GALGUS - Cybersecurity in business: top threats and how to deal with them

Cybersecurity in business: top threats and how to deal with them

By now, there’s no question that businesses should prioritise their cybersecurity efforts. If you are still not entirely convinced of this, read this article and you will find reasons to get your act together to protect your business. In addition, from Galgus we leave you with a series of recommendations that will serve as a basis for an effective protection strategy, both for your equipment and for your WiFi networks.

Cybersecurity in today’s enterprise

To find out more about how companies are faring from a cybersecurity point of view, we can turn to the sixth edition of the Security in Spain Report, published by the ESYS Foundation (Business, Security and Society).

According to this report, the evolution of cybercrime and its sophistication mean that cybercrime is growing. In fact, of the more than 200,000 reported attacks, only 14% were solved.

Other interesting figures also emerge from this report, such as the fact that more than 80% of companies have suffered at least one cyber-attack. Of these, 24% were large companies. If we focus on the general public, 31.5% of private users admit to having suffered the actions of cybercriminals.

Among the favourite targets of cybercriminals are companies in the tax and financial sector, as well as in the transport and energy sectors.

Given this situation, why don’t companies invest more in cybersecurity?

Even looking at this picture, some companies are still reluctant to devote more of their budget to putting in place more robust cybersecurity measures. Among all the excuses they make, some of the most common ones are:

  • Underestimating how “palatable” the company and its data is to the cybercriminal. You don’t have to be a large multinational to be a victim of these actions. Any company in the digital environment is in their sights.
  • Thinking that having an antivirus on your computers is enough. Of course it is advisable to have one, but you should not rely on them alone for your entire cybersecurity strategy. There are many malicious attacks that evade them, or use social engineering to succeed. In addition, it is also important to protect your company’s servers.
  • Believing that you have a robust cybersecurity policy when it is outdated or has not been reliably tested for effectiveness.
  • Relying on backups, when they are also susceptible to modification, deletion, encryption or theft.
  • On the other hand, there is the overconfidence in employees and their lack of preparedness to prevent cyber attacks. Even more so as cybercriminals have increasingly elaborate strategies for deception.
  • Thinking that paying the ransom demanded guarantees the recovery of all attacked data, when this is not always the case. 
GALGUS - Ciberseguridad en las empresas

Top 8 cybersecurity threats to business

From all this, we can see how important it is for companies to have as much knowledge as possible about the modus operandi of cyber criminals. This is where different types of threats come into play. We bring you the ones you need to know about:

1.- Ransomware

Your data is hijacked by encrypting it. The cybercriminal then contacts his victim to ask for a ransom, usually in cryptocurrencies. Here, it should be noted that the encryption algorithms used are increasingly complex, which increases the danger of these attacks.

For this encryption to take place, it requires the “cooperation” of someone in the company running the software that performs the encryption. This is often achieved by deception, persuading the worker to download or install the programme.

2.- Business Email Compromise (BEC)

A strategy that is booming due to the growth of teleworking because of the COVID-19 pandemic and its consequences.

Here, the employer receives an email apparently from his superior or a colleague. In it, the employer is asked for some kind of compromising information or to make some kind of transfer. In this way, the cybercriminal gets hold of sensitive company data or obtains money from the company through identity theft.

3.- Phishing

This is undoubtedly one of the star cybercrimes. Like BEC, it is a method of identity theft to obtain useful information.

In the case of phishing, the emails sent are usually targeted at users of services such as online banking, utility management (electricity, water, etc.), e-commerce, etc.

4.- Botnets

It consists of the formation of a network of computers that have been infected and configured to work together to carry out malicious attacks, such as the ones we are mentioning here.

Moreover, users of these computers are often unaware that their equipment is performing these tasks behind their backs.

5.- DDoS attacks

Denial-of-service or DDoS attacks go straight to servers, rendering them unusable. To do so, they take up all your bandwidth or use any technique that saturates them and prevents them from functioning normally.

6.- SQL Injection 

Here, the target is the databases of the victim companies or institutions. It consists of sending a series of SQL commands to the database in order to access the information of interest contained in the repository.

7.- Man-in-The-Middle attacks

In these actions, data is stolen as it “travels” between your computer and the WiFi network to which you are connected. The term “Man-in-The-Middle” refers to the middleman who commits this theft, as it is between the wireless network and the computer.

8.- DNS Hijacking

Cybercriminals make it so that when you type in a certain web address in your browser, you do not actually go to that site, but instead redirect us to a page that is under the control of the cybercriminal and that is very insecure.

How to deal with them?

Fortunately, the answer here is complex, because nowadays you have many alternatives to be well armed against this set of dangers.

Perhaps the first and most important resource is common sense and knowledge of the “enemy”. This translates into comprehensive and recurrent training for workers, especially those handling sensitive data.

In doing so, they will learn how to detect the behaviour of cybercriminals and the signs that make them suspect they are facing an attack.

It is also important to acquire certain habits, such as the following:

  • Set strong passwords and change them from time to time.
  • Have the latest updates of the operating system and working software.
  • Use the HTTPS secure protocol on the web.
  • Use professional anti-virus and firewalls.
  • Do not give access to the network to members outside the organisation.
  • Use a WIPS/WIDS (Wireless Intrusion Prevention and Detection) system such as Galgus.
  • Use a captive portal for those guests that need it.

If you are most concerned about strengthening the cybersecurity of your wireless network, Galgus offers you these 13 cybersecurity keys for corporate WiFi networks.

In addition, our CHT (Cognitive Hotspot Technology) enables real-time intrusion detection and prevention of attacks on the WiFi network. This way, the user is always protected while surfing your network.

With this article, we hope that you are now up to date with the risks your business faces in the current situation, as well as the best ways to neutralise them. We’ll be happy to answer your questions and give you more information on how Galgus smart WiFi networks can help you work with peace of mind in this regard. Shall we talk about it?