The private sector consists of the huge for-profit segment of the economy not run by the government, made up of privately owned and publicly held businesses. Although these businesses are not always directly involved with the government, they nonetheless handle sensitive information that is enticing to criminals. Typically, smaller to medium-sized businesses are more frequently the targets of cyberattacks because they do not have the substantial cybersecurity budgets that large companies do. Beyond funding, these businesses also may lack adequate physical resources, such as a designated IT department, to manage cyber-related risks.
Businesses have become recurrent victims of cyberattacks because of the valuable customer information they possess. Financial institutions, online retailers and health care providers process sensitive data involving personal identification information, bank accounts, Social Security numbers, credit card numbers, verification or security codes, insurance information, health records, and logins and passwords, along with other unique details. This assortment of information becomes profitable to cybercriminals because it can be sold or used to commit identity theft or fraud. Small businesses are extremely vulnerable to this criminal activity because they are seen as easier targets; these companies tend to be more likely to pay ransoms when they do not have any other resources to restore data and their systems are operating on limited budgets. Furthermore, small businesses’ weaknesses can be used as an entry point into larger corporations. For example, the 2013 Target data breach was triggered through a cyberattack on one of the massive retail chain’s third-party vendors.
Creating an awareness of these attacks and the importance of effective cybersecurity in business is essential because of the toll such crime can take on a company physically and financially. Cyberattacks can result in loss of or damage to data, while inflicting further expenses on the company. Additionally, considerable destruction could result in a decrease in profitability or income for the company or reputation damage. In order to maintain consumer trust, businesses must attest that information is valued and protected, so customers do not feel as though they are putting themselves at risk by doing business with the company. In order to employ preventative measures to combat cyberattacks, enterprises should consider the top cyberthreats facing the private sector:
Phishing is a cyberthreat used to acquire personal information by posing as an accredited business or institution. Using phone or email, cybercriminals obtain access to sensitive details such as account numbers, credit card numbers, Social Security numbers, logins, passwords and other personal identification. Businesses are frequently victims of phishing because many companies keep consumer information stored, including valuable personal data. This information could be used, sold or leaked by cybercriminals. Additionally, phishing can be used as a method of password attack.
Malware is the name used for “malicious software,” which encompasses a variety of disruptive and destructive software intended to impair data systems or gain network admittance. This type of cyberattack encompasses several types which use different strategies to gain money or power over a company, or steal information. The most common type of malware typically takes the form of a virus, which spreads rapidly and extensively throughout the system or network. Similarly, “worms” start with a singular attack and bounce from device to device through a network to spread a bug to multiple devices. Another malware tactic used by cybercriminals is ransomware. This form of attack encrypts and then threatens to sell or delete data unless a ransom is paid, forcing many businesses into pressing — and sometimes time-sensitive — situations.
Beyond these methods, malware attacks can occur in an even more furtive nature. A “Trojan horse” is malware disguised as reputable software that undermines security from the inside, creating the possibility for additional malware to infiltrate the system. Another form of this malicious software is spyware, in which malware is hidden on a device to “spy” on the user and retrieve valuable information. The data retrieved from these types of attacks include details such as user or consumer information, credit card numbers, passwords and other sensitive material. This hurts businesses and might cause them to lose valuable profits or the trust of their customers and clients.
Password attacks are essentially an attempt by a hacker to steal or “crack” another person’s password. Criminals use multiple practices in order to gain this secret information. In some cases, a hacker may employ a system to try trillions of login combinations in a matter of seconds, also known as a brute force attack. Other intrusions involve a hacker using a “cracking dictionary” of words that are typically used as passwords. From there, the cybercriminal attempts to “crack” passwords with personal information such as a pet’s name, birth year or street name, which are classified as a dictionary attack.
Other forms of password attacks include credential stuffing and keyloggers. Credential stuffing is hacking that occurs when a password was never changed after unauthorized account access occurred or if information was leaked. This gives cybercriminals access to the respective account or accounts still employing that revealed password. A keylogger is a malware-type tool used by password hackers that logs users’ every keystroke and provides the information to the criminal. Password attacks become extremely detrimental to businesses, as a password can hold a large amount of information behind it and provide a wide range of access if not properly protected.
Man-in-the-Middle (MITM) Attack
MITM attacks are one of the oldest forms of cyberattack. This type of attack occurs when a cybercriminal inserts him- or herself in between the user and the program, host application or system to “eavesdrop” and gain information or interrupt the connection altogether. This could result in an information breach or a cybercriminal gaining sensitive information about a business. MITM attacks also pose the threat of a network interruption where traffic is navigated to a different page than intended. Typically, cybercriminals will redirect MITM victims to some type of scam page or phishing log-in site, doubling as a form of password attack. To protect both themselves and their customers, businesses should ensure networks are secure and that there are no loopholes for outside sources to gain entry between the user and the program.
Denial of Service (DoS) Attack
A DoS attack occurs when a cybercriminal floods a system, device or network with traffic or a signal to prompt a crash. There are multiple kinds of DoS floods, and each one uses different approaches to cause a disruption. Buffer overflow attacks are the most common type of DoS attack. This occurs when the cybercriminal relays more traffic to the network than it was designed to accommodate. Similarly, an Internet Control Message Protocol (ICMP) flood is an attack that impacts every computer in the network, which is activated to heighten the traffic. This trigger is also referred to as a “Smurf Attack” or the “Ping of Death.” Lastly, a SYN flood, short for the term “synchronize,” occurs when a request is initiated to join the server, but the network connection is never completed. This is repeated until all connection routes are occupied with these requests and real users are not able to connect due to limited availability.
Typically, prominent businesses in the banking, e-commerce or media industry sectors are the target of DoS attacks. Through these various forms of floods, the goal is to sabotage the target by making it impossible to reach its users or intended audience. Furthermore, this prevents verified users such as employees, customers or members from using the service or resource.
Private sector businesses are at risk of cyberthreats because of the valuable information they possess about their customers through transactions, along with their powerful role in the market and economy. All companies face a level of threat in some capacity, with phishing, malware, password attacks, MITM attacks and DoS attacks most directly applicable — especially to businesses on the smaller side. In order to prevent these attacks, those in the private sector should seek to achieve additional cybersecurity training and employ cybersecurity measures as a form of risk prevention, spending the budget necessary in order to maintain a secure network.
For those ready to gain a better understanding of the multifaceted cyberthreats facing the private and public sectors, the Institute for Defense and Business (IDB) offers the program IU-IDB: Cyber Risk Management Program in a National Security Context. This course will equip participants with the best practices in cybersecurity to mitigate cyber risk, backed by a firm foundation of education on U.S. and related cybersecurity laws and policies. This program is intended for military career levels of 0-2 to 0-4, W-1 to W-3, E7 to E-9, GS11-GS-13, early career professionals and private industry professionals.
About the Institute for Defense and Business
The Institute for Defense and Business (IDB) delivers educational programs and research to teach, challenge and inspire leaders who work with and within the defense enterprise to achieve next-level results for their organization. IDB features curriculum in Logistics, Supply Chain and Life Cycle Management, Complex Industrial Leadership, Strategic Studies, Global Business and Defense Studies, Continuous Process Improvement, and Stabilization and Economic Reconstruction. Visit www.IDB.org or contact us on our website for more information.