Page 6 - Cyber Defense eMagazine - March 2018
P. 6
4 AREAS WITH A GROWING CYBER RISK OF DIGITAL
EXTORTION
by Derrick Rice, Principal Consultant, Asylas
In a world where it’s becoming the norm to use digital assets as a medium of exchange
and to see systems updating information as soon as it’s received, it’s no secret that our
digital footprints are growing exponentially. This growth in our online presence and our
reliance on online tools increases the cyber risk that your business can be taken out
entirely by a digital extortion attack.
Many attackers use ransomware as their weapon of choice, denying a business access
to its data and demanding a sum of money for its return. And, as the internet expands,
attackers are finding more ways to interrupt critical processes in hopes that it will force a
business into paying them off.
So, what new technologies are attackers targeting, and what can you do to keep your
business up and running? Here are some things to keep an eye on:
1. Phones: Now that you can share money and files away from your desktop,
computers aren’t the only devices you need to worry about protecting. Once a
hacker taps into your mobile phone, he can listen to your calls, read your text
messages and access your address book and apps. He can also guide you to
download malware that leads to a ransomware attack.
What can you do? Always be wary of what company information your
employees can access from their personal devices. If they store sensitive data or
files on their phones and later connect them to an unsecure network (i.e. a public
WiFi network), bad actors can access that information rather easily, steal the
data and demand ransom. Any personally identifiable information should only be
made available through your company’s secure network. Make sure employees
understand and are trained on these policies.
2. Social media: If an attacker gains access to your company’s social media
account or creates a fake account under a name similar to yours, he can do
instant and irreversible damage to your organization’s reputation. Attackers can
share fake information on behalf of your business, gain the trust of your clients
and followers and post sensitive information for the world to see, demanding a
hefty fee to give you access to the account(s). Once this information has been
shared, it’s difficult to remove from the public eye.
What can you do? Businesses should treat their social media accounts as if
they’re bank accounts. Set up two-factor authentication, create strong passwords
and limit account access to only a few employees. Monitor social platforms for
any fake accounts that may have been created in your company’s name, as
6 Cyber Defense eMagazine – March 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.