Cyber attacks on small and midsize enterprises have increased in recent months as larger companies improved their security measures, making them harder to target.
According to security experts, SMEs became an easy target during the Covid-19 pandemic, with cybersecurity firm Cyfima reporting a 280 per cent increase in violence aimed at SMEs in the last ten months.
“Given that a percentage of these SMEs work to large government and corporate organisations, large cybercriminal organisations or state-sponsored gatherings are targeting them as well. In addition, malicious hackers use SMEs to gain access to large corporations.”
Six cyber-attacks that can harm your business.
An attack by ransomware
Ransomware dates back to the early late 1980s and has grown into a multibillion-dollar industry. It works by encrypting a victim’s sensitive data and holding it for ransom after preventing them from accessing it.
As per itgovernance.co.uk, 61 million documents were violated in the UK in August 2021 alone, resulting in 84 incidents.
Malware attack
Malware refers to programmes that steal, encrypt, remove, modify, or hijack user information, such as worms, computer viruses, Trojan horses, and spyware.
A phishing scam
Did you know that phishing accounts for up to 32% of all data breaches?
Phishing is a type of social engineering in which a hacker uses SMS or email to trick users into clicking an including more or clicking a malicious attachment.
Injection of SQL data
SQL injection is a type of attack that uses malicious code to attack data centres that store sensitive information for websites. Servers who store personally identifiable information (PII) such as credit card information, screen names, and passcodes are particularly vulnerable.
Password heist
Despite its widespread use, people are still vulnerable to the oldest cyberattack: the password attack. Another of the purposes it is still so common is because of its simplicity. Hackers obtain weak passwords that unleash valuable internet accounts using standard hacking tools.
Shareware is commercial software that’s given away for free to consumers. It is usually distributed as a bonus software to entice users to purchase the parent software. Shareware is generally safe, but it can be dangerous at times.
India’s most significant data breaches
The data breach at Air India highlights the dangers of relying on third parties.
Date of occurrence: May 20, 2021
The personal information of 4.5 million tourists around the world is in jeopardy.
Details: Passengers’ personal information was leaked due to a cyberattack on the systems of airline data network operator SITA. The data was collected in August 2011 and February 2021, when SITA notified the airline. Passengers didn’t learn about it until March, as well as the full details of what happened, didn’t come out until May.
Singapore Airlines, Lufthansa, Malaysia Airlines, and Cathay Pacific were all impacted by the cyber-attack on SITA’s passenger rail system.
- CAT thief strikes again, this time exposing the personal information of 190,000 applicants on the dark web.
Date of occurrence: May 20, 2021
Personal information of 190,000 CAT applicants
Details: 190,000 candidates’ personal information (PII) and diagnostic testing for the 2020 Prevalent Admission Test, used to select applicants to the Indian Institutes of Management (IIMs), were spilt and sold on a cybercrime forum. The leaked dataset revealed names, birth dates, email IDs, phone numbers, address details, applicants’ 10th and 12th-grade results, bachelor’s degree details, and CAT percentile scores.
The figures come from the CAT investigation on November 29, 2020, but the same yarn actor also leaked the 2019 CAT examination database, according to security and intelligence firm CloudSEK.
- Following a breach report, the trading software Upstox resets passcodes.
Date of occurrence: April 20, 2021
Passwords for all Upstox customers were reset.
Details: Upstox, an Indian bitcoin exchange, has admitted a breach of know-your-customer (KYC) data. Financial services companies collect KYC data to verify their customers’ identities and prevent fraud or money laundering. However, hackers can use KYC data to steal sensitive information.
After receiving emails alerting that connection data and KYC details kept in a third-party database system had been compromised, Upstox told the customer on April 11 that this would reset their passcodes and take both these precautions.
Customers apologised for the inconvenience, and Upstox sought to reassure them that the incident had been reported to the appropriate authorities, that security had been enhanced, and that its bug bounty programme had been boosted to encourage ethical hacking to stress-test its systems.
- The police exam database, which contains information on 500,000 candidates, is being sold.
Date of occurrence: February 20, 2021
500,000 Indian police officers are affected.
Details: On a DBMS sharing forum, the personally identifiable information of 500,000 Indian police officers was put up for sale. The data was traced back to a police exam on December 22, 2019, according to threat intelligence firm CloudSEK.
CloudSEK received a sample of the data dump containing the information of 10,000 exam candidates from the seller.
According to the information provided by the company, the leaked data included the exam candidates’ full names, phone numbers, email addresses, dates of birth, FIR records, and criminal histories.
According to further investigation, a large percentage of the leaked data belongs to Bihar applicants. By matching phone numbers with candidates’ names, the threat-intelligence firm confirmed the truthfulness of the breach.
What causes these attacks?
Trying to prevent threats is much easier in an office setting, where data is monitored and internet access is limited by its information systems (IT) policies. When that welfare state is deleted, many systems become vulnerable, which hackers take advantage of precisely.
The rapid adoption of work-from-home policies forced businesses to leave their comfort zones and move to a less secure environment that couldn’t be as closely regulated as to their office buildings.
You are only as strong as the weakest link, which is especially true in the case of cyber security. Most attacks aren’t complicated; they rely on exposing and exploiting weaknesses you may not even be aware of.
How can we put a stop to these attacks?
It should be self-evident that we need to invest in a more secure infrastructure. When taken out of a controlled environment, such as an office, what works in that environment is vulnerable to attack.
We need more capable IT leaders to take the reins. We need to adopt better practices and guidelines to keep our systems safe from a potential attack; we need to adopt better rules and policies.
There isn’t a foolproof way to avoid data breaches. We should be ready for anything that may occur.
It’s also past time for legislators to take things more seriously and better understand the technologies they’re enacting legislation for. Our IT Act hasn’t changed much since it was passed serves as a cautionary note.
When it comes to internet security, we need to go back to the fundamentals and learn from mistakes. We need to pinpoint our meaningful data clusters and concentrate on the threats affecting businesses worldwide.
Indian IT needs to return to the drawing table and develop detailed, workable solutions across different platforms and devices. It doesn’t assure you won’t be hacked, but it will help you sleep better at night knowing you did everything that you could.