Try to imagine yourself walking into your company in the morning. It is like any regular day, you sit down at your desk to commence your work day. After you turn on your computer and check your emails, you notice a flagged email you opened and responded to on Friday is from an unrecognized address. At this point, you know that the information you relayed (to who you thought was a business partner) is now in the hands of a cyber-criminal.
The hacker will now move onto the next phase of the attack. Usually the stolen information helps to create new methods of obtaining more information. Often being spread to customers or colleagues, all disguised as somebody within your company. Fake emails are sent out with tools to collect private info. The next phase is the delivery of the scams. Emails are sent, links are embedded, and malware is downloaded. At this point, it is too late to go back. As of now, the hackers sent out the attacks and are now sitting and waiting for the stolen information to pour in. As usernames and passwords arrive, the hackers will begin to cross-examine and try each and every login within web-based email systems to get within the company. For the computers where malware was downloaded, the hacker can get backdoor access to your computer and actually control it from wherever they are in the world. If the hackers do not care about being inconspicuous, they can even lock you out of your computer and take away all control you have, essentially turning your computer into a paperweight. On the other hand, most of the time these hackers do not want to be noticed so the malware they install is just a persistent backdoor so that they have continuous access to your computer whenever they want it.
Once these hackers can get into your computer, they also gain access to the network your computers work on. While this is going on, the hackers copy and paste all of your files onto their own server and begin to create admin accounts to change settings and eventually wholly lock you out of your own company. The attacker can look at anything, impersonate any user on the network, and even send e-mails from the CEO to all employees. With the ability to change network settings, these hackers can also lock out your IT company from performing any data loss maneuvers or recovery tactics.
In a cyber attack, not all hackers are after something they can monetize, although it’s highly likely. Sometimes their main goal could just be to cause chaos within a company. They might even just aim to disrupt daily operations. For companies that receive orders and have to process them within the company, the hackers could print fake orders or delete orders causing customers to be unhappy and lose the company’s profit. In more industrial settings, hackers can override large equipment or disable alarms and safety protocols causing injury or lawsuits from employees. This all comes with the intention to hinder the operations of a company.
This is where some questions begin to show themselves but, how could you put a price on the information your business contains? Some insurance policies that cover this type of attack could cost you thousands of dollars. How thin are the lines for determining what kind of fraud was experienced? Some policies may fall on an extremely thin line. What happens when a company pays for a policy that seems to cover their information from the result of a data loss but, once the company experienced the attack, their insurance deemed the attack fell under another policy. At this point, it is their word against yours. This is why companies cannot rely solely on cyber insurance. This insurance only protects you in the event of a data loss. At Davis Business Technologies we work to prevent data loss before it occurs.
Stop by our office to chat with any questions or comments you may have. Our doors are always open!
CONTACT US to discuss how we can help you to stay compliant, protect data and be proactive with a reliable technology solution you and your patients can trust.
Phone- 610-264-1600
Address- 924 Marcon blvd, Allentown PA, 18109 Suite. 104
