Only last year there were a string of cyber attacks over the holidays. Businesses big and small were hit, exposing millions of customers’ personal details. Hospitality company Marriott’s Hotels suffered a massive data breach that exposed the private data of 500,000 guests, including passport and credit card numbers.1 Q&A platform Quora announced one of their systems was hacked, leading to the exposure of approximately 100 million user’s data to an unauthorised third party. And even Apple removed two malicious iOS apps that had tricked users into approving TouchID payments via misleading popups.2
Closer to home, the Office of the Australian Information Commissioner (OAIC), reported 83 notifiable data breaches for December, with a large percentage attributed to malicious or criminal attacks.3
This Christmas when online trading peaks, it isn’t expected to be any different, which begs the question – is your business prepared for what’s to come, or could you be at risk of a data breach?
According to cybersecurity experts, hacking is a seasonal business. While there are still opportunistic attacks throughout the year, hackers typically target businesses at times when they anticipate their resources to be spread thin – and therefore, their defences to be lowered.
For businesses that operate over the Christmas period, such as a retailer or hospitality business, this can be a frightening concept. Thousands of transactions are happening every day from legitimate customers, making it harder to spot the illegitimate attacks – and leading to situations similar to what Marriott’s Hotels experienced last year.1
But it’s not any less concerning for businesses that do shut down for the holidays. Head of IT Services at Spirit, Jason Munso adds, “Over Christmas, hackers are aware there is a lot going on for businesses, especially SMBs. As they’re either shutting down or running a skeleton crew, they often don’t have the resources to monitor things properly, which means they’re more likely to let things slide through the cracks. This is exactly the vulnerability that these cybercriminals are looking to exploit.”
Types of Data Breaches
So, how do they do it? There are several types of cyber-attacks that your business could face – not just at Christmas, but at any time of the year. Below are some of the more common ones we see.
A phishing attack is the practice of sending emails that appear to be from a trusted source, with the goal of gaining personal information or influencing employees to do something. It could involve an attachment in an email that loads malware onto your computer, or it could be a link to a fake website that may trick you into downloading malware or handing over your personal information.
Most people these days are familiar with phishing – but you’d be surprised how frequently people still fall for these attacks despite the knowledge of what they are. The OAIC reported that between October and December 2018, 43% of notifiable data breaches were attributed to phishing.3
Jason Munso also adds, “Phishing is becoming more sophisticated. For example, we recently caught some emails that were mimicking a CEO’s email address. The email was sent to the CEO’s PA asking to send credit card details, the excuse being he was planning a surprise for the team. This type of attack is far more targeted and easier for businesses to miss when they’re working through the busy Christmas period.”
Man-in-the-middle (MitM) attack
A MitM attack occurs when a hacker inserts themselves in the middle of the communications between a client and a server. There are several ways this can be done, one of the most common being session hijacking. In this case, a cyber attacker hijacks a session between a trusted client and network server.
Put simply, if you work in an office, a hacker could either gain control of your Wi-Fi, or disconnect it and replace it with their own signal. Once this is done, all of your office’s Internet traffic is going through a hijacked connection, making it easy for the hacker to expose your company’s data.
In this type of attack, cyber criminals look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages. This script might install malware directly onto the computer of someone who visits the site, or it might redirect the victim to a site controlled by the hackers.
A drive-by can take advantage of an app, operating system or web browser that contains security flaws due to unsuccessful updates or lack of updates. And unlike many other forms of cyber security attacks, it doesn’t rely on a user to do anything to actively enable the attack – you don’t have to click a button or open a malicious email attachment to become infected.
While some websites with malicious code can be spotted from a mile away, it’s important to note that websites you trust can also become infected if their security isn’t up-to-date – even your own company’s can be at risk. This is particularly concerning for eCommerce, SaaS businesses or any company where their website is linked to their CRM, as it gives hackers clear access to customer data.
Signs Your Business is at Risk
So, how do you know if your business is at risk? There are some signs you can look out for, that you don’t need to be an IT expert to recognise. Below are some of the most common.
Unusually slow Internet or devices
While most of us have experienced slow Internet at times (unless you’re using our Sky-Speed fixed wireless Internet, of course!), if it’s unusually slow or only affecting certain devices, it’s definitely something that should be investigated immediately.
A slow network or devices can be a sign of malware, viruses or suspicious outbound traffic. The quicker it’s looked into, the more likely you are to prevent a data breach. And the good news – if you’re wrong and it’s simply a fault with the Internet, the quicker that can be fixed too.
Locked user accounts
If you’re suddenly unable to access your accounts using your credentials, it could be a sign that a cybercriminal has already compromised your account and locked you out. This can lead to a significant data breach if appropriate user permissions, password management and two-factor authentication processes aren’t being followed.
For example, if everyone in your organisation has the same level of access to a particular platform, even though it may not be necessary for everyone, this provides a lot of potential entry points for a hacker, increasing your company’s level of risk. And if the person who has been compromised used the same password for everything (or worse, everyone in your company uses that same password), the potential for damage increases drastically.
Abnormal user activity
Did an employee log into a platform at an unusual time? Did they access files that they have no reason to? It’s important for businesses to view all employee activity with a healthy dose of suspicion. While the activity could be legitimate, it could also be signs of an internal data breach – or a compromised account from a cyber attacker.
Critical file changes
Once a cybercriminal has gained access to your network, they may modify, change or replace critical system files in an attempt to prolong detection. These changes may occur very rapidly – often within minutes, or less.
Large organisations typically experience changes to critical files on a daily basis (especially those with complex IT infrastructures), which is why it’s important to be actively monitoring these changes. This ensures any negative or unusual changes will trigger a notification. Without this monitoring in place, a data breach may go completely undetected by your business.
Stay Secure this Christmas
‘Tis the season for hackers – but it’s also a great time to review your cyber security. If you’re concerned your company may be at risk of a data breach, it’s recommended that your IT team review your security as soon as possible.
For businesses that need help, at Spirit we supply Managed IT Services for SMBs, providing the active monitoring and security systems you need to keep your data secure. Get in touch with one of our specialists today to learn how we can support your business.