While ‘island hopping’ might come across as a fun and tropical activity to try during your next holiday, this term carries a far more negative connotation in the realm of cyber-attacks.
Indeed, island hopping refers to a data breach technique that occurs when cyber-criminals infiltrate smaller organisations – such as human resources, marketing or health care companies – in attempts to access a larger target organisation. By first invading the larger organisation’s partner companies, cyber-criminals typically have an easier time hacking their final target.
And recent research from software experts revealed that this attack method has risen dramatically over the last couple of years. In fact, a startling 50 per cent of today’s cyber-attacks utilise the island hopping technique. Don’t let your organisation become the next victim of this growing cyber-trend. Use this guidance to review the most common forms of island hopping and implement best practices to reduce your risk of a cyber-attack.
There are three different types of island hopping:
1. Network-based – Known as the most common type of island hopping, the network-based method entails a hacker invading a victim’s organisational network and eventually ‘hopping’ onto a partner’s network.
2. Website ‘watering homes’ – This technique involves cyber-criminals inserting a form of malware on a smaller company’s website that is frequently used by a larger target organisation. From there, the malware infects any individuals that use the website. The hackers can then use the infected individual’s account information to access and attack the target organisation.
3. Business email compromise (BEC) – A popular method in the financial sector, this form of island hopping occurs when hackers infiltrate the email server of a partner company and send malware attacks to the target organisation via the email account of a trusted affiliate.
Use these tips to avoid an island-hopping attack:
- Be sure that your organisation – and any affiliate companies – have robust cyber-security policies and procedures in place, such as routine staff training and regularly updating software with malware protection.
- Establish a cyber incident response plan to reduce potential damages from a cyber-attack. Test this plan with staff for effectiveness.
- Secure proper cyber insurance to ensure ultimate peace of mind against evolving cyber threats. For more information, contact TH March today.