the computer’s IP address. However, in some cases hackers use special programmes to create IP packets that appear to come from the company intranet, and can therefore gain access.
Identity spoofing can allow the attacker to modify or delete the company data, plus conduct other types of attack, which could cause considerable problems for the company affected.
A sniffer is an application or device that can read network packets and data exchanges. It can provide the hacker with a full view of the data inside the packet unless the packet is encrypted. Sniffers can even open encapsulated or tunnelled packets if they are not encrypted.
The sniffer can enable the attacker to analyse your network, gain information, read communications, and even cause the network to become corrupted or crash.
A constant threat
Although technological advancements are usually something to be praised and admired, there is a dark side: they can be as dangerous as they are innovative. Despite our improved security systems, cyber risks are still a very real threat to businesses.
No business is exempt from cyber-crime. Whilst the industry is taking steps to pull together and share information, it still remains that very few really fully understand the potential damage this poses to their business. As firms continue to hold more and more client sensitive information electronically, to assume that everything is OK or that you have sufficient protection is not only naive but potentially negligent. The question is whether firms are prepared to assure their clients that they are genuinely safe custodians of their valuable information, and if the answer is no, they need to urgently put the necessary security in place.
It’s important to be aware of the various kinds of attacks – some as benign as an email attachment – so you don’t become vulnerable.
Whilst care has been taken in the production of this publication and the information contained within it has been obtained from sources that Aon UK Limited believes to be reliable, Aon UK Limited does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the publication or any part of it and can accept no liability for any loss incurred in any way whatsoever by any person who may rely on it. In any case any recipient shall be entirely responsible for the use to which it puts this publication
This publication has been compiled using information available to us up to 1/06/2015