Cyber Threats: What to Know. What to Do.
There’s a good reason ransomware, DDoS attacks, and other malicious acts are categorized as “cyber threats.” They can potentially cause extensive, expensive damage by stealing or corrupting data or disrupting computing systems.
Businesses know them; there’s no escaping the headlines when a data breach hits a major company. Many have experienced them to some degree. And there’s a whole cybersecurity industry devoted to combatting cyber threats. Too often, however, these threats turn into real-world attacks. And they keep happening. Among the reasons: too many organizations (and individuals) continue to underestimate and under-prepare for them.
The following are some things to know about cyber threats to help reduce the chances of falling prey to one and mitigate the damage if one does occur.
1. Digital Transformation Opens the Door
Digital transformation is changing how business is done, and companies are forging ahead with their digital business initiatives so they don’t get left behind. In many cases, however, IT isn’t involved in the early phases of decision-making. They’re relegated to just “making it happen.” And the business leaders making plans aren’t considering the security risks that accompany new technologies, their implementation, and their use.
The to-do’s: IT needs to be part of all digital transformation discussions and efforts from the start. Not only can they help on the evaluation side and provide insights into what’s entailed for installing and rolling out desired technologies. They can assess potential risks and what will be needed to mitigate them.
2. Knowing the Threats is Half the Battle
To protect against cyber threats, you need to know what they are ─ and where the risks exist. Ensure you have a good understanding of the most common cyber threats. Among them:
- Data Breach – the theft of data by a malicious actor. Motives for data breaches include theft and espionage.
- Denial of Service attack or Distributed Denial of Service Attack (DDoS) – an attacker takes over many devices and uses them to invoke the functions of a target system, such as a website, causing it to crash from the overload of demand.
- Email Account Compromise (EAC) - a highly sophisticated attack in which attackers use various tactics, such as password spray, phishing, and malware, to compromise victims’ email accounts, gaining access to legitimate mailboxes.
- Malware - software that performs a malicious task on a target device or network, e.g., corrupting data or taking over a system.
- Malware on Mobile Apps - attackers may embed malware in app downloads, mobile websites, or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts, and more.
- Man in the Middle (MitM) attack – an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another.
- Phishing – an email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message.
- Ransomware - an attack that involves encrypting data on a target system and demanding a ransom in exchange for letting the user access the data again.
- Spear Phishing – a more complex form of phishing in which an attacker learns about the victim and impersonates someone he or she knows and trusts.
- Trojan – a type of malware that enters a target system looking like one thing, such as a standard piece of software, but then releases malicious code once inside the host system.
The to-do’s: Once you have a good understanding of common cyber threats, conduct a vulnerability assessment to identify security gaps and the potential for attacks. This includes reviewing your IT security strategy, incident response plan, business continuity/disaster recovery plans, and employee security training.
3. New Cybersecurity Threats Keep Appearing
New cyber threats are constantly emerging, with millions being created every year. Most fall into one of the described categories, but they’re becoming stealthier and increasingly destructive. Case in point: a new generation of “zero-day” threats can surprise defenses because they carry no detectable digital signatures.
There are also Advanced Persistent Threats (APTs) to watch for as they continually improve their effectiveness. With APTs, hackers burrow into networks and maintain ‘persistence’ — a connection that can’t be stopped simply by software updates or computer rebooting.
The to-do’s: State on top of the latest IT security news and trends. Follow security professionals and influencers on social media. Browse security-related social media topics. Participate in IT security forums. Listen to IT security podcasts. Check vulnerability and risk advisory feeds. Attend IT security events. Consider working with a managed security services company or a cloud services provider that offers managed security. These vendors have to stay up to date on cybersecurity because it's their business.
4. Cyber Defense Best Practices Help
While there’s no sure way to prevent cyberattacks, incorporating IT security best practices can make a difference. The following are just a few to incorporate into your IT security operations.
- Establish a robust cybersecurity policy. Consider a hierarchical cybersecurity policy. It consists of a single centralized policy that describes company-wide information security practices but also includes policies specific to each department within your organization. It considers each department’s unique needs, threats, and vulnerabilities, helping to increase overall cybersecurity policy effectiveness.
- Secure your perimeter and IoT connections. Secure your perimeter by protecting all endpoint devices and your border routers. Separate sensitive data from your corporate network and limit access to such data. Combine conventional protection measures such as firewalls and VPNs with the zero-trust model. Zero trust requires users and devices in your organization to be continually validated to prevent unauthorized access.
- Employ a people-centric security approach. In people-centric security, employees (and vendors and anyone else who accesses your network) are both an important perimeter and a potential threat vector. Educating and monitoring all people who access your IT systems helps reduce the chance of human-oriented risks.
- Manage supply chain risks. Think beyond merely managing your third-party risks and develop a comprehensive strategy of cyber supply chain risk management (C-SCRM). NIST Special Publication SP 800-161r1 and NIST Key Practices in Cyber SCRM can help you create a C-SCRM program.
- Conduct regular cybersecurity audits Conducting IT security audits regularly ─ audits that specifically include cybersecurity ─ helps you detect and take care of: Cybersecurity and other IT security vulnerabilities, compliance gaps, and the suspicious activity of your employees, privileged users, and third-party vendors.
Audits should also cover the requirements of any relevant security standards, laws, and regulations.
The To-Do’s: Numerous organizations, as well as IT security vendors and consultants, can guide you in choosing and implementing the most appropriate cybersecurity best practices. Two to consider are CISA, the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience, and NIST, which develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of the U.S. industry, federal agencies, and the broader public.
5. Don’t go it alone.
Between day-to-day operations and digital transformation initiatives, IT staff may find it difficult to focus on cybersecurity to the extent needed. Even though many tools on the market can help, it takes time to research them, compare the options, and determine how to integrate them into existing systems. Working with managed security services providers (MSSP) or a cloud services provider (CSP)that offers managed security services can be a worthwhile endeavor.
These companies specialize in IT security, cybersecurity included. They stay on top of the latest trends and technologies and can save you time and resources by providing much-needed guidance and even taking on some of the security services for you.
The To-Do’s: If you’re already working with a CSP or a managed service provider (MSP), ask about their managed security services. You can also reach out to these companies or an MSSP to get recommendations for managed security services. Many of these companies may also offer security audit services to help you determine where your cybersecurity gaps are and how best to defend against cyber threats and other IT security vulnerabilities.
US Signal offers a wide range of managed security services, security advisory services, and data protection solutions, in addition to colocation, cloud, and network services. For information, contact us.
You can also take advantage of these resources:
Safe with US Signal (An Overview of US Signal’s Security Services)
Selecting a Managed Security Services Provider Worksheet