Measures to Protect Cyber Attacks
Data is the heart and engine of every webshop - cyber criminals know this and attack precisely there.
Regardless
of whether customer payment data or trade secrets: data is the engine of every
company. Cybercriminals know this and take advantage of this company's
dependency on sensitive data: The number of online shops attacked by hackers
doubles every year.
Cybercriminals can exploit security holes in the website of an
online shop to smuggle various forms of malware into the system. Once in
the system, the malware can be used for different purposes. Companies are
most often affected by blackmail trojans, so-called ransomware, and espionage
ware. Automated ransomware in particular has already made negative
headlines this year. In May 2017, the WannaCry blackmail trojan spread
rapidly around the world in over 150 countries and caused over 200,000 victims. Spyware
attacks are less loud but no less deadly for online shops. To be
able to act successfully, spyware lies well camouflaged in the attacked
company's shop system and can access customer data there.
Backups: Define Important Data and Save It Separately
Companies should know which of their data is particularly worth
protecting. Sensitive data should be named and localized - mobile work
devices also make it difficult for decision-makers to maintain an overview of
existing data.
An external backup is a solid basis for companies to create a
minimum of basic backup. External data backup is the ideal solution here,
as there is no connection to a network and hackers cannot access the data. Manual
external backup requires discipline as backups must take place regularly. In
the event of an attack, companies can quickly resume operations with an
up-to-date backup. The backup also means that in the event of a ransomware
attack, the cybercriminals do not have to respond to their demands.
Passwords: What Should the Password Structure of The Site Be Like?
Few decision-makers are aware of the benefits their passwords have
for cybercriminals. Not only e-mail addresses can be profitably sold on
the Darknet and - if the successful hack becomes known - reputational damage
with financial consequences. Hackers can use the stolen password to access
the company's system to access customer payment data. The resulting
compensation payments or lawsuits from customers can be very costly.
Nevertheless, passwords in the company are often chosen with the
focus on being able to remember them as easily as possible. The same
password is often chosen for each area so that cybercriminals gain access to
sensitive areas and critical company assets in the event of an attack.
Patch Management: CMS and Shop Software Updates Are Labor-Intensive, but Necessary
Updates are not only necessary for the functionality of the
operating system or software. With each update, manufacturers fix known
security gaps in their software and their plugins. The attack form of the
"zero-day exploit" is based on the real-time exploitation of security
gaps in software or plugins that have only recently become known. A
prerequisite for exploiting this security gap is that it has not already been
closed by updates. The WannaCry ransomware, which is responsible for the
largest and most momentous global wave of cyberattacks to date, was only able
to cause so much damage because companies have not closed known vulnerabilities
with an update for several months. End devices can be configured in such a
way that they automatically carry out updates.
Web Server: Write Permissions as An Invitation for Malware
The ideal way to prevent malware from being executed is to
whitelist applications. So only certain applications can run files in the
system. Since such a whitelisting is very time-consuming, write permissions
can also be restricted initially. Here only certain directories are
authorized to execute files. Thanks to this precautionary measure, no
(accidentally downloaded) ransomware can, for example, be executed from
temporary storage directories, as long as only other, specified directories have to write access.
Virus Scanners & Firewalls: Keep Parasites Away with The Right Antivirus Software
Even if it is part of the standard repertoire of every operating
system: A good antivirus program can also protect against ransomware such as
WannaCry. Many of the common antivirus programs can detect not only
viruses but also malware.
Spyware and any other malware can nestle in the internal system
via the web server and tap into business secrets there. Stolen data can be
sold or used to build inexpensive product copies. Particularly dangerous:
With the data protection regulation coming into force.

No comments:
Post a Comment