Whether the motive is profit (cyber crime and cyberespionage), making a statement (cybernuisance), or national interest (cyberwarfare), hackers have multiple types of cyber security threats at their disposal.
While there are many unique threats, organizations often fall victim to one of several common threat types. Here is a list of what many experts consider the most common threats and what you can do to prevent or mitigate the threat.
|Malware and Bots|
- Ransomware is the number one method of malware attack. It works by encrypting your data, holding it hostage for payment.
- Socially engineered malware tricks users into downloading the malware by accident, for example by clicking on a rogue website or downloading what seems to be free software.
- Malware can also be used to attack computer networks and websites in a botnet attack. Compromised systems are then used to overwhelm the organization’s resources, preventing access and use in a distributed denial of service.
- Most ransomware attacks result in encrypted files that are virtually impossible to decrypt, so the best defense against ransomware is a backup. It’s also critical that you periodically test your backup and restore processes to ensure they will work if needed.
- Socially engineered malware can be combatted with user education and ongoing awareness programs. Teach employees what such an attack looks like so they can avoid the risk.
|Phishing and Spear Phishing Attacks|
- Phishing attacks are usually comprised of a malicious email attachment or an email with an embedded, malicious link. Spear phishing refers to the process of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.
- Phishing emails often use a sense of urgency, feature a slew of grammatical and spelling errors, and ask for personal or credit information or logon credentials.
- User education is the best defense against phishing attacks. Education efforts should be ongoing in order to ensure employees are aware of the latest scams. One way to do this is through periodic phishing simulations to test awareness and provide additional coaching for those who take the bait.
- Organizations should also limit Admin rights to those who need this elevated access.
- As a countermeasure to attacks that target logon credentials, organizations should use two-factor authentication (2FA) methods to move beyond a simple name and password combination that can be easily hacked.
|Social Media Threats|
- Social media threats usually arrive as a rogue friend or application install request. Accepting such a request can translate into access to your social media account. Corporate hackers love exploiting corporate social media accounts for the embarrassment factor to glean passwords that might be shared between the social media site and the corporate network.
- Educate users about the types of potential social media threats, the danger of sharing corporate passwords, and the importance of reporting hijacked social media accounts in a timely manner.
|Advanced Persistent Threats|
- To thwart APT attacks, organizations should ensure they understand the legitimate network traffic patterns and can alert on unexpected traffic flows. By tracking flows, you can identify proper traffic patterns and intervene in the cases of abnormal patterns.
- Among 874 incidents, as reported by companies to the Ponemon Institute for its 2016 Cost of Data Breach Study, 568 were caused by employee or contractor negligence; 85 by outsiders using stolen credentials; and 191 by malicious employees and criminals.
- Many types of attacks – such as phishing scams – prey on the negligent insider. Insiders often inadvertently open the door to phishing emails that can do either immediate damage or linger in the form of an advanced persistent threat.
- The malicious insider can take advantage of access to corporate secrets, customer information, and more – selling this information on the DarkNet.
- Ongoing user education is the best defense against the negligent insider.
- To battle malicious insiders, organizations should use monitoring software to listen for suspicious activity such as large file downloads, file attachments sent to personal email accounts, login activity at odd hours, and access to data beyond that required for a worker’s job.
The Future of Work and Security: 5 Predictions for 2018
Information Security Trends for 2017 and 2018