Think a baby monitor leading to a widespread cyberattack sounds more like a television show than real life? Think again. The recent cyberattack that prevented access to major sites, including Twitter, Netflix and Spotify, could be coming to a computer near you.
The increasing sophistication of computer hackers and their methods means they are constantly taking new and different routes to attack computer networks.
“DDoS [Distributed Denial of Service] attacks have become more frequent. Due to the massively deployed secret botnets—malware running on computers all over the globe—hackers can release DDoS attacks against any target for a very low cost,” says cybersecurity expert Gary Miliefsky, CEO of SnoopWall. "Most new Internet of Things devices, from Smart TVs to baby monitors to your home wireless router, have weak operating systems, weak encryption and are easily infected with botnet code used en masse to perform these kinds of attacks.”
Cyberattacks Have Become More Sophisticated
“Hackers have learned that you don't always have to attack directly to disrupt access to one or more e-commerce sites,” says Ronald Nutter, author of The Hackers are Coming…How to Safely Surf the Internet. “The recent attack involving Amazon and other sites involved an attack on a specific server providing DNS [Domain Name Server] resolution. The attack didn't directly affect the servers providing the content, but it effectively accomplished the same result. Since the latest breach involved a DDoS type of attack, it presented an additional challenge, because the source of the attack was coming from multiple locations at the same time.”
[pullquote showtweet="false" username="Eric Biderman" alignment="center"]In addition to the cost and effort associated with identifying the cyberattack and managing the effects of it, the potential damage to the business's reputation among customers and potential customers [is just as disruptive].
—Eric Biderman, counsel, Arent Fox LLP[/pullquote]
The higher the profits, the more sophisticated hackers become, notes Nick Nascimento, founder of the IT services company, Sentage Systems. He is trained as a HIPAA Privacy and Security Expert.
“The new world of cyber criminals is more organized and actually composed of big businesses and groups that work together as well or even better than any legitimate business,” says Nascimento. “Hacker tools have become much stronger and their resources have begun to match and in some cases exceed the resources we use to fight them. It is truly a race. Along with the Pros [out for financial gain], we have to deal with all the “one uppers,” who create and post their tool on the internet right along with full instruction and even hosting options.”
Cyberattacks Can Be Potentially Disastrous
“The recently launched [attack] caused unknown dollar damage,” says Nascimento. “I have personally seen a DDoS attack cost an online electronics retailer an estimated $126,000 in sales in just half a day as it crippled their online catalog. Our company specializes in protecting medical and financial information, which is undergoing pressure every day. A breach in these areas and the resulting fines and penalties can put a company out of business.”
Cyberattacks can be damaging for businesses on multiple levels, adds Eric Biderman, counsel for law firm Arent Fox LLP. “In addition to the cost and effort associated with identifying the cyberattack and managing the effects of it, the potential damage to the business's reputation among customers and potential customers [is just as disruptive]. [They] may no longer feel confident that their personal information is safe with the business.”
4 Steps to Help Protect Your Company from Cyberattacks
As a business owner, you can be the first line of defense when it comes to protecting your company against cyberattacks. Consider the following steps to preventing hacks in the first place.
Adopt a company-wide security policy. Very few companies plan a defense against cyberattacks. This is a mistake, believes Nascimento. “Have a set of security measures to protect your data, such as in the area of verbal communication and confirmation. A majority of penetrations we see are emails that are opened by employees, who admit after the fact that they thought things looked a little strange, but they opened the suspect emails anyway, and it was too late. A protocol that requires employees to call one another to confirm if an email has been sent asking for sensitive information can prevent a hack.”
Secure and update. “In order to succeed, mass attacks require that millions of users fail to keep their machines and networks secure and updated,” says Nascimento. “Stop hackers in their tracks with regular deep scans for malware, viruses and rootkits.”
Be proactive. “Harden your network by removing vulnerabilities, patching your system and start using real-time backups and real-time encryption everywhere,” says Miliefsky. “If we were all to do this, breaches would fail to cause damage or steal valuable information. Also audit your devices for common vulnerabilities and exposures (CVEs) and get a patch or reconfigure them to remove their holes before they become part of botnets. Look up your equipment on the U.S. government's national vulnerability database to see what holes the equipment might have and for instructions to fix any problems.”
Purchase cyber-insurance. To protect your company from economic harm in the event a breach does occur, consider purchasing cyber-insurance, suggests James Westerlind, counsel with Arent Fox LLP.
“A good cyber policy would provide first-party coverage to fix the company's system [if it was damaged], as well as cover the losses of profit caused by the company's system becoming inoperable as a result of a DDoS attack.”
When choosing a cyber-insurance policy, Westerlind advises that business owners consider the self-insured retention, sub-limits and policy provisions that specify how long the service denial must occur and the percentage of network unavailability that must result for coverage to apply.
Read more articles on digital tools.
The information contained in this article is for generalized informational and educational purposes only and is not designed to substitute for, or replace, a professional opinion about any particular business or situation or judgment about the risks or appropriateness of any financial or business strategy or approach for any specific business or situation. THIS ARTICLE IS NOT A SUBSTITUTE FOR PROFESSIONAL ADVICE. The views and opinions expressed in authored articles on OPEN Forum represent the opinion of their author and do not necessarily represent the views, opinions and/or judgments of American Express Company or any of its affiliates, subsidiaries or divisions (including, without limitation, American Express OPEN). American Express makes no representation as to, and is not responsible for, the accuracy, timeliness, completeness or reliability of any opinion, advice or statement made in this article.