On Time Tech

The Very Latest Cyber Threats To Your Business

Written by Lance Stone | Oct 27, 2017 2:18:00 PM

Whether in business, at home or out at play we are connected to the internet all day, all the time.  

We check our smartphones every five seconds.  As a business, it’s much of the same thing.  We are connected with the office, with clients, and with vendors.  You might store your important data on the cloud such as client information and employee records.

Even your devices are now potential targets.  A hacker could try and get into your smartphone and steal from your Apple Pay.  Any device connected to the internet now could be a target:  smartphone, tablet, Fitbit, or even your cars are all targets for cyber attacks.

RANSOMWARE

An email can be all a hacker needs to take over your system.  Ransomware has been a popular means of getting into your network or computer and restricting access to files then making you pay to get them back.  The “Locky” version of ransomware has been in the news as recently as early August 2017.  Users are tricked into opening attachments such as DOCX, PDF, ZIP and JPG files.  The attachment is really hiding the ransomware virus that immediately infects your system and hijacks files with a specific extension.

It changes the file names to a specific 16 letter and number combination file name with the “locky” file extension.  Users get instructions to download a torrent browser where they must go to a site on the dark web.  Here the hacker agrees to give the files back for money, usually up to one bitcoin (over $4,000).

ELECTRONIC MEDICAL RECORDS & DEVICES

Another real cyber threat pertains to the Healthcare industry.  Electronic medical records (EMR) and smart medical devices are new technology that is at high risk for cyber attacks.  According to Health IT News and HIMSS Analytics, 75% of hospitals surveyed have been or could have been hit by a ransomware attack.  As the Healthcare industry adjusts to the benefits of having data online and at their fingertips, it comes with inherent challenges as well.

Connecting more devices to hospital networks can make the sensitive data more vulnerable than ever.  Patient medical records contain such a wide range of information that they have become enticing to hackers.  While the industry continues to get a handle on protecting such data, hackers will continue to exploit this.

Another real threat is devices that are attached to patients.  Anything that uses Wi-Fi or Bluetooth could be vulnerable to hacker attacks.  A hacker could change a patient’s insulin dose, send electrical signals to a patient or alter important monitoring data.  Many devices in the Healthcare field have little to no monitoring that will continue to be a problem.  And with much of it being regulated by the Food & Drug Administration (FDA), patching the software could be a lengthy process.

THIRD PARTY

Another increasingly common hacker attack victim is a third-party such as vendors and contractors.  Securing important business data through a reliable MSP gives you peace of mind that you are doing everything you can to protect your business.  But what about that construction foreman and his smartphone, or that vendor that has you sign for things on an iPad?  Anyone of these could be vulnerable to a cyber attack and not even know it.

Hackers in 2013 stole the information of 110 million Target customers after exploiting a vulnerability in the chain’s refrigeration vendor.  Similarly, Wendy’s was the victim of a cyber attack in 2015 when a third-party vendor was hacked, resulting in 1,025 Wendy’s locations being affected.  Third-party vendors and contractors are a normal part of a modern business that is unlikely to go away, and as business becomes more reliant on them, then there needs to be more accountability across third-party vendors.

MOBILE PAYMENTS

How many of us use our phones to pay for stuff?  It is so easy now to pay using Apple Pay, Samsung Pay, MasterPass, Wal-Mart Pay and more.  This is a new frontier for hackers who work to find a way to crack into this form of payment. The number of companies offering these RFID (radio frequency identification) and NFC (near field communication) mobile payment platforms is increasing every day.

Some common ways hackers could try and gain access to your mobile payment information could be:

Man in the Middle Attacks – A third-party disrupts the connection between the customer and the merchant.  This is usually another app trying to pose as the actual payment app.

Data Breaches – The merchant’s customer database is hacked and all the customer information is stolen.  This data can then be used for identity theft or other malicious attacks.

Loss or Theft of Your Device – Your device is lost or stolen.  Your payment information, as well as other data, is found by an unsavory character.  This can result in the thief using your payment information for malicious purposes.  They could also sell your data on the dark web.

If a hacker could gain access to this form of payment, imagine how much they could get from payment information to financial details.  Plus, once they have hacked into your payment app, the next logical step is getting into your phone. For some, that’s game over.