In this Article
Av Matteo Alessandro
You have surely wondered about why cybersecurity matters to your business. Well, Av. Matteo Alessandro lays out some crucial points as to why it really does. Find out more about cybersecurity and also how we can guide your business thanks to our team’s expertise!
Introduction
Cybersecurity Matters to your Business
In May 2020, Allen Grubman’s New York law firm was attacked by the notorious cybergang called REvil. Allen Grubman, who is known as “rock and roll’s master dealmaker”, was now being asked for a $42 million ransom. The hackers had found their way into the law firm’s systems. They had also allegedly stole sensitive data about high-profile clients, such as Lady Gaga, Madonna, and Elton John, Furthermore, the hackers behind REvil threatened to go public and share this info if the ransom was not paid.
So, how did all this happen? Did the group break into the law firm? Did they bribe any employees? Although no one is exactly sure, the most likely case is that REvil made use of its infamous ransomware of the same name. They never even had to move from their base (which many assume is in Russia).
It might be tempting to comfort yourself by saying that your business is too small, or too low-profile to be targeted. However, this is not an issue for hackers when choosing their targets, with studies showing that 76% of businesses were the victim of at least one cyber attack in 2021.
Why bring this up? MK Fintech Partners is here to explain why it matters, and what you can do to make your systems more secure.
What is Cybersecurity?
Cybersecurity Matters to your Business
The terms information security and cybersecurity are often used interchangeably. Cybersecurity is information security which focuses on electronic means. The National Institute of Standards and Technology (“NIST”) defines information security as:
The protection of information and information systems from unauthorised access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
The last three terms are the cornerstones of cyber. Confidentiality, Integrity, and Availability make up the CIA Triad, which is a model used to shape cybersecurity policies around the world. In the cybersecurity industry, confidentiality can be roughly described as privacy, while integrity consists of making sure that information is accurate and consistent. Finally, availability is concerned with the accessibility of the information to authorised parties.
What is the State of the Art?
Cybersecurity Matters to your Business
Cybersecurity has come a long way since it was first launched into the mainstream in the 1980s after a fateful viewing of the movie War Games by the then US president, Ronald Raegan. A number of standards are now widely used, with the International Standards Office (“ISO”) providing the 2700x family of standards dedicated to keeping information assets secure.
The most commonly used standard is the ISO 27001. It provides requirements for establishing, implementing, maintaining and continually improving information security management systems. The Center for Internet Security (“CIS”) offers a more adaptable approach with the 18 CIS Critical Security Controls. These are a prioritised set of actions that collectively form a defence-in-depth set of best practices that mitigate the most common attacks against systems and networks. CIS also categorises its recommendations into three implementation groups, in which the scale of measures is proportionate to the size of the business and the amount of resources available.
What is Cybersecurity?
Malicious actors attack your business in many ways. There is a whole field of knowledge dedicated to such ruses called ‘threat intelligence’. A great explanation of how this works can be found in Google’s recent series called HACKING GOOGLE. To keep it simple, here are the most common types of cyber attacks, and how they work.
1. Malware
How it works:
Malware is short for ‘malicious software’. Basically, malware is any software used to perform any type of malicious task. There are many types of malware, many of which you’ve probably heard of, such as viruses, worms, and ransomware such as REvil.
How to prevent it:
In order to mitigate malware risks, you should always keep all software up to date, especially anti-malware protection software. Your business should also have a strong password policy, together with the use of multi-factor authentication where possible, and access to your systems should be controlled in line with the Principle of Least Privilege.
2. Phishing
How it works:
In phishing attacks, attackers mainly use fraudulent e-mails which pretend to a legitimate source. In fact, you may receive this in the form of request from a bank or a tax department. The aim is to trick the recipient into divulging personal information such as passwords, credit card details, and personal information. In addition, they could contain malicious links, which the recipient would be prompted to click.
How to prevent it:
Avoid phishing attacks by educating employees and increasing awareness. Indeed, staff should be able to perceive phishing attack emails by looking for telltale signs such as suspicious sender emails or spelling mistakes.
3. Man-in-the-middle ("MITM") attack
How it works:
Generally, attackers intercept communication between two parties in MITM attacks. This allows the attacker to obtain confidential information or even alter the content of the message.
How to prevent it:
Nowadays, most systems use in-built end-to-end encryption, making MITM attacks harder to execute. However, you should always make use of end-to-end encryption or VPNs when accessing business materials through non-secure networks such as public Wi-Fi hotspots. It is also recommended that staff only interact with websites which have valid Secure Socket Layers (“SSL”) encryption certificates. These websites have ‘https://’ at the beginning of the URL, with the ‘s’ standing for ‘secure’.
4. Distributed Denial-of-Service ("DDoS") attack
How it works:
DDoS attacks are used by malicious actors to flood the target’s servers with traffic. With this strategy, hackers disrupt services and can even bring down the target server. Most firewalls can filter regular DoS attacks. Despite this, in DDoS attacks attackers use a large number of previously compromised devices to swamp the target.
How to prevent it:
It can be very difficult to counter DDoS attacks. Nonetheless, installing strong firewalls with integrated Intrusion Prevention Systems is a great first step. It is also important to draft a recovery plan ready, in order to have your systems up and running as soon as possible.
5. SQL Injection
How it works:
Attackers can use injection vulnerabilities to relay malicious code through applications such as websites. Injection vulnerabilities are always listed as the top vulnerability on the OWASP Top 10 List, and the SANS Top 25 List. Attackers are able to abuse vulnerable functionalities in order to execute commands on the target’s systems when using SQL injection.
How to prevent it:
There are a number of good practices to be taken into consideration, mostly on the development side. Developers should always make sure to sanitise inputs, and to avoid allowing users to execute commands through a website. Additionally, we recommend limiting the permissions that users have on the website.
Conclusion
Our increased usage of mobiles, computers, tablets, and general technology makes cybersecurity a main consideration for any business. Be that as it may, businesses can avoid these attacks. Granted, sometimes implementing more secure practices is enough, together with online resources readily available. However, for larger businesses, it is sometimes wiser to seek professional advice from cybersecurity specialists to fortify their systems. Constant vigilance is key, and businesses should keep up to date with best practices and policies to keep their businesses, their staff, and their customers safe.
More about MK Fintech Partners Ltd.
Michael Kyprianou Fintech Partners Ltd is a Maltese licensed VFA Agent (virtual financial assets agent). It comprises a team of dedicated experts who provide services such as advisory, licensing and registrations of activities related to Fintech, Crypto, Blockchain, Investment, company incorporations and banking. and other ancillary services. MK Fintech Partners forms part of the Michael Kyprianou Group, a top tier international legal and advisory firm. It has established an enviable reputation as a broad-based legal practice over the years. Mainly by keeping at heart its principle to always exceed its clients’ expectations. MK has grown to become one of the largest law firms in Cyprus with offices in Nicosia, Limassol and Paphos. The MK Group’s international presence also includes fully-fledged offices in Greece (Athens and Thessaloniki), Malta (Birkirkara), Ukraine (Kiev), the United Arab Emirates (Dubai), United Kingdom (London), Israel (Tel Aviv), and Germany (Frankfurt).
The content of this article is valid as at the date of its first publication. It intendeds to provide a general guide to the subject matter and does not constitute legal advice. We recommend that you seek professional advice on a specific matter before acting on any information provided. For further information, contact us at MK Fintech Partners via email at contactmkfintech@kyprianou.com or by telephone +356 2016 1010.
