First, what is a cyberattack?
A cyberattack is an assault on your network. The intention could be to disrupt your business, extort money or use your data for other purposes. Here are the most common types of a cyberattack:
Software that is installed (usually mistakenly) allowing an attacker to take control of your computer. Commonly packaged with hacked software installers or exploits using well known 3rd-party support tools.
These attacks require a user to enter their details into what looks like a legitimate website. These forms collect the details entered, from credit cards through to personal information which is then sold on the dark web (the internet’s version of the black market)
Often known as crypto locker type attacks, these are usually some form of a virus that has encrypted your data and demands a ransom to unlock said data. Recent attacks have included the Lion Breweries and Toll Transport. You can read the articles here:
Other ransomware includes blackmail to prevent the release of data onto the dark web. You pay the ransom or blackmail bribe and your data isn’t released. Hint: It will be anyway.
Denial of Service
Also known as a Distributed Denial of Service (DDoS). DDoS is a coordinated attack on your network to prevent things from working. In the early 2000s, a virus called Conficker caused slowdowns within networks whilst propagating through a security vulnerability.
Recently the New Zealand Stock Exchange suffered such an attack. You can read about that denial of service attack here: https://www.stuff.co.nz/business/industries/300113321/publiclylisted-companies-face-cyber-attacks
What is at risk in a cyberattack?
Simply put, your data and reputation is at risk.
Your data at risk
Your confidential and business data is at risk when you experience a cyberattack. This data may include intellectual property, trade secrets or client databases. Your data may also include information you don’t want in the public domain, such as personal information of employees, contractors or your family.
Your reputation at risk
Once data is leaked, you have a bigger mess to clean up – trust. Trust of your employees, clients and customers and trust of your business partners, suppliers and contractors. Many companies suffer financial losses due to the initial impact and because their customers no longer trust you to look after their data.
What can you do to minimise a cyberattack?
Keeping your software up-to-date, including all system and security updates, is the first thing you can do to keep your business data safe. Ensuring you have a reliable antivirus and security software installed will minimise the exposure area (the part of your network that is easy to gain access and control of). A well-configured firewall or security appliance will help keep attacks to a minimum, and in some cases, can mitigate attacks by limiting bad-looking traffic.
Can cyber-insurance help?
Cyber-insurance is the ambulance at the bottom of the cliff. That is not necessarily a bad thing, but you’ll need it if you have an attack. This insurance coverage helps cover the extra costs of “cleaning up the mess and fallout” from a cyberattack.
Prevention is better than cure
Minimising your risk by managing your IT risks is far cheaper and easier than dealing with the mess. We’ve spoken to a few companies that were grateful they had good backups and managed IT support because they would have had no business without them.
The fallout in one case was an ERP system’s database that got encrypted. There is no way they could have re-entered data for 10,000’s of products and continued running their daily operations without a recent backup of the data. The mess was still half a day of lost productivity, but it was nothing compared to having lost a several million-dollar business overnight.