0333 313 5000|hello@duocall.co.uk
Blog | What cyber security threats do modern-day businesses face?

What cyber security threats do modern-day businesses face?

As businesses have adapted to the modern world, so have the threats that they face. Whilst we’ve seen huge leaps forward in technology and cyber security over the years, we’ve also seen vast developments in the methods used by malicious agents, leaving many businesses vulnerable to cyberattacks. A large amount of these attacks come from email sources. In fact, 52% of worldwide email traffic is spam, with social engineering attacks becoming ever-more prevalent over the past two decades.

What are the most common cyber security threats?

The vast majority of cyberattacks originate via an email and they’re becoming increasingly complex. From spam, malware and phishing to brand and domain impersonation, businesses face more threats than ever before. Here are some of the most common cyber threats you might encounter whilst trying to protect your business:

Malware is a term used for malicious software that is designed to gain access to a system and cause damage, extract data or disrupt daily operations.

Phishing is a method used by cybercriminals to trick the receiver into believing that an email has been sent from a reputable source. Phishing emails are usually sent as an attempt to gather sensitive data from unsuspecting recipients, such as their login information or bank details.

Spam emails are sent out on mass and usually follow a commercial nature. In most cases, spam is sent by cybercriminals with no regard as to who the receiver may be. Spam is used by attackers as a quick way to catch people off guard.

Impersonation attacks are used by malicious agents to imitate an organisation, service or person. One example is a domain impersonation attack, or typosquatting. This is a common tactic in which cybercriminals create domains that appear similar to trustworthy and recognisable brands.

When data is retrieved or copied from a remote system without consent, it’s known as data exfiltration. Data exfiltration can happen as a result of malicious intent or due to accidental loss of data.

Free review of your business’ communications

We care about your business’ IT & communications. That’s why we’re offering a free, no obligation review of your existing setup. Our team will assess your solutions and processes, and make informed recommendations based on their findings.

How can I strengthen my systems against these cyber security threats?

Spam

When it comes to defending yourself and your employees from spam, gateways play a key role. Modern gateways have become very effective at blocking incoming spam before it even has a chance to reach your inboxes. Barracuda has multiple products designed to stop spam and quarantine dangerous emails; find out more about our Barracuda offering…

Much like spam, one of the best ways to defend against phishing is by implementing a gateway. These are especially effective against large scale URL phishing attacks. Using URL filtering and URL re-write, gateways can defend from and block access to malicious website links sent via email. They also block access to known dangerous websites.

Malware

Ensuring that malware never reaches your inboxes is the best method of prevention. Signature matching is an important tool that your email gateway uses to identify and block malware variants. More advanced tools, such as Sandboxing, can also be implemented to further protect your environment. This is the process of testing suspicious links and files in an isolated environment before they are delivered to your inboxes.

Data Exfiltration

Data loss prevention (DLP) is a collection of policies and technology that detects and prevents data breaches, exfiltration and other risks to your confidential or sensitive data. This is usually deployed in line with outbound and inbound mail flow. With DLP, you can scan email for sensitive data and encrypt them as an additional security measure.

Impersonation

There are two types of impersonation attack, domain impersonation and brand impersonation.

Domain Impersonation

Barracuda Sentinel prevents cyber criminals from spoofing your domain via brand impersonation attacks. It utilises DMARC (Domain-based Message Authentication Reporting and Conformance) to prevent illegitimate emails from being sent from your domain. DMARC technology outs you in full control of your brand. Find out more about Barracuda Sentinel.

Brand Impersonation

By deploying an API-based inbox defence, past and internal emails are used to implement a statistical detection model in which legitimate and illegitimate emails can be differentiated between. This is not limited to just email copy either; your API-based security solution understands how your brand uses imagery too.

Explore our cyber security solutions

Where does social engineering play a part in modern cyber security threats?

Social engineering is a growing threat that most people (and businesses) don’t take seriously until it affects them.

What is social engineering?

Social engineering is a term used for a wide variety of psychological manipulation techniques that cybercriminals use to break through the security of your business. The dangerous thing about social engineering is that it’s focusses on manipulating human beings rather than your IT systems, meaning there is very little you can do to combat it. After all, it’s easier to convince a human that you’re not malicious than it is to convince a computer.

