NLB Blog

While there are myriad online threats to businesses, organizations and governments, ransomware is by many metrics the worst right now. Other kinds of attack can have personal fallout, but for destructive impact on its targets ransomware is dominant, and for that reason one of the most lucrative for the attackers that deploy it.

Spoofing is a method commonly used by hackers across a wide range of cyberattacks including but not limited to phishing, social engineering, ransomware, and business email compromises. While the techniques and technology can vary, spoofing allows a hacker to alter their identity to appear to be a trusted source, such as a co-worker, relative, or secured online service.

Business email compromise (BEC), also known as “CEO fraud,” “W2 fraud,” or email account compromise (EAC) is a more targeted and damaging form of phishing, where the primary attack vector is to either hijack or “spoof” the email account of an executive or other position of power within a company or organization. The end goal is typically to convince an employee of the company to wire money.

Social engineering is a comparatively low-tech method of cyber attack where a hacker or scammer will use deception to coerce or otherwise manipulate their target into providing information that can be used in a data-related crime. While there is some overlap between phishing and social engineering, one of the main elements specific to social engineering is that it targets human behavior through personal interaction, rather than more technologically-oriented methods like spoofed phishing pages.

Of all of the major cyber threats to businesses and individuals, phishing is the most common. Recent studies indicate that 65 percent of U.S. organizations experienced a successful phishing attack in 2019, and 22 percent of data breaches began with phishing campaigns. 

“In its simplest form, phishing is the practice of sending a link via email or text or embedding a link on a website that, when clicked, downloads malware onto the user’s device as well as any other devices that are connected to the same network,” says CyberScout founder and chairman Adam Levin.

Regardless of the industry or sector, ransomware is the cybersecurity threat that has consistently made the most headlines over the last five years, and with good reason. As a vector of attack, it has brought multinational corporations to a screeching halt, shut down local governments, caused school closures, and has led to at least one death by disrupting medical services.  “While the sophistication and methods of attack may vary, the short answer is that ransomware is a type of malware that encrypts critical data on a computer or computer network so that users can’t regain access without paying a ransom,” says CyberScout founder and chairman Adam Levin

October is National Cybersecurity Awareness Month (NCSAM). This year’s theme is “Do Your Part, Be Cyber Smart.” While the knowledge of cybersecurity best practices and data hygiene has increased during the seventeen years since the first NCSAM, the threats posed by hackers and other bad actors has increased too. 

While there are risks associated with remote work, the odds of a malware attack increase when more family members use the same device, especially children.

“The malicious code children collect on their way to something you’ve never heard of can hijack your computer for all kinds of purposes. There are click-harvesting scams. There are stealth programs that will turn your machine into a spambot. There’s malware that looks OK to your anti-virus program, but is actually recording every keystroke, most particularly when you log into your bank account,” warns CyberScout founder and chairman Adam Levin. 

Many companies will offer identity fraud and theft protection services to customers who have had their data compromised in a breach, but relatively few provide it as a benefit to their employees—just 25 percent as of 2019. This approach ends up costing businesses in the long run, according to CyberScout founder and chairman Adam Levin. “If you don’t subscribe to an identity theft resolution service or lack a plan of action before you suffer a personal compromise, you will need to spend more time and more money than you are probably prepared to spend,” said Levin

The economic contraction caused by the Covid-19 pandemic makes it harder than ever for companies to take on additional expenses. Faced with closure, many businesses are cutting benefits and salaries. While it may seem counter-intuitive, now is a very good time for small and medium sized businesses to consider providing their remaining employees with a wider array of employee benefits—specifically cyber and identity protection.