As work and life become increasingly digital, a skilled cybersecurity department is critical for your business, and it’s not hard to see why. Google the term “cyber attack,” and you’ll find names like eBay, TJX, and even Target on the list of recent victims. When sites like these are hacked, it allows the intruder access to the sensitive financial information of millions of customers and causes cybersecurity horror stories that can be nearly impossible to recover from. Other types of attacks can shut down businesses or drastically reduce income over the course of the intrusion.
While large corporations are often the biggest targets of attacks, small businesses and individuals are just as vulnerable. From stolen money to industrial espionage, here are a few cybersecurity horror stories organizations are at risk for every day.
Ransomware
This form of malicious software blocks access to your files then demands a “ransom” sum for their safe recovery. These attacks can occur when clicking on phishing links or visiting an insecure website. Prices to recover the locked information can vary from hundreds to thousands, and there’s no guarantee the recovered files will be delivered to you post-payment.
The recent WannaCry ransomeware attack targeted computers all over the world. The WannaCry software locked thousands of computers in more than 150 countries. Users were presented with a screen demanding a $300 payment to restore their files. While a patch was quickly drafted to help thwart the attack, the damage remained widespread.
Distributed Denial of Service (DDoS) Attack
With these invasions, attackers from multiple locations across the globe to flood a website with more traffic than it can handle which overloads the website’s server and essentially shuts it down for all users. A successful DDoS attack can cost a business tens of thousands of dollars in damages, substantial revenue loss, and a powerful attack can even end business for good.
In March of 2017, the Mirai malware hit a US college website, assaulting it with a 54-hour-long attack. The attackers exploited CCTV cameras, DVRs and routers. This attack maintained a traffic flow of 30,000 requests per second, peaking at 37,000.
Structured Query Language (SQL) Injection Attack
Unlike other cybersecurity horror stories, this type of attack not only taints the reputation of the targeted business, but also puts customers at risk. SQL is a programming language that servers use to store data. Cyber criminals can use malicious code to infiltrate the server and gather sensitive information about its customers like methods of payment, login credentials, and even social security numbers. When this happens, consumers are at risk for identity theft and credit card fraud, and the business owner is at risk of no longer holding trusted site status.
In late 2016, knowledge of an unpatched SQL injection vulnerability was found for sale on the Dark Web. This vulnerability offered access to the US Election Assistance Commission (EAC) website and backend systems. This attack threatened the legitimacy of votes in current elections and opened up the entire system for observation by hackers for future exploits.
Know Your Cyber-Professional
It is easy to see that protecting company servers is no longer optional in our network-based world. Skilled and trustworthy cybersecurity professionals are a crucial part of every company’s IT team. The risk of hiring the wrong person for the job can be reduced by taking a few key steps during the interview process:
- Make sure the candidate is an expert in your industry, not just in cybersecurity.
- Ask for proof of past work assisting companies with these responsibilities.
- Confirm cybersecurity certifications or credentials are held by the candidate.
- Ensure competencies in business results orientation, decision making, influencing, organizational awareness, and analytical ability are possessed by the candidate in addition to his or her technical skills.
Hiring the perfect professional to lead your cybersecurity team is an important decision. The cost of an under-qualified hire is too great and could potentially land business owners in the middle of giant cybersecurity horror stories. Are you concerned about the dangers of the digital age? TCG can help you properly vet all candidates for your next cybersecurity job opening. Let’s connect today.
If you’re a candidate looking for a job in Cybersecurity, check out our jobs portal or contact one of our recruiters today.
Sources:
- https://www.infosecurity-magazine.com/opinions/the-secret-to-winning-the-war-for
- https://threatpost.com/sql-injection-attack-is-tied-to-election-commission-breach/122571/
- https://threatpost.com/new-mirai-variant-carries-out-54-hour-ddos-attacks/124660/
- http://www.npr.org/sections/thetwo-way/2017/05/15/528451534/wannacry-ransomware-what-we-know-Monday