Online crime will cost businesses $2 trillion in 2019. SME’s can’t afford to ignore the risk posed by DDoS attacks, ransomware, phishing, and cryptojacking.
Businesses can’t afford to ignore online crime. The average cost of SME security breaches has risen by 62 percent over the last five years. In 2019, online crime will cost businesses an estimated $2 trillion..The cost of combating online crime is far less than the potential cost of a successful attack. It is inexpensive and straightforward to mitigate the risk of the most common types of attack, but first you have to know where your business is most likely to be hit.
Distributed Denial of Service attacks have been overshadowed in the media by the up-and-coming attacks we’ll look at in a moment, but over the last year they have become larger, longer, and more sophisticated. Newly discovered vectors for launching amplified replication attacks have increased the amount of data attackers can send to victims. The use of open memcached instances is particularly worrying: a recent attack against GitHub using this vector broke the previous record, peaking at over 1.35TB per second. That record was broken soon after by an attack that measured 1.7TB per second. Businesses without a DDoS mitigation solution in place cannot hope to combat attacks of even a fraction of this volume.
Phishing attacks continue to be a major source of data leaks and security breaches. Phishing attacks use email to trick victims into installing malicious software, disclosing sensitive information such as login credentials, and even transferring money directly to the attacker by masquerading as a company executive.
While automated spam detection solutions can limit the impact of phishing attacks, the only real defense is training. Employees must be trained to identify phishing attacks and to understand the risk inherent in clicking on links in email.
Last year, tens of thousands of businesses and millions of individuals lost data or money because of ransomware. WannaCry, NotPetya, and Locky became household names. We have seen fewer high-profile attacks this year, but thousands of businesses have been the target of ransomware in 2018.Businesses should use a two-pronged strategy to reduce the risk of ransomware. First, they must stop ransomware entering their network by following security best practices and ensuring that all software is regularly updated. Second, comprehensive, automatic backups to a remote location remove the ability of attackers to extort victims in exchange for their data.
Cryptojacking uses malware to mine cryptocurrencies like Monero. When a malware infected web page is loaded by a browser, it uses the device’s resources to mine cryptocurrency coins.The growing prevalence of cryptojacking is one of the reasons that ransomware attacks declined slightly over the last year. It generates more money with less effort. In 2017, cryptojacking attacks increased by 8,500 percent. Most cryptojacking attackers use vulnerabilities in internet-facing software to compromise out-of-date or misconfigured web servers, eCommerce applications, and content management systems. Phishing attacks are another common vector. The best defense is to update software to remove vulnerabilities and to ensure that all software is configured by someone who knows what they are doing. The best way for SMEs and startups to defend their businesses against online crime is to understand the risks and take basic security precautions.