Threats – Internal and External.
The threat profile for companies that leverage technology to operate their business is ever changing. Threats can occur from not only from external actors but also internal personnel.
These threats can come from what is known as ‘vectors’, hackers that use a range of different techniques to violate companies IT Infrastructure such as Windows Servers and other personal computing devices such as windows and MAC desktops, Android and IOS smart devices. Hackers target the computers ‘Operating Systems’ with a range of techniques such as ‘phishing’ or ‘malware’ injection enable hackers to install in many cases undetected software to either extract data, control or further infect other computers.
The main techniques hackers use to impact small to medium businesses (SMBs) include; Bait and Switch, Cookie Theft, Eaves-dropping, Malware, Denial of Service, key logging and Phishing in an effort to either infect more computers within the organisation, or to use tactics such as “ransom” the company by removing access to company data and systems until such time as a payment is made (commonly known as ransom ware and is currently the predominant way hackers are leveraging their capabilities).
Please see this article: https://home.kpmg/au/en/home/insights/2020/05/rise-of-ransomware-during-covid-19.html Source: KPMG 12th of May 2020.
The significance and prevalence of external attacks such as ransomware cannot be understated and companies hosting their own infrastructure need to be constantly working on protecting themselves by investing in expensive security technology and employing security professionals in an effort to combat this.
Another significant vector for subsequent data loss is from either intentional or non-intentional data and system downtime caused by employees. Disgruntled or malicious employees can steal data or impact systems by gaining access to company systems. It is also common for employees to lose data or harm IT Infrastructure un-intentionally. This can be in the form of accidental deletion, power cycling, or even using poor internet browsing practices and through not updating operating systems.