Confidentiality, Integrity and Availability
Cybercriminals want your business data but many company executives continue to believe that they are not as vulnerable to cybercrime as they truly are. The value of the information that businesses use and store might not be immediately visible, but understanding the three main types of cybercrime attacks will help you to recognize how potential intrusions happen and why you should take measures to mitigate the risks.
Confidentiality – Invasion of Privacy
Your company doesn’t have to be in health care or financial services to hold data that should be considered private. Cybercriminals want to monetize your employee information, customer records, and contact lists; from email addresses to social security numbers. Some of the information that is stolen can be monetized right away, but often it is sold to others who compile it with data from other sources to build a more sophisticated attack. Intellectual property in the form of designs, drawings, plans, trade secrets and know-how is valuable to those who want to attack your competitive edge. Privacy is an external and internal concern. Just as you need to protect information from outsiders, policies that guide internal access to information can also protect your company from harm.
Integrity –Compromises to the Trustworthiness of Your Data
We don’t hear as much about data manipulation crimes as we do with confidentiality but as hackers become better at gaining entry into systems, the risk of this type of cybercrime is increasing. The motivation of an integrity attack can be to compromise decision making, cause damage to the company reputation, or commit fraud that will result in monetary gain. Examples include changing the destination for invoice payments or payroll deposits; hijacking communications systems such as email or social media used for unauthorized messages or transactions; or modifying data that will change the outcome of a situation. Sometimes entry occurs when an employee uses unsecured methods to access company email and files. Other times malicious code is inadvertently downloaded that opens a door to the intruder.
Availability – Denying Access to Your Information
Do a google search for “hospital hacked” and you’ll find a disturbing trend, but the use of ransomware for extortion is not limited to the healthcare field. Sometimes information is the target of an availability attack, and sometimes access to a machine or network is the goal. Whether it is denial-of-service (DoS), or holding data hostage, the motive can be the payment of ransom or a major disruption of operations that will damage the company’s reputation and ability to do business. The increasing number of devices connected to the internet – from smart phones to manufacturing machinery - has provided more targets for malware and availability assaults. Small businesses might think they are immune from attacks but they are actually easy and plentiful targets.
Cybersecurity is a Business Concern
Assess your risk for cybercrime by first considering the information that you use and store in your business. Then consider the damage that would result if you were the victim of a confidentiality, integrity or availability cyber attack. Undoubtedly, security is not just an IT concern. It’s a business concern. The reason why many companies are falling behind in this area is because they lack expertise. Managed IT Service Providers partner with companies to bring cybersecurity expertise and technology tools to help thwart the growing threat of cybercrime. The best IT support companies include security as in a customized IT strategy that is aligned with business goals.
There are some measures that you can take right now to defend against cyberattack. Download our E-Book Cybersecurity Tips for Employees Online and in the Office to learn about practical steps you can take to protect your business from cybercrime.