As we approach national cybersecurity awareness month in October, remember that cyber threats exist all year round. With more activities taking place online, more personal data are being stored in cloud and within frequently used apps.
Hackers are capitalizing on security vulnerabilities to commit cyber crimes and scams.
According to a report from Kroll, cyber security incidents are becoming more common in Asia Pacific. A survey with 180 senior finance executives revealed that while majority are confident of their organization’s cyberattack incident response, many lack visibility into the type of cyber risks and vulnerabilities that their organizations might be exposed to. 84% of respondents in APAC also witnessed more than three security incidents in the last 1.5 years. This is higher than the global average of 61%.
Information security vs cybersecurity
While more organizations are increasing their overall budget for information security, information security is merely a subset of cybersecurity. Accordingly to CISCO, information security is the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection. Cybersecurity is a combination of technologies and best practices to keep our data and systems safe from cyber attacks.
Cybersecurity awareness is not just the implementation of tools and technology. It is equally, or even more important for individuals to know cybersecurity. Combining power of employees having strong cybersecurity awareness with the right information security solutions is any organization’s best bet against any potential cybersecurity threats.
While awareness towards these security issues might be more heightened during cybersecurity awareness month, potential threats exists all year round. In this article, we discuss different types of cybersecurity threats and how to mitigate these security risks for yourself and your organization.
What is cybersecurity awareness month?
Cybersecurity awareness month started in 2004. In that year, the President of United States and Congress declared October as Cybersecurity awareness month annually. With this initiative, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and private companies in the industry to raise cybersecurity awareness within the United States and globally.
With a set theme each year, the aim of this collaboration is to raise awareness about the importance of cybersecurity and empower everyone to protect their personal data from digital crime.
Why is cybersecurity awareness important?
While cyberattacks seem sophisticated, these attacks are, more often than not, caused by human error and carelessness.
In Singapore, an analysis of data incidents reported within the Government found that a majority of cybersecurity incidents were caused by human error. These can include sending sensitive data to wrong recipients, losing IT equipment containing sensitive data and failing to follow established safety protocols to secure data. In instances like this, even the best information security would not be able to prevent data breaches and risk sensitive data being exploited by cybercriminals.
With more dependency of the internet to perform daily functions, it is inevitable that consumers have to share a lot of private data online. As organization and business owners, it is imperative to protect customer’s personal and other sensitive data from hackers. Yet, given the unprecedented number of businesses that shifted online during COVID-19, the urgency of pivoting online meant that business owners were unable to forecast cybersecurity needs. With few small businesses having expertise or dedicated resources for cybersecurity, it is no wonder small businesses are on the receiving end of cyberattacks, with such attacks seeing an exponential increase.
Types of cyber threats
In recent years, cyber threats are becoming more sophisticated. Before the pandemic, incidents like data breaches and cyber attacks usually target large organizations and industries such as healthcare, finance and professional services. However, with remote work becoming a norm and more businesses moving online, any business or organization with an online presence is susceptible to cyber threats.
Here are some common cyber threats that you should know about as part of cybersecurity awareness:
Phishing attack
Phishing is a form of social engineering attack often used to steal user data, including login credentials and credit card numbers.
How does it occur? A hacker pretends to be a part of your business and dupes victims into opening a phishing email, instant message, or text message from you. Once victims open up these messages, they are often led to click on malicious links. These links can either lead to malware installation, freezing of the system as part of a ransomware attack or revealing of sensitive information. In phishing, your customers as end-users are most often the victims of these attacks. This means that your company and brand might lose credibility and trust in the long run.
Besides sending out malicious customer communications, hackers also use URL phishing to bait customers. They create fake websites that bear close resemblance to secure sites that potential victims access on a regular basis. Most often, the URL of these fake websites look almost exactly like the actual one. As a result, victims mistake these phishing sites for the real one. They might disclose sensitive information like bank account pins and credit card details, or end up downloading malware to their computer. Cybercriminals can then exploit these data for malicious use.
In Malaysia, the plight of Dr Rafidah Abdullah, who lost money from her bank account, resulted in a widespread concern over online banking security. Like her, there are many others who have clicked on phishing emails or links from the messaging tools, believing them to be from the bank. As a result, many enter their banking data on these phishing sites and lost money as a result.
