Common Cyber Threats and how to avoid them
Cyber threats come in many forms so for that reason a holistic approach is required in order to tackle them. Cybersecurity is of the utmost importance to all organizations, so the responsibility should not fall to just one department. Everybody within the organization has a role to play, so we will kick off here by addressing some of the most common internal threats to data security.
Internal data security and employee blunders
Often the biggest security risks are not from cyber criminals, but from the staff we put in charge of data management. Employees with access to business critical and Personal Identifiable Information (PII) have the ability to either expose or damage that data maliciously, or in most instances, unintentionally.
To limit the risk of damage the principles of 'least privilege' should be applied to ensure that employees only have access to the data sources that are relevant to their job roles. In additional to user level access control, data volumes can also be protected against unwanted alteration through application control. Blocky for Veeam® provides application fingerprinting technology which permits only authorized system processes from writing to protected volumes. Users are unable to make direct modifications or delete files within protected volumes unless they are doing so through a permitted application. In the case of a protected volume containing Veeam Backup and Replication backup files, a user could manage backup files if they have login permissions to the Veeam management console; but direct modification of files within a protected volume by any other process such as the Windows file explorer would be blocked.
Employees are also one of the leading causes of data breaches as they routinely make mistakes which can expose sensitive information to the public, or provide useful resources to cyber criminals. Common examples include emails sent to the wrong people externally and companywide internal emails that copy recipients in the Cc field instead of using Bcc, which can result in a full company email directory falling into the wrong hands if the email is exposed externally. This type of internal email exposure provides hackers with a great database of contacts for targeting an organization with fake emails known as phishing.
Education is the key to minimizing these types of threat through the provision of email best practice guides, training and regular assessments.
In our earlier article The Blocky for Veeam® - 5 Step Guide to a Safer Network we highlighted that 98% of cyber-attacks rely on social engineering. This is a type of attack in which criminals imitate a trustworthy entity such as a person or an organization.
Phishing is the most common form of social engineering usually conducted over email. These are fake messages which contain urgent requests, typically highlighting a problem within an organization's service delivery or the user's login details.
Depending on the method of attack, the intent is to convince the user into handing over sensitive data, downloading a malicious file attachment, or providing access to a restricted network or physical location.
Some phishing scams contain links that direct users to a recreation of the legitimate site, enabling the criminals to capture the individual's username, password and banking details. Others contain malicious attachments that infect the recipient's computer with malware.
Although most phishing attacks are email messages, similar tactics are also common on social media, by telephone and in SMS text messages.
Malware refers to 'malicious software', which are pieces of code that are planted on computers and networks to perform certain activities.
Types of malware include adware which uses pop-up adverts in an attempt to generate revenue through clicks, spyware which monitors the activity on an infected device and viruses which attach themselves to programs, script files and documents with the intention to spread as far and wide as possible.
However, one of the most notorious types of malware is ransomware.
Ransomware is malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again. It has the ability to lock a computer screen or encrypt important predetermined files. Ransomware attacks are based on a simple premise: organisations need access to their files in order to operate and generate revenue. When those files are locked a ransom payment is often the most affordable way to get the business operational again.
However, those files are only valuable if they are the only copy. You can avoid criminals' demands if you have a backup plan for when your organization is infected. Backups should be taken regularly based upon your risk analysis and recovery point objectives, but more importantly, backups should be made secure and immutable.
DDoS (distributed denial-of-service) attacks occur when hackers use a network of compromised computers, known as a botnet, to overload a target site with traffic. The site is then unable to process such a high volume of requests and either crashes or becomes unusable.
DDoS attacks are therefore not cyber-attacks designed to steal data but rather to disrupt the target organization. As such, they're normally conducted when the hacker has a political or personal reason to attack.
However, there have been instances of DDoS attacks being conducted to distract an organization while hackers conduct another attack, so it is very important to assess the damage following any DDoS attack once you are back online.
Hopefully the tips and trends outlined here have given you some new areas for consideration on your cyber security journey. For any questions please get in touch through our contact form, the Blocky team are always ready to help.