Page 36 - BusinessWest May 30, 2022
P. 36

Protecting Yourself from IT Threats
Increasingly, It’s Artificial Intelligence vs Cyber-Criminals
By Charlie Christensen
As hackers, organized crime syndicates, and state-backed bad actors aggressively pur- sue ways to compromise the world’s data; business owners, leadership, and IT professionals continue to seek ways to counter these ever-growing threats to their information technol-
ogy infrastructure. In this article, I will explore some of these threats, as well as the advancements in anti- virus/malware protection that are working to defend corporate and personal data every minute of every day.
Lastly, I will provide you with some
key steps you should take to protect your business and data assets from attack.
As someone who understands the threats we as IT professionals see every day, it is my hope that I can use this opportunity to provide the average businessperson with a better under-
standing of what they should focus on most urgently in today’s technology environment, and how they can bet- ter protect their business from being compromised.
• Ransomware: This is every com- pany’s worst nightmare and is a topic that we could dedicate an entire article on. In short, ransomware is an extor- tion scheme that costs businesses bil- lions of dollars per year. It most com- monly spreads via malicious email attachments or links, software apps, infected external storage devices, and compromised websites.
Ransomware searches out every computer on the network and seeks to encrypt the data it finds. The only way to get the data back is to pay the extor- tion, usually via cryptocurrency which is largely untraceable. Not content with simple extortion, cybercriminals are now adding an additional element to the ransomware scheme.
Attackers will now download
your data prior to encryption, and if you refuse to pay, they will threaten to release your data into the public domain. If the thought of this doesn’t lead you to a few sleepless nights, it should.
• Phishing, spear phishing, and whaling attacks: I think by now we all understand phishing. An attacker uses social-engineering techniques, like an enticing looking link, to get the end user to disclose some form of personal
“Think of information security as an onion.”
information such as a Social Security number, information, credentials, etc. Spear phishing, however, is a bit more focused and targeted. A spear-phish- ing message might seem like it came from someone you know or a familiar company like your bank or credit card company, shipping company, or a fre- quented retailer.
Whaling, on the other hand, goes after high-value targets such as C-level leadership or accounts payable. A whaling attack might look like an email from the CFO asking you to initiate a transfer to pay a large invoice. This is an incredibly common attack vector and one that relies on your team’s abil- ity to identify it. Education and vigi- lance are your best defense.
• Advanced persistent threats: APTs happen when an intruder gains access to your systems and remains unde- tected for an extended period. They seek to quietly extract data such as
    36 MAY 30, 2022
TECHNOLOGY
BusinessWest














































































   34   35   36   37   38