Maybe you have heard of SaaS (Software as a Service), as an easy way to deliver software application services to businesses. According to The Hacker News, it seems that hackers have also adopted this model to make malware more affordable and readily available. For as little as $7.00, wannabe hackers can purchase malware that is designed to steal credentials. In addition, that stolen personal data can be purchased for as little as $10/record. If that isn’t scary enough, the FBI reported that “Internet crime led to losses in excess of $1.3 billion USD in 2016.” (F.B.I. IC3. 2016 Internet Crime Report) The results of the Ponemon institute study “found the average cost of a data breach in Canada to be C$5.78-million, with an average cost of C$255 per lost or stolen record.”
Cybercrime is big business, with hackers looking for big payoffs. With the recent news surrounding the breaches at Deloitte and Equifax, it’s a business that does not show any signs of slowing down. The FBI Internet Crime Report research has shown that “More than 40,200 domestic and international incidents occurred between October 2013 and December 2016 with an exposed dollar loss of more than $5 billion.” According to time.com, Wall Street says losses in the Equifax breach have already reached $4 billion.
So what is a business to do to avoid becoming the next newsworthy breach victim?
- Avoid phishing and social engineering attacks by better training your staff. Ensure your workforce knows how to recognize these kinds of attacks to avoid losses.
- Employ patching best practices. It's best to be fully patched on the programs most likely to be exploited versus trying unsuccessfully to be fully patched on all software programs. There are many Managed Services Providers (MSPs) that can help a company track the vulnerabilities that come from unpatched software and help prioritize the process to save time and money.
- Stay on top of Advanced Persistent Threats (APT). A very popular method is for APT attackers to send a specific phishing campaign -- known as spear phishing -- to multiple employee email addresses. The phishing email contains a Trojan attachment, which at least one employee is tricked into running. Most malware is delivered this way.
- Visit uzado.com to learn more about how Uzado can help your business stay on top of these threats.