Editor's Note: We’ve prepared an in-depth article about URL phishing and how to prevent yourself or your business from becoming a victim of phishing attacks. Business owners whose website becomes the next target of a phishing attack runs the risk of losing customer trust, and business.
Malware
Also known as malicious software, a malware is a file or code designed to cause damage to computer systems. Once malware infects the system, cybercriminals virtually have unrestricted access to these systems to cause more harm. Some common examples of malware include trojan horses, adware, ransomware, spyware and computer viruses.
While there are many types of malware, each with its own destructive characteristics, most malware seek to gain control of computer systems, using it to steal sensitive data and/or send out phishing messages to unsuspecting victims.
Social Engineering
Social engineering includes a broad range of malicious acts that hackers perform through human interactions. By using psychological manipulation and other diversion tactics, hackers trick users into revealing sensitive personal data or make security mistakes.
These scammers usually begin with some background research of their intended victim, gathering data about their lives. With these information, they make contact with the victims, gaining their trust and eventually leading victims to reveal sensitive data that they can subsequently exploit for malicious activities or gain access to important resources.
for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Ransomware
According to McAfee, ransomware is a type of malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. Hackers usually demand a ransom before providing access. Ransomware is often designed to spread across a network and target database and file servers. It can thus quickly paralyze an entire organization.
In short, when your data falls into the hands of hackers, these hackers will threaten to block your access to your own data, or worse, publish it for the world to see unless you pay them a ransom sum.
Data Breaches
According to Wikipedia, a data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. These data could be anything from credit card details to health and other personally identifiable information (PII).
Whether intentional or not, these data leakages are detrimental to organizations and can cause heavy losses.
These costs can be direct cost like security incident investigations, compensations and remediation. However, the long term damage often lies within the indirect cost. Organizations suffer reputation damages as users lost trust in organizations who do not safeguard their data.
Case in point: Telecom provider MyRepublic Singapore had an unauthorised data access incident, which affected close to 80,000 customers. The attackers threatened to publish these stolen data on a public platform and demanded a ransom.
Data breaches can happen to any organization, as a result of insecure systems, human errors and many other factors. In the recent years, there are more incidences of data breaches across Asia. The increase in media coverage of these incidences also puts organizations under spotlight when it comes to customer data protection.
Editor’s Note: Check out this article for a more in-depth analysis of these cyber threats and how you can secure your website.
Cybersecurity awareness tips and best practices for your business
Cybersecurity is more than just implementing the right information security infrastructure. Having the right habits when handling sensitive data will go a long way in preventing your organization from cybersecurity attacks.
Here are some actionable tips that you can implement for your business and employees:
- Secure your laptops and mobile devices. Sounds like common sense? There are many people who don't set passwords on these devices that contain their personal data!
- Password protection. Always use strong passwords with a combination of alphabets, numbers and special characters. If you have multiple platforms to handle, explore using password managers to help you set different passwords across these platforms. Never share your password with anyone.
- Set up multi-factor authentication. On top of using passwords, multi-factor authentication (2FA) is a great way to enhance security of your accounts.
- Secure your Wifi. For business owners, always ensure that your wifi connection is secure, especially when you need to handle sensitive data. For users, avoid using unsecured networks. If you have no other choices, do not reveal any sensitive data when using an unsecured network.
- Limit access of your organization’s sensitive information & data. As mentioned above, human error is the cost behind many data breaches and cyberattacks. Having too many people accessing these data increases the risk of these information being exploited. Also, don’t overshare on organization information on social media.
- Secure your website with an SSL certificate: Protecting your website from hackers is key to gaining trust from your customers by installing an SSL (Secure Sockets Layer) certificate. SSL encrypts and authenticates data sent between an internet browser and a web server. It's also important to note that Google gives priority to websites that have SSL encryption. Learn more about SSL here.
- Equip yourself & your staff with knowledge through cybersecurity awareness training: Cybersecurity awareness starts from the individual. An organization that prioritizes regular security awareness training programs and certifications will build a culture of good cybersecurity practices.
Editor’s Note: Check out this article for more tips on how you can increase cybersecurity for your small business without hiring experts!
Learn to protect your website from cybercriminals
I hope this guide has been useful in providing you information about the importance of increasing cybersecurity awareness.
At GoDaddy, we believe that web security is of paramount importance. Every website should be protected from security threats. If you need help to secure your website, visit our website or speak to one of our friendly guides. We’re ready to get you started!
