Bahamas Cyber Shield

By Leave a Comment

“So what is it, what does it mean?” The question stunned me for a brief moment.

I had stopped by a friend’s business, which is very successful with several branches here in Nassau, and had just finished explaining what my company Bahamas Cyber Shield did to her and her mom.I had stopped by a friend’s business, which is very successful with several branches here in Nassau, and had just finished explaining what my company Bahamas Cyber Shield did to her and her mom.

Bahamas Cyber shield provides cyber security awareness and training to employees of local businesses to help reduce their risk of successful cyber attack.

The question was completely unexpected. When you’re immersed in a field you tend to think that people understand the basics. But that is not always the case. So while those of us who do know talk and explain most people just nod their head and tune out. This is a problem.

This article will hopefully help you with the Basics

Included in this article;

What Is Cyber Security?

The word ‘Cyber’ refers to anything involving computers and computer networks (such as the internet). 

Cybersecurity then is the protection of computers and computer networks against digital attacks. Cybersecurity methods protect against the multitudes of digital threats that come to individuals and businesses. 

The need for cybersecurity is fueled by the threat of hackers that compromise important data and systems.

What Are A Hacker’s Motives?

Verizon, in their 2017 Data Breach Investigations Report, break down the motives of hackers in three wide categories of “Financial”, “Espionage” and “Fun, Ideology, or Grudge (FIG)”, here is how cyberattacks look over time:

4 Different Cyber Threat Actors

  1. Criminals: Cyber crime has overtaken the drug trade to become the most profitable illegal industry. Most criminals operate through phishing campaigns, using emails to get recipients to open attachments which then activate malware. 
  2. Hacktivists: Individuals or groups who target websites to damage an organization’s reputation. Their object may be to steal incriminating or embarrassing information, or simply vandalism. 
  3. State sponsored attackers: These attacks are aimed at stealing or manipulating an organization’s data by gaining sustained access to IT infrastructure. 
  4. Insiders: They  may be rouge employees out for revenge or profit. Others may simply be careless about cyber security. In all cases they put confidential information at risk. All employees need security training and checks on behavior to spot unauthorized computer use.Criminals: Cyber crime has overtaken the drug trade to become the most profitable illegal industry. Most criminals operate through phishing campaigns, using emails to get recipients to open attachments which then activate malware. 
  5. Hacktivists: Individuals or groups who target websites to damage an organization’s reputation. Their object may be to steal incriminating or embarrassing information, or simply vandalism. 
  6. State sponsored attackers: These attacks are aimed at stealing or manipulating an organization’s data by gaining sustained access to IT infrastructure. 
  7. Insiders: They  may be rouge employees out for revenge or profit. Others may simply be careless about cyber security. In all cases they put confidential information at risk. All employees need security training and checks on behavior to spot unauthorized computer use.

10 Cyber Security Stats You Should Know

  1. 70% of organizations say that they believe their security risk increased significantly in 2017. (Ponemon Institute)
  2. By 2020, the number of passwords used by humans and machines worldwide is estimated to grow to 300 billion. (SC Media)
  3. 43 percent of cyber attacks are aimed at small businesses. (Small Business Trends)
  4. The total cost of a successful cyber attack is over $5 million, or $301 per employee. (Ponemon)
  5. More than 4,000 ransomware attacks occur every day. (FBI)
  6. It is estimated there will be a ransomware attack on businesses every 14 seconds by the end of 2019, up from every 40 seconds in 2016. This does not include attacks on individuals, which occurs even more frequently than businesses. (Cybersecurity Ventures)
  7. 91% of cyberattacks begin with a spear phishing email, which is commonly used to infect organizations with ransomware.. (KnowBe4)
  8. 76% of businesses reported being a victim of a phishing attack in the last year. (Wombat Security)
  9. Verizon reports that users in the U.S open 30 percent of phishing all emails, with 12 percent of those targeted by these emails clicking on the infected links or attachments. (Verizon)
  10. Kaspersky’s Anti-Phishing system was triggered 246,231,645 times in 2017. The security company states over 91 million more phishing system triggers were set off in 2017 over 2016. (Kaspersky)

Why Small Businesses Are Targeted

While breaches at big corporations, such as Target and Home Depot, make the headlines, small businesses are still very much targets for hackers. Small businesses fall into hackers’ cybersecurity sweet spot: They have more digital assets to target than an individual consumer has but less security than a larger enterprise.

The other reason small businesses are appealing targets is that hackers know these companies are less careful about security. According to Towergate Insurance, small businesses often underestimate their risk level, with 82 percent of small business owners saying they’re not targets for attacks, because they don’t have anything worth stealing. 

4 Basic Cybersecurity Steps Every Business Should Take

Ready to protect your business and its data? These best practices will keep your company as safe as possible.

