ProtonBlog
Inscreva-se por RSS

How your business can prevent 6 types of cybercrime

Ben Wolford

Compartilhar esta página

Malware and social engineering are the top two types of cybercrime methods businesses have to face. Here’s how to prevent these attacks from hurting your business.

Each quarter, the security firm Positive Technologies releases statistics on the most common types of cybercrime based on their internal data. The numbers(new window) from the fourth quarter of 2018 shed light on the illegal market for business data and fraud.

The six most common cybercrime attack methods against businesses are use of malware (including ransomware), social engineering, hacking (mainly attacks on servers or blockchains), web attacks (a subset of the hacking category involving injecting websites with malicious code), credential compromise, and distributed denial of service (DDoS).

We’ll use this list as a starting point to talk about prevention strategies. (Note: the total adds up to greater than 100% because of attacks that involve more than one type.)

1. Malware

Over half (55%) of all types of cybercrime involve malware, according to the report. These attacks include spyware and remote administration malware, which give attackers a back seat to everything you do on your device. From there, they can gain login credentials, sensitive business data, or information to help them conduct social engineering attacks. The third most popular kind of malware attack is the dreaded ransomware, which typically locks your device or takes your data hostage until you pay the hacker to release it.

How to prevent malware attacks:

  • Make sure your operating systems, applications, and plugins are running on the latest versions.

2. Social engineering

Social engineering attacks (31%) don’t rely on technical sophistication so much as trust. Because they prey on human vulnerabilities(new window) instead of technological ones, this type of cybercrime is especially difficult to guard against. Types of social engineering attacks include phishing(new window) and more elaborate physical schemes. For example, an attacker might leave an infected USB near the entryway to your office building in the hopes that an employee will insert it into their computer.

How to prevent social engineering attacks:

  • Maintain a healthy skepticism among your employees by creating a culture of security awareness(new window) in your organization.
  • Never click on links or download attachments in emails you weren’t expecting. If a trusted brand asks you to reset your password, do not click the link provided in the email. Better to navigate manually to the website and log in there.
  • Beware of cold calls, cold emails, unexpected office visitors, and lost USB sticks.
  • Limit the amount of information you provide on your company’s website, and discourage employees from listing their contact information on the Internet if possible.
  • In Proton Mail there are extra anti-phishing protections. For instance, all emails from Proton Mail have an Official badge; emails claiming to be from us without this badge are phishing attacks. Additionally, sender spoofing (in which the attacker manipulates the From address) is not possible in emails between Proton Mail accounts.

Learn more about DMARC protection, our report phishing feature, and other measures

3. Hacking

Typically the term hacking encompasses a wide variety of attacks. Positive Technologies defines it more narrowly in its report: “attacks that take advantage of vulnerabilities in software and services, weaknesses in protection mechanisms, and other shortcomings of targeted systems that do not involve social engineering or malware.” Examples include server-based attacks or the manipulation of blockchain-based services. One-fifth of the cyber crimes involved hacking.

How to prevent hacking:

  • Use only trusted services with a reputation for strong security. This includes your web hosting provider, cloud services, and IT contractors.
  • Put monitoring and accountability mechanisms in place for your employees to discourage insider attacks, including strict physical and digital access controls.
  • Make sure all software is up to date.
  • Invest in automated tools and security audits.
  • Encrypt all data.

4. Web attacks

Web attacks represent another fifth of cybercrimes against businesses. These attacks exploit vulnerabilities in websites to access the data of other users of the sites. For example, hackers might inject malicious code into an e-commerce website that allows them to steal customers’ credit card information.

How to prevent web attacks:

  • You can mitigate web attacks by only working with trusted web developers and using reputable third-party services.

5. Credential compromise

Seventeen percent of attacks involved credential compromise, meaning a hacker uses your login information to gain unauthorized access to your accounts. An attacker can learn your credentials in a number of ways: phishing, social engineering, malware (such as keyloggers), or hacking (gaining access to a database of credentials and cracking the passwords).

How to prevent credential compromise:

6. Distributed denial of service (DDoS)

Although few businesses will ever find themselves the target of a DDoS attack (2%), these can be extremely costly and disruptive. DDoS attacks flood a network with traffic, overwhelming it and preventing legitimate users or employees from accessing the service. Once the network is effectively shut down, the hackers typically demand a ransom to restore service.

How to prevent DDoS attacks:

  • Most DDoS attacks require the use of specialized services that use software to identify and divert malicious traffic.

You can mitigate most of these attacks by using trusted service providers that are committed to security. Proton Mail is the world’s largest end-to-end encrypted email service. Developed by CERN and MIT scientists in 2014, over 10 million people and businesses now use Proton Mail to secure their data and protect their privacy. Learn more about Proton Mail for business(new window).

Best Regards,
The Proton Mail Team

You can get a free secure email(new window) account from Proton Mail.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.


Proteja seu negócio com a Proton
Obtenha o Proton for Business

Artigos relacionados

compromised passwords
en
  • Princípios básicos de privacidade
How do passwords become compromised?
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
en
  • Princípios básicos de privacidade
Is WeTransfer safe?
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
en
  • Princípios básicos de privacidade
What is a dictionary attack?
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
en
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f
en
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
en
  • Princípios básicos de privacidade
What is a brute force attack?
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a