We all know the cyber threat landscape is rapidly evolving and it is a real struggle to keep apace with the threats much less get ahead of them, which ideally is where we should be.
Organisations especially those small to medium sized ones have limited resources in terms of people, money and time to commit to all the areas they need to focus on.
It is therefore vital that their approach to cyber security is focused on the areas that will have the greatest impact in terms of threat prevention. Let’s discuss the most common cyber threats that organisations are likely to face which therefore should help to determine the main areas where protection efforts need to be focused. These threats are;
Socially engineered malware
Every year, hundreds of millions of successful attacks are conducted by socially engineered malware programs. A typical form of this is data encrypting ransomware which is downloaded either in email attachments or trojan horse software downloaded from a site hosting malware. The unsuspecting user is enticed into clicking a link or opening a document which then installs the malware, oftentimes the user is prompted to bypass security controls if they are in place for this particular type of exploit. The malware is installed on the host machine and can then disable defences such as anti-virus, conduct callbacks to command and control centres which then lead on to the exploits. Exploits could include data gathering and exfiltration or encryption of data and horizontal propagation of the malware.
This type of threat sometimes requires the use of elevated privileges. Techniques that could be used to help prevent this type of threat include;
- avoiding giving elevated privileges for daily tasks
- constantly educate users about these type of threats
- deploying advanced endpoint protection
- not relying solely on traditional anti-virus
Phishing has become a huge industry for cyber scammers and it is estimated that approximately 80% of global email is spam. Anti-spam techniques deployed by email providers are becoming better are blocking spam how ever the attackers are constantly refining their approach and inevitably some is still getting through to user’s inboxes. Most of us are so busy we do not bother to hover over the links to check for a valid url and
sometimes they are so well crafted it is so easy to miss.
The best protection against phishing apart from good anti-spam software is user education along with policies that encourage the use of 2 factor authentication such as smartcards, sms messages, etc.
Unpatched software is a major threat due to the existence of known vulnerabilities that could be protected from if the latest available patch is applied. This problem while common for client applications such as web browsers, and ancillary apps such as adobe and java are also quite common on server systems. I am sure you have seen many instances where critical servers running core business systems are unpatched and carry literally hundreds of vulnerabilities.
Software patching needs to be a part of the IT operations processes and undertaken in a regular and systematic manner to avert an easily avoidable vulnerability.
Social media threats
Social media is pervasive and an essential part of an organisations digital presence. It has therefore become a target for cyber attackers to find exploits and cause reputational damage or extort money from unsuspecting users and owners. The threats could start off as simply as a friend request or application install which then develops into something completely different. One example is a response to a post where a visitor may voice
dissatisfaction with a service. The response offers to provide assistance and redirects the person to a fake site where their usernames and passwords are requested and then exploited on the real social media site.
Yet again user education is a must to help protect against this type of threat and 2 factor authentication could also prevent compromise of username and passwords.
Advanced Persistent Threats
The majority of large organisations have been the subject of advanced persistent threats but that is not to say that small-medium organisations are not affected by this also. The attacker may initially use phishing or trojans to infect one machine but once they get hold of a machine, they extend their reach throughout an organisation and steal data within hours oftentimes remaining undetected for months.
The best way to combat advanced persistent threats is to deploy next generation detection and protection capabilities. Typically such measures will profile the normal network traffic and behaviour thus creating a baseline against which anomalous behaviour can be profiled and alerted.
You may have noticed an underlying theme in terms of the best way to
mitigate most of these threats involved user awareness. The benefits of this cannot be understated and there are some low cost good user training subscriptions that could save organisations a ton of money in costs associated with a successful cyber attack.
It is also however very important to do the basics well such as patching, endpoint protection, password policy and network security.