• Erol Eraybar

Trick-or-Treat! Another scary Halloween blog snippet about cyber-security attacks and stats.


October is typically the month to worry about ghosts, ghouls, goblins, and the overeating of left-over Halloween candy! Unfortunately, these are only minor issues that can haunt businesses of all sizes when compared-and-contrasted with recent scary Cybersecurity facts and stats.

There is absolutely no shortage of vendor and expert analysis on cyber-security, and opinions of what products and practices are best at protecting your business from evil mischief. Leveraging appropriate new and emerging technologies to defend against the growing number of frightening cyber-crime incidents, also requires the appropriate mix of the softer elements to include defined processes, best practices, and perhaps most important of all, employee education.

Cyber ghouls, ghosts, and goblins do not wait until the witching hour to attack. Throughout the day, these tricksters are knocking on the front door of your business - - with Email - - and playing the odds that one of their pranks will be successful. Once a hacker’s email prank works, it can only take 4 (four) minutes or less to get into your company’s IT infrastructure.

Symantec’s 2017 Internet Security Threat Report documents that Email Attacks are the Weapon of Choice for cyber pranks. Symantec cites that about 1 in 131 Emails contained malware.

Adding insult to injury, without the proper apps, proactive controls, and defenses in place, very likely you will not be aware of a security breach. These hackers can be haunting your network and IT infrastructure for about 286 days before you might catch a ghost-like apparition floating about your business. Nine to ten months is a longtime for Ghosts ‘N Ghouls to be sifting through your business information without you knowing about it.

Do you think since you have a small business, and if you dare keep the porch light off, you might go undiscovered by cyber trick-or-treaters? Sorry, it’s time to think differently.

Microsoft estimates more than 1 out of every 5 small businesses have or will become victims of cyber pranksters. Verizon estimates that 61% of data breach victims are businesses with under 1,000 employees. Symantec believes about 43% of all Cyber Attacks target small businesses. Recent stats shared by IBM indicate small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day!

But, wait… there’s more scary news for you to be aware of if you’re a small or medium sized business.

Research completed by the U.S. National Cyber Security Alliance found that 60 percent of small businesses are unable to sustain their operations over six months after a cyber-attack. And, according to the Ponemon Institute, the average price for small businesses to complete repairs and damage control after their businesses have been hacked stands at $690,000. For a mid-sized business, it can cost over $1 million to recover and resume normal operations.

Cyber pranksters practice the fine art of trick-or-treating on weak and easy victims. Small and medium businesses often believe they are not at risk, and tend not to invest much in cyber-security technologies or user training. This frequently makes them the most likely to fall prey to a variety of not so hilarious Halloween pranks.

Microsoft notes a few cyber-attack methods commonly targeted at small and mid-sized businesses during Halloween (and the remaining 364 days of the year) include:

Phishing: Many scams that try to steal your personal information or money are known as "phishing scams" because they "fish" for your information.

Ransomware: Ransomware restricts access to data by encrypting files on your computer and network shared drives. Some Ransomware may also lock computer screens. It then attempts to extort money from victims by asking them to pay a "ransom."

Tech support scams: Some online scams try to lure you into contacting fake tech support. They try to get you to pay for services or software, or get access to your PC. The most prevalent scams are hosted on websites.

Cyber ghouls, ghosts, and goblins are particularly fond of devising pranks that use Ransomware - - since all it takes is one or two clicks of a link in an email or an attachment - - to spread the malware throughout your network and infrastructure to encrypt your company’s electronic files.

Wikipedia notes the real Halloween trick-or-treating custom involves kids of all ages, and possibly some adults, going from house-to-house collecting treats with the phrase "trick or treat". The trick in this phrase is meant to be a harmless "threat" to do some mischief to the homeowner or their property if no treat is given to the kids standing before you in their costumes.

In contrast, Cyber criminals use Ransomware to scare you with their own version of the phrase "trick or treat." All your personal and company data files become locked-up and are completely inaccessible to you.

The Cyber ghouls then hold your company data and promise to give it back if you provide them with a treat - - you pay their ransom. Unfortunately, it is highly likely these cyber tricksters are all trick, with no treat for you! If you decide to pay their ransom charge, the likely outcome is you will be tricked, as these pranksters are likely to Not honor their end of the deal.

Hope you and your business have a fun, safe, and uneventful Happy Halloween!


Copyright © 2010-2020 Strat-Tek, LLC | All Rights Reserved