The Current Cyber Threat Landscape:

What Can Businesses and Consumers Do To Guard Against Attacks?

According to Verizon’s 2014 Data Breach Investigations Report, 63,437 security incidents, with 1,367 successful data breaches took place in 2013. Whereas an incident represents any type of malicious activity that compromises the integrity of a computer network. a breach means that information has actually been stolen or exfiltrated. The three most prevalent types of breaches were Web App Attacks (35%), Cyber-espionage (22%) and Point of Sale (POS) Intrusion (14%).

Information security company Trustwave looked at 691 breaches that transpired in 24 countries last year found that the majority of the victims (59%) of the victims resided in the United States. These attacks are insidious, infecting computer networks for an average of 243 days before discovery. Information security experts estimate that cyber attacks across the globe results in billions of dollars lost annually. Cyber crime and espionage is believed to cost of the U.S. $24 billion to $120 billion each year.

Presented with such daunting facts and figures, how do we break down the cyber threat into meaningful terms that can be understood by the average consumer or business owner?

The two most prevalent cyber attack methods are social engineering and vulnerability exploitation:

Social Engineering Exploitation — Cyber criminals will look you up on Facebook, Pinterset and other social networking sites to find out as much as they can about you. They will ascertain when your birthday is, where you live, and the names of your children and pets. Once they do this, hackers will send you e-mails appearing to be from friends or colleagues. This is known as a spear-phishing attack. The e-mail will contain links to seemingly innocuous websites, and if you click on the link, it is likely that you have downloaded keystroke logger or spyware malware onto your computer, leaving you completely vulnerable to the hacker. In a virtual sense, they will be able to see everything you do-read all of your e-mails, record your passwords, and look at anything else you have on your computer. They will help themselves to your financial data and personal information. Chances are you will not know about the exploit until you are notified by a bank or collection agency.

Vulnerability Exploitation — This involves the hacker sending a piece of malware out that will sniff out a weakness on an information technology system. There are a variety of exploitation toolkits available on the Internet, or criminals may simply hire a third party hacker. The malware contained in these toolkits is designed to seek out weaknesses on information technology systems. Exploits may arrive via compromised websites or by packets containing malicious code. Once this code is delivered to a computer system, the hacker is able to exfiltrate data at will. Vulnerability exploitations may target a person using their computer at home, or may be more sophisticated-designed to breach formidable business or government computer systems.

How can you protect your home or business computer system from cyber attacks?

It is critically important to apply the most up to date security patches available from your software provider, and use strong passwords. The Heartbleed virus is an example of a sophisticated vulnerability exploitation. Heartbleed is designed to seek out vulnerabilities that exist in most secure websites, and “bleeds” out ostensibly secure data. To guard against this virus and other types vulnerability exploitations, it is imperative for businesses to continually monitor network activity. This can be done by implementing physical security, limiting access to networks, implementing a strong password policy, encrypting data and training employees on what to do should a breach occur. If a company does sustain a breach, information technology professionals should work to mitigate, and should also notify law enforcement. It would also be wise to purchase a cyber liability insurance policy.

To prevent social engineering exploits, computer users should be mindful of what type of personal information they post on the Internet. This information is not only available to your friends and family, but may be seen by criminals as well. Posting too much information on the Internet is akin to giving someone you don’t know the key to your home. You should never download attachments or links contained in e-mails from unknown sources, and carefully monitor all activity on your computer server. Backup all files on your hard drive. If you find yourself the victim of a cyber attack, close all affected accounts, and notify one of the three national consumer credit reporting agencies ( Experian, Equifax or Transunion) and request that a fraud alert be established on your personal information.