Threat Definitions: Name and Know the Enemy
What constitutes a cybercrime? The definition in common parlance is broad and vague, encompassing any crime that takes place online. SMBs face the following common threats:
- Phishing Scams consist of emails that cloak themselves in the logos and content of respectable, known companies. Criminals trick people into voluntarily resetting their passwords, thus disclosing their usernames and passwords.
- Worm-Based Ransomware travels through infected files. Users innocently download the file, which injects malicious code into their computer. The code activates a programmed sequence that threatens to expose the user’s activities or completely blocks access to their files until a ransom is paid.
- Other Ransomware acts similarly to worm-based ransomware, but may travel through different paths or block access to specific files, such as images or web browsers, until a ransom is paid.
- Malware Attacks threaten computer and software safety. These attacks exploit gaps in the operating system or software code. They inject viruses, spyware, trojans, or other code into computers to operate the computer remotely, spy on users, or disrupt operations.
- Denial of Service Attacks (DOS) make websites or computers unavailable to users. This crashes sites so that they cannot be viewed by customers, for example, by overwhelming host sites with requests for access.
Threats against your business and may expand beyond the scope of these five common definitions. Most SMBs face one of these five types of threats. When your find an attack you should respond immediately. If the attack occurred on the cloud, you should immediately turn off your computers and close down the cloud and let your cloud provider know of the situation. They will then turn off their servers to isolate the attack. Small business owners should train their employees not to open any suspicious emails or give away any passwords. Emails are an easy common worm based ransomware to allow the attack into your cloud system which gives access to the data. Attacks always vary on size and ability so the downtime cannot be certain, but with proper knowledge given before the attack occurs the attack can be reduced or eliminated by never opening the suspicious email or giving out the password.
Stay tuned in our Cybersecurity series for the continued post.