fbpx

Cybersecurity Information

The ongoing and increasing threat of cyber-attacks on your business is real. Financially, these attacks cause billions of dollars of damage a year in denial of service, theft and security costs. They can also cause reputational damage to a business, its leaders and its customers. Experts say up to three quarters of U.S. companies are vulnerable. GENLED Brands has been the victim of two such attacks in the last year alone. In an effort to help our partners and customers, we’ve prepared this primer on cyber-attack awareness.

Here are the five main types of cyber-attack:

MALWARE

“Malware” — malicious software — is a program or code created with intent to harm a computer, network or server. It is the most common cyberattack, encompassing categories such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, and any type of malware that leverages software in an attack.

DENIAL OF SERVICE AND DISTRIBUTED DENIAL OF SERVICE (DoS & DDoS)

A denial-of-service attack uses one system to flood a network with false requests that disrupt business operations. This keeps users from performing routine tasks, such as accessing email, websites and online accounts operated by a compromised computer or network. While most DoS attacks do not result in lost data, they can cost an organization time and money to restore critical business operations. Distributed denial of service attacks are similar but are launched from multiple systems. DDoS attacks are more rapid-fire and difficult to block because multiple systems must be identified and neutralized to stop an attack.

SPOOFING

Spoofing is when a cybercrook disguises themselves as a trusted source to engage with a target and access their systems or devices without their knowledge. The end goal? Stealing information, extortion or malware installation. Spoofing takes advantage of the “urge to click” — a trigger that tricks an employee to let in a hacker. This type of “brand hijacking” attack has been used to target many large companies, including Facebook, PayPal and Netflix. Spoofing can include fake domains, emails and address resolution protocol (ARP) attacks that reroute a device so it sends information to the hacker instead of the intended recipient.

 

PHISHING

Phishing uses email, phone, SMS or social media to employ social engineering techniques that entice a victim to share sensitive information — like passwords or account numbers — or to download malicious files that install viruses on phones or computers. Scammers have mastered social engineering. Phishing attacks include malicious email, fraudulent text messages seeking passwords and bogus voice messages and calls.

CODE INSERTION/INJECTION

In a code insertion attack, the hacker injects malicious code into a computer or network. These attacks include supply chain attacks that target third party vendors; social engineering attacks that can entail compromised emails, quid pro quo (bribery) offers and even honeytraps; or AI-powered attacks that utilized deepfakes and AI-generated social engineering to access a network or steal information. AI tools have, for instance, made it easier for hackers with no English skills to generate sophisticated hacking campaigns.

PROTECT YOUR COMPANY

Unfortunately, today’s interconnected world requires a comprehensive cybersecurity strategy for most businesses. Securing your organization’s digital assets reduces the risk of theft, destruction or even the need to pay ransom for control of your company data or systems. Having a plan can help you quickly remedy a corporate systems attack. And by deterring hackers, you protect your own brand’s reputation.

  • Secure workloads: Failsafe any critical areas of enterprise risk, including cloud work product, identity information and customer data.
  • Have a plan: Companies of all sizes should have a speedy security team with a planned response to various threat levels, including automated detection, investigation and response workflows.
  • Trust no one: The global economy means data is accessible almost anywhere at almost any time. Compromised data – names, addresses, phone numbers, account numbers — is a potential gold mine to hackers.
  • Clean desk policy: In addition to being tidy, a “clean desk” policy in the office ensures that any documents with potential data, email addresses, passwords, etc., are locked away at the end of any shift.
  • Train your employees: As cyber-attacks evolve, companies can’t rely solely on technology – they need their employees to help create a human firewall. Practice makes perfect. Many large employers employ training that teaches employees what not to do by testing them with things like spoof practice. Train employees so they don’t download suspicious apps and aren’t tricked into navigating to infected or malicious websites.

7 USEFUL CYBER SECURITY LINKS

Federal Trade Commission (U.S. government)
https://www.ftc.gov/business-guidance/small-businesses

U.S. Small Business Administration
https://www.sba.gov/business-guide/manage-your-business/strengthen-your-cybersecurity

Cyber Aware (UK government)
https://www.ncsc.gov.uk/cyberaware/home

Australian Cyber Security Centre (Australian government)
https://www.cyber.gov.au/

Get Cyber Safe (Canadian government)
https://www.getcybersafe.gc.ca/en

National Cybersecurity Alliance (U.S. non-profit)
https://staysafeonline.org/resources/

Google Safety Center
https://safety.google/security/security-tips/