Cyberattacks pose an increasing threat to small businesses and South Africans.
ALSO READ: Safer Internet Day celebrated
More than four hundred million people worldwide have been victims of cybercrime in their lifetime, including 328.5 million in the 12 months preceding May 2021 alone.
Cybercrime is predicted to cost R2.2bn annually, and South Africa has the third-highest number of victims in the world.
According to a recent SBA survey, 88% of small business owners believed their company was susceptible to a cyberattack.
However, many organisations cannot afford expert IT solutions, have limited time to spend on cybersecurity, or may not know where to begin.
“Small firms are desirable targets because they possess information that hackers covet, and they generally lack the security infrastructure of larger businesses,” says Karl Molchin, managing director of SevenC.
“It is crucial that small firms learn about typical cyber dangers, determine where your firm is vulnerable, and take measures to strengthen your cybersecurity.”
What is a cyber attack?
“The internet has brought about a tremendous transformation in our lives, but protecting your data is an enormous challenge,” said Molchin.
ALSO READ: Take a stance against cyberbullying
“When a third-party gains unauthorised access to a system or network, this is referred to this as a “cyberattack”. Cyberattacks have multiple detrimental repercussions.
“An attack can result in data breaches, leading to data loss or manipulation. Organisations face financial losses, customer trust is diminished, and their reputations suffer harm.
“Cybersecurity is the practice of protecting networks, computer systems, and their components from unauthorised digital access.”
There are numerous types of cyberattacks. This includes the following:
Malware refers to malicious software viruses, such as worms, spyware, ransomware, adware, and trojans. The trojan infection masquerades as legal software.
Malware infiltrates a network via a vulnerability. Malware is spread when a user clicks on a malicious link, downloads an infected email attachment, or uses an infected flash drive.
• Phishing attempt
Phishing attacks are one of the most prevalent and pervasive types of cyberattacks.
It is a form of social engineering in which an attacker poses as a trusted contact and sends the victim phishing emails.
Unaware, the victim opens the email and clicks on the malicious link or opens the attachment.
By doing so, attackers obtain access to sensitive information and account credentials.
• Password attack
It is a type of attack in which a hacker breaks your password using numerous programmes and password-cracking tools.
There are a variety of password attacks, including brute force attacks, dictionary attacks, and keylogger attacks.
• Man-in-the-middle attack
MITM is also known as an eavesdropping attack. In this attack, an attacker intercedes in a two-party conversation, stealing the session between a client and host. In doing so, hackers steal and modify data.
• Structured query language
A SQL injection attack happens when a hacker manipulates a regular SQL query on a database-driven website.
It is transmitted by injecting malicious code into a susceptible website’s search field, causing the server to disclose sensitive data.
This allows the attacker to read, change, and destroy database table data. Through this, attackers can also obtain administrative privileges.
• Denial-of-service attack
This attack poses a huge threat to businesses. Attackers flood systems, servers, or networks with traffic to deplete their resources and bandwidth.
ALSO READ: OPINION: Local eateries going digital now at risk of cybercrime
When this occurs, the servers become overwhelmed by the incoming requests, causing the host website to either go down or slow down. This leaves real service requests unattended.
• Internal threat
Small organisations are vulnerable to insider threats since their employees have access to several data-containing accounts.
This type of attack can be motivated by avarice, malice, or even carelessness. Insider threats are difficult to predict and thus problematic.
Cryptojacking occurs when an attacker utilises a victim’s computer to mine cryptocurrency. The access is achieved through infecting a website or convincing the victim to click on a malicious link.
• Zero-day vulnerability
This attack occurs after disclosing a network vulnerability. In most circumstances, there is no remedy for the issue.
Therefore, the vendor alerts users of the vulnerability and this information also reaches the attackers.
• Watering hole assault
The victim, in this instance, is a specific group within an organisation or region. In such an assault, the attacker targets websites often visited by the target audience.
Either by closely observing the group or by guesswork, websites are identified.
The attackers then infiltrate these websites with malware, infecting the victim’s PC. In such an assault, the malware targets the user’s personal information.
Here, it is also feasible for the hacker to gain remote access to the compromised machine.
How to prevent cyberattacks
SevenC looks at 10 ways in which you can adopt to avoid a cyberattack.
• Change your passwords frequently and use complex alphanumeric passwords that are tough to decipher. Do not reuse the same password.
• Regularly update your operating system and programmes to eliminate weaknesses that hackers commonly exploit and utilise reliable and legitimate anti-virus software.
• Install a firewall and other network security solutions, such as intrusion prevention systems, access control, or application security.
• Avoid opening emails from unknown senders.
• Frequently back up your data. According to SevenC, it is optimal to have three copies of your data on two different media types and the fourth copy in an off-site location (Cloud storage).
Therefore, even during a cyberattack, you can delete your system’s data and restore it from a recent backup.
ALSO READ: Online safety for your child
• Employees should be knowledgeable of cybersecurity best practices. They must understand the various forms of cyberattacks and how to defend against them.
• Utilise two-factor or multi-factor authentication. Two-factor authentication requires users to give two distinct authentication factors to validate their identities.
• Utilise a virtual private network (VPN). This ensures that the traffic between the VPN server and your device is encrypted.
• Secure your Wi-Fi networks and avoid using public Wi-Fi without a VPN.
• Protect your mobile device, as mobiles are also targets of cyberattacks. Install applications from only reliable and authorised sources, and keep your device updated.