Social engineering is a confidence trick that cybercriminals use to gain access to systems or locations, gather confidential information, or commit fraud. The most common types of social engineering take place via email or over the phone, but in-person social engineering is also a threat businesses need to be aware of. A good example of in-person social engineering would be somebody posing as an engineer or service worker to gain access to a restricted location.

The principles of social engineering

The principles of social engineering are based on fundamental psychological principles about human behaviour. They have existed for a long time and are used by criminals to manipulate unsuspecting victims.

When someone commits to a task (both verbally or in writing), they become much more driven to complete it. This is because they feel a sense of personal responsibility.

Authority figures, or people posing as them, are usually well-listened to and respected. Employees will often follow instructions from people in positions of perceived power, and in many cases they’ll comply even if the action they’re asked to do is suspicious.

The urge to return the favour when someone does something for you is human nature. If an attacker is generous or thoughtful when dealing with their target, they can often gain access or information from their target much easier.

Attackers usually try to make themselves as likable as possible. This is because people are more easily persuaded by people that they like. Just by being polite and friendly significantly increases the success rate for attackers.

People tend to copy the actions of others, whether they’re aware of the outcome or not. You can see this with celebrity endorsements. When someone famous promotes a product, people will drawn to that product, regardless of the benefits and cons of the product.

The three forms of social engineering

Quid Pro Quo

Attackers often target multiple people at a company, claiming that they’re contacting for a legitimate reason. The attacker will eventually find an employee who is searching for help and is grateful for the extra input. Information will then be extracted from the victim whilst they’re being ‘helped’.

Phishing

Phishing is used by criminals to gain private or confidential information about an individual. Typically, the phishing email will be made to look like it has come from a familiar person or company and is designed to entice the recipient into logging in via a malicious link that captures their sensitive data.

Water Holing

Cybercriminals use watering hole attacks to identify websites that are frequently visited by their targeted users, businesses or even sectors. These websites are then compromised and infected with malware to catch their target off guard. This cyber security threat relies on their targets’ trust in the watering hole site.

How can I protect against socially engineered cyber security threats?

There are several ways that you can protect not only yourself, but your business and employees from social engineering attacks. It’s important to revisit these systems often and make sure that they’re up to date and being used by employees.

Putting security protocols, procedures and policies in place is one of the first steps in protecting yourself from social engineering attacks. By providing information on handling sensitive data and training employees on keeping their information secure, vulnerability to inbound cyberthreats are greatly reduced.

Educating your employees to treat all corporate and customer data with the utmost scrutiny is an effective way to keep on top of any potential phishing threats. It’ll also teach employees to be vigilant and identify potential vulnerabilities when they appear.

Training employees on how to handle sensitive information can help build a strong framework withing your business.

Undertaking periodic testing is a great way to develop a framework for the future of social engineering defences. Testing employees ensures that they’re cyber security knowledge is up-to-date. Running tests with simulated social engineering situations can help put your employees’ skills to the test.

For privacy reasons YouTube needs your permission to be loaded.
I Accept

Need confidence in your business’ cyber security?

Contact our team and we’ll help you find a cyber security solution that works for you and your business.

More content from DuoCall

Talk to our team today!

Site map

About us

Voice

IT & Managed Services

Connectivity

Mobiles

CCTV & Security

Terms and Conditions

Contact us

0333 313 5000

MyTeam1

0333 313 5001

myteam1@duocall.co.uk

MyTeam2

0333 313 5002

myteam2@duocall.co.uk

Head office

Unit 8
Genesis Park
Sheffield Road
Rotherham
South Yorkshire
S60 1DX

South office

Howbery Business Park
Wallingford
Oxfordshire
OX10 8BA

Cyber Essentials Plus certified
ISO 9001
ISO 27001

© DuoCall Communications Ltd. All rights reserved. Registered in England and Wales No. 6330709.

Request a FREE consultation

Looking for advice regarding your business communications and/or IT? Submit the form below and we’ll be in touch to discuss your objectives and requirements…
This website uses cookies and third party services. View our privacy policy or Change Settings OK
Tracking cookies