Cyber criminals never sleep and are constantly producing new and better ways to infiltrate your clients’ networks and access their data. For example, while ransomware still tops the list of preferred attack methods, cyber extortion is rapidly gaining popularity. Keep reading to learn what cyber extortion involves, how to spot it and ways in which you can protect your clients from falling victim to it.
What Is Cyber Extortion?
Cyber extortion occurs when hackers illegally access your client’s sensitive data or systems. They typically demand money in return for allowing you to either regain control over these assets or stop the attack.
Just like many of us, cybercriminals love the holidays. For example, if your client runs an ecommerce site, a hacker can launch a distributed denial-of-service (DDoS) attack during Black Friday, preventing visitors from purchasing products or services—until your clients pays a ransom demand.
Other types of cyber extortion include:
1. Ransomware
A favorite tactic among cyber criminals, ransomware occurs when a hacker breaches your client’s network and hijacks their data or other asset. They then demand a “ransom” be paid in exchange for releasing it, typically in the form of cryptocurrency.
2. Data extortion
Also called “data kidnapping,” this occurs when a hacker steals files from a compromised computer (end-user or server) via a cyberattack. The hacker then demands payment for the secure return of the data or “guarantees” that it will be removed from their repositories.
3. Email-based cyber extortion
In this instance, a hacker will typically send your client an email threatening to release private information over social media to friends and family unless they pay a ransom.
6 Ways to Protect Against Cyber Extortion
Prevention is the best way to thwart cyber extortion attempts. Here are six steps you can take now to minimize your clients’ risk:
1. Back up files and data
Your clients are already doing this, right? If they have a have a backup that’s readily available, they can keep their business operations running, even if they are targeted by cyber extortionist.
2. Know what data your clients need to operate
This will give you a clear idea of what assets must be protected.
3. Implement firewalls and anti-malware
These cybersecurity solutions serve as a barrier from malware that hackers use to deploy ransomware attacks.
4. Perform background checks on all your employees—and your clients’ employees
While you’re at it, check on any contractors and vendors, as well.
5. Educate your teams on how to spot and avoid different types of phishing
There are many phishing methods that your clients should know about. Phishing occurs when hackers attempt to trick people into divulging sensitive information, often by clicking on a malicious email attachment. One of these is whale phishing, which targets people in powerful positions. Another is spear phishing, which focuses on specific people or groups of employees within and organization.
6. Implement a Zero-Trust policy and authentication system based on principles of least privilege
Limit your clients’ employee access to their networks based on the minimum amount they need to perform their jobs.
Explore how the Fortinet Security Fabric empowers you to protect your clients’ networks from the various types of threats hackers use to launch cyber extortion attacks. This solution offers an effective, integrated set of tools that can protect your clients’ expanding networks and edges. The Security Fabric includes Zero Trust Network Access (ZTNA) controls, threat intelligence, cloud security, secure networking, email threat protection, anti-malware and more.