Drive-by cyber attacks are some of the nastiest information security threats in cyberspace today.
A drive-by attack is the unintentional download of a virus or malicious software (malware) onto your system.
While social engineering is sometimes involved (a computer user is lured into clicking on a link that takes them to an infected or malicious website set up by criminals), increasingly, a 'drive-by-download' occurs just because someone visits a legitimate website that has been unknowingly compromised by hackers.
What happens is that malware is hidden in the website’s content. According to a blogger at informationsecuritybuzz.com, the person’s computer is infected through a popup or ad, or by being redirected to another infected site. The newly installed software can steal confidential information, or if it is ransomware, it can encrypt important data – unless a ransom is paid.
Drive-by attacks are understandably a worrisome part of cyber crime, and one of the reasons the costs continue to rise.
As reported in a Forbes.com story, research has projected cyber crime costs to reach $2 trillion globally by 2019, which is almost four times the estimated cost of breaches in 2015.
In the article, cyber crime was referred to as one of the greatest threat to every company in the world.
What can an organization do to reduce these computer security threats?
- Put the right technology in place. A drive-by attack will usually take advantage of a browser, app, or operating system that is out of date. Update equipment regularly with the latest security patches and script blocking plug-ins as well as malware and virus detection.
- Provide on-going security best practices training for employees. Educate remote workers especially about protecting business devices and information outside of the workplace. Consider a policy to prevent employees from installing devices onto equipment at home – home printers for example – to reduce the risk of an attack.
- Encourage good password hygiene at the office and at home. Passwords protect hard drives and other devices. They protect the office network but also the pathways that are created to the office by mobile workers.
- Experts recommend segmenting the company’s network so everyone is not running on the same server. If an infection occurs, it won’t be able to spread throughout the entire workplace.
- Introduce a culture of security in your organization. This should include security policies and procedures, and the promotion of security best practices from the top down. Different aspects of a workplace should embed security policies - so that security behavior becomes a part of everyone's job. A Clean Desk Policy is a good example.
- Take a risk management approach to document management, and protect confidential information from creation to destruction. Back-up data on external hard-drives that are not left connected to the network. Securely destroy information that is no longer needed. Partner with an information destruction company that provides a chain of custody including on or off site destruction of both paper and hard drives and e-media.
Document security best practices go a long way in protecting an organization from information thieves.