Little Known Cyber Security Attack Vectors That SME’s Should Be Aware Of

When we’re on the internet, we’re under attack.  Most of the time we don’t notice it—either we’re lucky and fast enough to escape the attack unscathed, or we didn’t even notice that it happened.  In most cases, locks and protection only keep out the “honest” criminal.  All systems can be broken, so the cyber criminal’s strategy comes down to two questions: Is the information worth stealing? Is it worth more than the effort it takes to get it?

Time are changing; the cyber criminals are getting smarter, more daring and more focussed in everything they do.  You can’t afford to be oblivious.  Here are a couple of areas that they are using to target you.

Social media. We all have an account with one of the big five.  The use of smart devices has made it easier and more profitable for the bad guys to target you.  From lax security settings to malicious applications, we are all targets in one way or another.  To stay safe, remember that not everyone is your friend, in real life or online.  And after every update, check your security settings.

Job ads.  This is a new one:  Create a job ad on the internet, attach it to a fake “legitimate” web site, and ask for job candidates to put in their details.  What a great way to harvest information from the internet!  Before filling out a job application, check that the site is a legitimate one.  If it asks for social security or tax file numbers, passport numbers or your date of birth as a mandatory field, be careful.

Social engineering. This method has once again become a primary attack vector.  Whether someone is asking for access to your computer, your boss’s email, or your password, be careful with these types of requests.   These are all ploys to garner information about you or your company.  These could be people posing as legitimate employees or sub-contractors.  Do your due diligence, never give away your password, and never grant access to your computer to someone who you do not know.

Water holing.    A new concept that has only appeared in the last couple of months.  Ever seen the photos of game parks in Africa, how all the game animals in an area come down to a single drinking hole?  In a cyber-security sense, a “water hole” is a central (online) location where everyone in a business goes.   This can be the intranet or a portal.  The cyber criminals target this page and infect it with boutique malware—usually something that does not get picked up by anti-virus.  All users are then infected.

Spear phishing. This is a targeted attack on an individual, usually delivered to that person through email and created in such a way as to seem credible.  The credibility is achieved through social engineering, such as reading about someone on their social media profile.  Additional information from schools, universities, old jobs and company websites helps to achieve that credibility—that’s what gets you to open that email and click on the link.

These are just the newest and the most widely used attack vectors on the internet.  There are hundreds, if not thousands, of other ways for you to be targeted and attacked.  The only protection that most people have is common sense, paranoia and increased awareness.  Use them, and protect yourself.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply