“Don’t drink and browse”, and other sage advice at protecting yourself online
October is a month dedicated to many worthy causes, including breast cancer awareness, bullying prevention, arts and humanities, and (ahem) pizza. It’s also National Cyber Security Awareness Month (NCSAM), which the USA’s Department of Homeland Security describes as:
“a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. NCSAM 2019 will emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.”
Here at Acronis, every month is cybersecurity awareness month, but in the interest of promoting this worthy campaign, we’d like to note a few recent cybercrime trends and offer some best practices for protecting yourself from them.
Four cyberthreat trends
- Ransomware is one of the most widespread and profitable cybercrime tools in use today. It works by infecting a user’s machine, locking down every file it finds with encryption, then demanding an online payment in return for the key to unlock your data. You probably have seen recent headlines reflecting the bad guys’ particular targeting of industry sectors where downtime is expensive, politically hazardous or even life-threatening, like manufacturing, municipal governments and healthcare. For example, ransomware attacks accounted for over 70% of all malware incidents in the healthcare sector over the last two years, according to the 2019 Verizon Breach Investigations Report. How to fight it: Try to avoid letting it onto your system in the first place by treating emails from untrusted sources with wariness, and staying away from dubious websites (like places that sell bootleg software). Back up your data regularly; if your files get locked, you can recover most of them without paying the ransom if you have a recent backup. Consider installing endpoint anti-malware that is smart enough to detect ransomware by its behavior, not its fingerprints (as older anti-virus tools do).
- Online breaches. According to the Online Trust Alliance, over five billion sensitive records have been exposed in online breaches in the past year. That’s particularly troubling, as criminals take advantage of the fact that many users re-use the same password across multiple sites, enabling the practice of “credential stuffing”, or trying to find other sites on which the stolen credentials will work. That’s a big problem if one of them is your online banking account, or you’re an IT staffer at your company and have administrative-level privileges. How to fight it: Follow best practices for password creation (short version: longer is better) and use multi-factor authentication to protect your most sensitive accounts. Stop reusing passwords across multiple accounts, and consider using a password manager to help you keep track of them all securely.
- Phishing emails that invite malware onto your system when you unwittingly click on a poisoned link or attachment remain a very effective tactic and an even more lucrative one when the target is a senior executive. Fully 29% of all successful malware attacks use this tactic, according to IBM’s cybersecurity research. How to fight it: Keep alert when you’re processing emails. Cybercriminals are getting craftier at lulling you into trusting their emails enough to click on them. For example, they’ll scan your social media accounts for clues about your personal life, then craft an email that looks like it’s from your neighborhood association or alumni group.
- Cryptojacking is a relatively new attack that is also a big moneymaker for cyber crooks. The aim is to get malware onto your system that quietly earns money from a process called cryptomining that is essential to the functioning of cryptocurrencies like Bitcoin. While you don’t lose data, the cryptojacker does steal your CPU cycles, memory, power and cooling resources. It grew by a whopping 4000% late last year, according to McAfee. It’s like letting a criminal drive your car all night while you sleep as long as it’s back in your driveway by morning. How to fight it: Keep an eye out for sudden drops in system performance or notice activity when you expect the computer to be idle. Don’t assume your system is slowing because of the latest OS update. Consider investing in anti-malware solutions that can detect and terminate cryptojackers automatically.
Final thought
None of this is rocket science, exactly, yet the profits of online criminals continue to spiral upward, currently projected to cost the world $6T annually by 2021, according to the Herjavec Group. To keep yourself or your organization CyberFit and ready to counter these modern threats, start simple with the recommendations outlined above.
You’ll also want to incorporate a cyber protection solution designed to protect your data while countering attacks like ransomware and cryptojacking – whether you’re a home user or business
And if you want to dive deeper into the subject with a group of like-minded professionals, join us at the Acronis Global Cyber Summit 2019 in Miami Beach, Florida. You’ll gain valuable insights at dozens of sessions presented by cybersecurity industry thought leaders, and network with people like you that are fighting in the trenches of the cyberwars.
So click responsibly, join us in sunny Florida, and have a great National Cyber Security Awareness Month!
SPECIAL OFFER! To celebrate National Cyber Security Awareness Month, we're giving a 10% discount on new subscriptions to Acronis True Image 2020 Advanced and Acronis True Image Premium. Simply enter the coupon code CyberSecurity10 in the cart and you'll get your discount.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.