Business Network Hacks − What You Need to Know
What does it mean to get hacked? And how might we mitigate cybercrime?
Hacking is unfortunately far from uncommon. By some counts, more than 2,200 cyberattacks occur per day, which means that one cyberattack occurs every 39 seconds.[i] These hacks carry a tremendous financial cost, with some estimates putting them as high as $6 trillion per year or $500 billion per month, $115.4 billion per week, $16.4 billion per day, $684.9 million per hour, $11.4 million per minute and $190,000 every, single, second.[ii]
The figures are mind-boggling and scary, which is why it is more important than ever to understand what can occur when a business network is hacked. Without grasping the basics, it becomes more difficult to assess your risk and start proactively protecting your company.
What is the origin of the term “hacking”?
The use of the term “hacking” in a computer science context began all the way back in the 1950s at MIT. In those days, hacking simply meant dealing “with a technical problem in a creative way.”[iii] It wasn’t until the late 1970s that hacking started to refer to illicit activity, a definition it retains to this day.
These days, hacking primarily revolves around the compromising of digital devices and networks. While there is “ethical hacking,” which focuses on improving security systems and keeping data safe, most is “black hat,” which means that it is often motivated by money, such as:
- Wanting to sell private network information on the black market.
- Obtaining access to sensitive information and then attempting to coerce victims into paying money.
- Desiring to obtain confidential data and use it for financial benefit.
- Holding data hostage until a payment is made.
How do hacks occur?
Typically, business networks are targeted through the multiple endpoints that are vulnerable to criminal activity. Just think about it. Every day, employees access business networks with numerous devices that may or may not be secure. But that’s not all businesses need to be concerned about. Similarly vulnerable areas include:
- Any cloud-related services
- Unsecured WiFi
- Malicious websites
- Email accounts
Hacks come in every shape and style
There is no “one way” that hacking occurs, which makes it important to cover the different variations of hacking to gain a more complete understanding of the threat landscape. Here are seven distressingly common strategies that cybercriminals routinely employ:
- Phishing: By far, phishing is one of the most popular forms of hacking today – in part because it is so effective. To better understand the prevalence of phishing, look no further than to recent data that shows 1 in 99 emails is a phishing email.[iv] There are several different types of phishing emails, such as:
- Malware delivery emails, where malware is unleashed if the email recipient clicks on a malicious link.
- There are also credential harvesting emails, where the sender will impersonate someone the recipient knows to get them to hand over sensitive information.
- Denial of Service (DoS): DoScyberattacks occur when cybercriminals make an online property or service unavailable by inundating it with requests. This attack will frequently result in your website crashing or becoming unusable.
- Spyware: Spyware involves malicious code being embedded to monitor email correspondence or worse. Keying (key-logging) to obtain passwords is just one example.
- Malware: You’ve likely heard of malware before – and for good reason. Referring to any computer virus, worm, trojan horse, spyware, ransomware, adware or other malicious software, malware has been sneaking into user devices and business networks since the beginning of the computer age.
- Brute Force Password Decoding: In this type of hack, finesse or secrecy go out the window. The cybercriminal simply attempts to force his or her way inside your devices or network through automated tools that seek to decode your network passwords.
- DNS Attacks: With Domain Name Server (DNS) attacks, cybercriminals utilize an elaborate strategy where they take domain names and transform them into IP addresses, which often results in the domain name server redirecting web traffic to fake websites controlled by the criminal.
- Social Engineering: Social engineering cyberattacks are exceptionally difficult to guard against because they focus on manipulating human attributes like empathy, fear and urgency to gain access to personal information or a corporate network. Phishing is one example of such an attack, but there are many others that fall into this bucket.
Are we powerless against hacking?
With such a wide range of illicit cyber activity, it can feel almost impossible to keep up. However, there are numerous things business owners and employees can do to protect themselves and reduce the possibility of harm or financial loss. From following password best practices, to keeping your systems updated, to deploying new techniques like security awareness training (SAT), even the smallest firm can dramatically increase its security posture. The situation is not hopeless. In fact, by following expert advice and remaining vigilant, we all have the power to reduce our risk profile and stay safe online in both our personal and professional lives.
We also encourage agents to continue to explore and implement best practices to combat cyber fraud. Download Alliant National’s white paper – Escrow Fraud/Social Engineering: Recent Schemes and Prevention Tips to begin your own internal assessment.
[i] Clare Stouffer, Norton, “115 cybersecurity statistics and trends you need to know in 2021,” 9 Aug. 2021, 115 cybersecurity statistics and trends you need to know in 2021 | Norton
[iii] ECPI University, “What is Hacking and Cracking in Cybersecurity?”, What is Hacking and Cracking in Cybersecurity? (ecpi.edu)
[iv] Michael Guta, SmallBiz Trends, “1 in 99 Emails is a Phishing Attack, What Can Your Business Do?,” 4 May 2021, Phishing Statistics: What an Attack Costs Your Business [INFOGRAPHIC] – Small Business Trends (smallbiztrends.com)