1. Keep your software up to date 

An outdated computer is more prone to crashes, security holes and cyber attacks than one that’s been updated. Hackers are constantly scanning for security vulnerabilities, and if you let these weaknesses go for too long, you’re greatly increasing your chances of being targeted.An outdated computer is more prone to crashes, security holes and cyber attacks than one that’s been updated. Hackers are constantly scanning for security vulnerabilities, and if you let these weaknesses go for too long, you’re greatly increasing your chances of being targeted.

2. Educate your employees

Cyber attacks are now the norm worldwide. Most cybersecurity experts say it is not “if” you will be attacked, but “when”.

Unfortunately hackers have figured out that the weakest link in any organization is the employees. therefore they are employeeing increasingly sophisticated social engineering attacks on employees to bypass technology methods.  To defend against these attacks organizations  must

  • Make your employees aware of the ways cyber criminals can infiltrate your systems
  • Teach employees to recognize signs of a breach
  • Educate employees on how to stay safe while using the company’s network.

Fortunately we offer Employee cyber security awareness and training to local organizations here in The Bahamas

3. Implement formal security policies 

Putting in place and enforcing security policies is essential to locking down your system. Protecting the network should be on everyone’s mind since everyone who uses it can be a potential endpoint for attackers. Creating a culture of caution and preventive practices will bolster your protection. Regularly hold meetings and seminars on the best cybersecurity practices, such as using strong passwords, identifying and reporting suspicious emails, and clicking links or downloading attachments.

Many companies enforce password policies that require employees to follow strict standards for creating passwords, such as including numbers, both uppercase and lowercase characters and symbols, as well as never using the same or similar passwords for different applicationsMany companies enforce password policies that require employees to follow strict standards for creating passwords, such as including numbers, both uppercase and lowercase characters and symbols, as well as never using the same or similar passwords for different applications

4. Practice your incident response plan

 IBM’s Henderson recommended running a drill of your response plan (and refining, if necessary) so your staff can detect and contain the breach quickly should an incident occur.

Ultimately, the best thing you can do for your business is to have a security-first mentality, Henderson said. He reminded small businesses that they shouldn’t assume they’re exempt from falling victim to a breach because of their size.

Cybersecurity Terms You Should Know

When talking about cybersecurity there are many terms that the average business owner will not be familiar with. In fact, reading this article you probably came across a few already. below is a list of terms and the plain english meaningWhen talking about cybersecurity there are many terms that the average business owner will not be familiar with. In fact, reading this article you probably came across a few already. below is a list of terms and the plain english meaning

Social Engineering – Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

Phishing

Perhaps the most commonly deployed form of cybertheft, phishing involves collecting sensitive information like login credentials and credit card information through a legitimate-looking (but ultimately fraudulent) website, often sent to unsuspecting individuals in an email

Spear Phishing:

This is a type of cyberattack with the goal of gaining access to a user’s account in order to impersonate them to others within an organization, usually with the purpose of tricking people into giving up personal information.

Trend Micro recently found that as many as 90% of targeted attacks resulted from spear phishing emails. One recommended defense strategy is learning to recognize the common tactics associated with spear phishing, such as social engineering (or social manipulation tactics), CEO fraud, and tax-related scams.

Vishing 

Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft.

SMiShing 

SMiShing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. SMiShing is short for “SMS phishing.

Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning. Below are several types of malware.Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning. Below are several types of malware.

Ransomware

Ransomware is a type of malware that infects your machine and, as the name suggests, demands a ransom. Typically, ransomware either locks you out of your computer and demands money in exchange for access or it threatens to publish private information if you don’t pay a specified amount. Ransomware is one of the fastest-growing types of security breaches. 

Virus

A type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. However, in more recent years, viruses like Stuxnet have caused physical damage.

Trojan horse

A piece of malware that appears to be a legitimate software and may even function as intended but often allows a hacker to gain remote access to a computer through a “back door”.

Worm

A worm is a type of computer virus that replicates itself in order to spread. Worms are harmful to their host networks because they consume bandwidth and overload servers, and they often contain “payloads,” or pieces of code that harm the host computer by stealing data and deleting files.

Other type of malware include viruses, worms, Trojans and spyware which you may be familiar with.

Other Terms

VPN:  

VPN, or virtual private network, is an encrypted connection that allows you to share sensitive data safely. As Cisco explains, there are two types of VPNs available for businesses: remote access and site-to-site. Remote access VPNs connect devices outside the corporate office. Site-to-site VPNs use dedicated equipment to establish connections between corporate and branch offices. Both options allow employees to transmit information securely using the network.

Cloud

A technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.

Bot/Botnet

A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder”.

Firewall

A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software-based.

Breach

The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.

Conclusion

Cyber attacks like crime or car accidents are now the norm. If you use computers and computer networks you can expect to be attacked. So it is not a matter of ‘if’ you will be attacked but ‘when’. The key is to be prepared and do everything you can reduce that risk as much as possible and mitigate the damage caused when you do get attacked. 

We here at Bahamas Cyber Shield believe that increasing your organization’s cyber security awareness and educating your employees is on of the most important things you can do.

Reach out to us using the form below to get your employees trained and protect your business

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.