In recent years, data has been celebrated as arguably the most crucial part of a business’ assets.
Companies of all types and sizes are handling large volumes of data every day, keeping tabs on the market and their performance as well as on their clients, employees, vendors and competitors.
Just like having access to the right information can make or break a business, falling victim to a cyberattack that destroys said data can have a catastrophic impact on a company’s sustainability.
With cybercrime on the rise, how can companies protect their data from common threats?
Are Hackers Out to Destroy Business Data?
There are myriad reasons why hackers could be targeting a company’s data, and the vast majority have to do with financial gain. Cybercrime has emerged as a very lucrative business, as criminals launch a series of different attack vectors that could lead them to potentially valuable data.
Phishing scams are on the rise – which aims to manipulate the victim into inadvertently disclosing sensitive financial information like banking details or enough personal data for the hacker to engage in identity theft. Ransomware has also made headlines frequently in the past couple of years, especially after the WannaCry and Petya malware hit thousands of computers around the globe.
These attacks, which mostly targeted companies and organizations, encrypted users’ data and then blackmailed those affected into paying ransom in Bitcoin in exchange for their safe decryption and return. Those who would not pay were told they would find their data was lost forever – but even those who pay rarely get their valuable assets back.
Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.
— VFEmail.net (@VFEmail) 11 February 2019
With the rise of cybercrime as a service, malicious competitors could pay hackers to destroy data in order to profit off another company’s tragedy, as reputation damage can send their clients running to the nearest contender.
Finally, in some cases hackers may launch attacks just because they can – either because they are preparing and exercising for larger future campaigns, because they want to try something out, or in order to use a company’s network as a springboard for targeting other victims in their efforts to remain undetected.
In any of those instances, cybercriminals can inflict devastating damage by deleting and destroying data. In early 2019, US email provider VFEmail, known for its focus on privacy, disclosed that it was hit by hackers who had destroyed 20 years’ worth of user data.
The attack, which took place on February 11th, saw all data hosted on US systems destroyed, both on primary and backup servers. This effectively means that all of the emails sent or received by users served by the US systems are gone.
How to Protect Your Company Data from Cybercriminals
As VFEmail revealed, there was no ransom request – the hackers simply went in and destroyed everything, resulting in a catastrophe for the company.
Cyber threats are a very palpable danger for all companies out there, irrespective of size or the industry in which they are active – even for firms like VFEmail which are very cybersecurity-conscious.
As in most cases, being proactive can be much more effective than rushing to mitigate the effects of a data breach after the fact. Coming up with a comprehensive data loss prevention policy is the first step towards enhancing your cybersecurity defenses.
Organizations and businesses use data loss prevention to detect and prevent data breach incidents as well as unauthorized encryption and destruction of data. This allows them to secure valuable intellectual property and personally identifiable information as well as to comply with relevant regulatory requirements.
After all, data breaches can be financially devastating. A survey published on Statista indicates that the average cost of an incident in the US amounts to a whopping $7.91 million, with Canada ranking second at $4.74 million and Germany slightly behind ay $4.67 million. France and the UK complete the top 5 at $4.27 million and $3.68 million respectively.
You will find more infographics at Statista
For large organizations, data loss prevention strategies are also critical for optimizing data visibility by discovering, identifying and classifying information correctly. To this end, companies must employ cybersecurity tools to secure endpoints, data in motion, in use and at rest – which is a fairly complicated task.
The first step is installing defenses that can alert you to potential intruders and take care of the most common attack vectors. This means installing anti-virus and anti-malware software on every company computer, along with SSL certificates on your business website to safeguard your clients’ data.
In this context, training employees so that they can easily spot incoming phishing requests and similar scams are also crucial.
Companies also need to make sure that every member of staff is up to speed with best practices when it comes to cybersecurity so that they can avoid leaking data due to negligence.
In order to protect data-in-transit and at rest, data encryption software is a valuable tool. It will render the data illegible to anyone who does not have access to the encryption key – making it that much harder for hackers to get their hands on.
As the VFEmail plight reveals, it is essential to always keep regular backups of your business data, and even conduct occasional backups of the backup systems.
Taking measures to keep hackers away will cost in time and money – but it will also improve your brand value, build a relationship of trust with customers, and protect you from unexpected costs that could ruin your company.