Blog

Why You Need a Strong Cyber Security Threat Prevention System

Most businesses have security systems, devices, or guards in place to protect their assets from offline criminal threats. Yet at the same time, they fail to take adequate measures to protect their digital assets from cyber crime. The cyber threat is relatively new and seems an abstraction to many. If one has never been victimized, she or he might regard the threat as remote.

But unlike the physical world, geographical distance online has no meaning and anyone with the know-how, from anywhere in the world can probe and test your cyber defenses. They need only know of your existence. Imagine the physical equivalent of this situation where criminals from around the world shake and test your fence gates, doors and windows 24 hours a day. However bizarre this analogy seems, it’s an accurate one in that cyber crime unrelentingly threatens the well-being of businesses, their employees, and customers. Here’s a listing of 22 of these threats:

  • Advanced persistent threats
  • Distributed denial of service attacks
  • Denial of service attacks
  • Exploitation of insecure APIs
  • Man in the middle attacks
  • Browser hijacking
  • Phishing attacks
  • Spear phishing attacks
  • Malware attacks
  • Wi-fi sniffing
  • Ransomware
  • Worms
  • URL injection
  • Passive attacks
  • Pharming
  • Vulnerability exploitation
  • Buffer overflows
  • Data breaches
  • Code injection
  • Cross site scripting
  • Zero-day exploits
  • Brute force attacks

Some of the above threats attack from outside your network while others attack from within, such as from the infected device of an employee who fell victim to a phishing attack. Most of the victims of these attacks are small and medium-sized businesses because they lack the cyber security threat prevention resources of larger companies.

WHOA.com is ISO 27001:2013 and PCI DSS 3.2 certified. We take a multi-layered approach to security that includes physical security, network protection, secure multi-tenant architecture, per-tenant firewalls, host based firewalls, antivirus, and backup & replication. Why not benefit from the cyber security threat prevention we can provide? Contact us to learn more.

If you’re a business of any size that conducts online transactions involving credit or debit cards, the processing, storage, and transmission of their associated information must adhere to a set of security standards called the payment card industry data security standard (PCI). These standards apply regardless of where the data is handled. To make PCI compliance easier, many businesses opt to use a third party hosting environment such as PCI compliant cloud services. Using a quality host not only makes compliance easier, it greatly reduces the chance of a data breach from ever happening.

PCI compliance is not a one-time set-and-forget task. The required security measures must undergo continuing maintenance because the cyber threat environment is constantly evolving. This is yet another reason for using a quality host that makes ongoing security their primary mission.

A misconception of many entrepreneurs is that PCI compliance is limited to big businesses. They also believe their businesses are too small to attract the notice of hackers and other cyber criminals. It’s precisely this belief, which lulls them into a false sense of security and dissuades them from becoming compliant.

However, businesses of all sizes and even small non-business websites owned by individuals are routinely hacked. From the time a website is first established, hackers will find it within one or two months. The reason is their sheer numbers and the technology at their disposal. If you’re a business of any size, then you present a tempting target.

What Happens to Businesses That Aren’t PCI Compliant?

The consequences of a data breach involving customer credit and debit information include:

  • Lawsuits. It’s often said that society is becoming increasingly “sue happy.” This is most likely true given the huge number of law firm websites advertising their services. There’s a real chance that customers will seek litigation, especially if the compromised data resulted in identity theft.
  • Loss of business. A data breach involving customer credit and debit card data is regarded by the customer as a breach of trust. Because they trusted a business with their sensitive information, it’s being passed around, possibly in a data black market. This would surely discourage even the most loyal of customers. The resulting brand damage can have lasting business effects.
  • Fines. If a business that suffers a breach is found to be out of compliance, the fines can be hundreds of thousands of dollars. This, combined with the aforementioned business losses may force the owner to close their doors.

WHOA.com takes security seriously. We use multiple layers of security to protect our networks from all threats. To learn more about our PCI compliant cloud service, please contact us.

The cloud. It’s convenient, inexpensive, scalable, and easy to use. Because most businesses can’t achieve the economy of scale effect common to large cloud providers, it’s cheaper to use these services than duplicating their facilities in-house. But there is a big downside to the cloud: It has security risks.

A large cloud service may contain the data of hundreds of businesses. This presents a tempting target for cyber criminals who appreciate the monetary worth of this information or who simply desire to inflict widespread damage. They can gain entry by exploiting whatever security weaknesses they find. Here are three of them:

Compromised Login Credentials

Criminals have many ways of gaining access to login credentials. They might use password cracking software that persistently tries different password guesses until they achieve a successful login. This is highly effective against weak passwords. People may be tricked into using their credentials on fake login pages, or the credentials might be stored on a mobile device that’s subsequently lost or stolen. Credentials can be obtained using visual hacking, in which a person stands behind someone logging into an account and records the keystrokes with a phone video recorder.

Data Leakage

Not all cloud service providers are created equal. Some may have employees who are negligent or just prone to making mistakes. Even though you would never hire such a person to handle your data, the security and safety of your critical business data are nevertheless in this person’s hands. An accidental transfer of your data to an unsecured server exposed to the Internet is quite possible.

Poor Data Isolation

Cloud physical resources such as CPU, networking, and databases may be shared between multiple users (tenants). The activities and data of any one tenant should not be visible or accessible to the others. In addition, if one tenant is infected (by ransomware, for example), the problem shouldn’t spread to the other tenants. However, these problems can happen when poor data isolation is in place. If a tenant’s poor login credential management allows a hacker to gain access to his data, your data may be compromised next in such an environment.

The above are by no means a complete listing of cloud security weaknesses. The main takeaway from this is the importance of carefully vetting cloud service providers from a security standpoint before using them. Secure cloud storage is an absolute necessity today because your business and reputation depend on it. WHOA.com takes security seriously. We use multiple layers of security to protect our networks from all threats. To learn more about this, please contact us.

Hackers generally don’t infiltrate business databases purely for the thrill or intellectual challenge. They’re in it for the money. However, the person with the skills and tools to hack into databases doesn’t necessarily know how or have the inclination to exploit the information for maximum profit. The value of much of the information they steal isn’t always obvious to them. If it is, they may lack the expertise to pull off the necessary scam. This is where the information black market comes into play.

The information or data black market brings together the data thieves and the criminals who know how to use the data. It consists of online websites or forums, not unlike eBay, in which the sellers have feedback scores based on the buyers’ experiences with them. Some of these places are readily found if you know where to look, while others are in the dark web of the Internet. If your business data is breached, there’s a good chance your data and that of your customers will end up in one of these places.

If your compromised customer data didn’t include their credit card information, it can still be exploited in ways that ultimately cause harm. Names, addresses, and similar information can be used to fabricate fake ID cards for various nefarious purposes.

For example, a person’s health insurance medical policy number, name, and birth date might be enough information to fabricate a fake ID card that allows a criminal to get free drugs or medical equipment, which they can sell elsewhere. No matter what the information is, there will be buyers at these black markets who will know how to profitably use it.

The point of the above is there’s a strong economic incentive for cyber criminals to steal your business data. The profit incentive also drives innovation in the techniques and software that hackers use to get to your data. This is why you can never let down your guard. If you don’t have the time to become a cyber security expert and lack the resources to prevent a data breach, consider using WHOA.com’s managed security services. Contact us to learn more.

© 2018 WHOA.com All rights reserved.