Wa0071
Wa0071
Wa0071
Insider threats
Viruses
Computer worms and Trojans
Botnets
Phishing attacks
Ransomware attacks
Exploit kits
Malvertising
Advanced persistent threats (APTs)
Distributed denial-of-service attacks
As you can see, information security or infosec threats range from advanced
persistent threats to different types of malware, each with the capacity to bring
down your organization unless it has an effective cybersecurity strategy.
If you don’t already do so, require multi-factor authentication (MFA) for all
users. This will require users to provide additional identifying information (say,
a one-time verification code sent to their phone) after they enter a correct
username and password. Many times, multi-factor authentication alone can
deter a potential security incident from occurring, since criminals will simply
move on to another target that doesn’t use MFA.
Also consider encrypting your sensitive corporate data at rest and in transit
using suitable software or hardware technology. This way, attackers won’t be
able to access confidential data such as your account or credit card details
even if an attack succeeds.
To prevent this type of security incident, start by looking for and remediating
any security vulnerabilities in your IT environment. Ideally your organization
should do this by conducting regular vulnerability assessments and scans as
part of your overall risk management program.
Another tactic is to use the “principle of least privilege” to limit the access
rights for users to the bare minimum permissions they need to do their jobs.
Also consider security monitoring tools to help you collect and analyze
potential security threats, so you can respond appropriately.
While preventing insider threats can be difficult, you can take some steps to
reduce the chance of an incident. First and foremost, you should implement
spyware scanning programs, antivirus programs, firewalls, and a rigorous data
backup and archiving routine.
You should also train your employees (and any contractors) on security
awareness before allowing them access to your computer networks. A robust
security awareness training program should also include routine training
sessions to avoid any unintentional security incidents resulting from user
error.
You can also implement employee monitoring software to reduce your risk of
a data breach or intellectual property theft by identifying careless, disgruntled,
or malicious insiders. Additionally, an internal whistleblower program (that
protects employees who come forward) can help your organization to gain
intel about potential security incidents.
A data loss prevention policy will also let insiders know what’s expected of
them when handling company data and that they’re being monitored for
unwanted behaviors. Sometimes this alone is enough to prevent internal
actors from acting carelessly or maliciously.
Phishing Attacks
In this type of social engineering attack, the attacker assumes the identity of a
reputable entity or person via email to distribute malicious code or links that
can perform various functions, such as obtaining login credentials or account
information from victims. More targeted phishing attacks are known as spear
phishing attacks, where the attacker invests more time researching the victim
to pull off an even more sophisticated attack to steal information.
On a technical level, a gateway email filter will help you trap a large number of
mass-targeted phishing emails and reduce the overall number of emails that
reach your users’ inboxes. You probably still won’t be able to prevent every
single phishing attempt from entering every single inbox, so you’ll need to take
other steps as well.
Start by educating your users so that they’re better able to identify phishing
attempts on their own. In some organizations, incentive programs encourage
employees to identify and report phishing emails in exchange for a reward.
These types of programs have prevented phishing attacks from leading to
more serious types of security incidents, like malware attacks.
Malware Attacks
Malware is a broad term for various malicious software, including Trojans,
worms, ransomware, adware, spyware, and other types of viruses. Malware
can either be inadvertently installed when a user clicks on an advertisement,
visits an infected website, or installs freeware or other infected software; or, it
can be installed intentionally by insider threat actors or malicious actors with
unauthorized access.
The signs of a malware attack include unusual system activity, sudden loss of
disk space, unusually slow speeds, repeated crashes or freezes, increased
unwanted internet activity, and pop-up advertisements.
To protect your organization against this type of security incident, you should
install an antivirus tool to detect and remove any malware. Whether you
decide on real-time protection or routine system scans to detect and remove
malware, whichever security solution you choose should protect your
organization against any existing malware and any future malware attacks.
You can also reconfigure your firewalls, routers, and servers to block any
future unwanted traffic. Keep your firewalls updated with the latest security
patches as part of your overall patch management program to keep your
systems, software, and applications at their most secure. If you choose, you
can also integrate front-end hardware into your network to help analyze and
screen data packets to classify them as they enter the system.
You should also educate your employees on the dangers of using open public
Wi-Fi networks, because it’s much easier for hackers to commit cybercrime by
exploiting these connections. For the most network protection, use a virtual
private network (VPN) to help ensure more secure connections.
Password Attacks
A password attack is expressly aimed at obtaining a user’s password or an
account’s password. To do so, hackers use various methods, such as
password-cracking programs, dictionary attacks, password sniffers, or simply
guessing passwords via brute force trial and error.
A brute force attack is when a hacker or bot attempts to log in using a series
of generated passwords over and over again until the attacker succeeds. This
type of trial-and-error attack can also cause websites to crash, which is
another reason why multi-factor authentication is so important.
You should also insist that your employees use strong passwords that include
at least seven characters as well as a mix of upper and lower case letters,
numbers, and symbols. Users should also change their passwords regularly
and avoid duplicating passwords for multiple accounts. Any passwords your
organization stores should be done so in secured repositories and should also
be encrypted.
To avoid this attack, your organization should review code early in the
development phase to detect any vulnerabilities automatically, by using static
and dynamic code scanners. You should also implement bot detection
functionality to prevent bots from accessing your application data. Finally, a
web application firewall will help you monitor your network and block potential
attacks.
Another type of web application attack is an advanced persistent threat (APT),
a prolonged and targeted cyberattack typically executed by cybercriminals or
nation-states to gain access to a network and remain undetected for a period
of time. Ultimately, this type of security incident aims to monitor the target’s
network activity and steal data rather than cause damage to the network or
organization.
To avoid this type of attack, your organization should monitor incoming and
outgoing traffic to prevent hackers from installing backdoors and extracting
sensitive data. Again, web application firewalls at the edge of your network
perimeter will help to filter any traffic coming into your web application servers.
A firewall can also help filter out application layer attacks, such as SQL
injection attacks which are often used during the APT infiltration phase.
You should also monitor for unauthorized users attempting to access servers
and data, or requesting access to data that isn’t critical to their job function.
This type of behavior indicates two scenarios: an insider attempting to gain
unauthorized access to confidential information for malicious purposes, or a
malicious actor has already gained access to a user account and is using that
account to attempt to gain access to more privileged data.
As a general rule, you should always use the principle of least privilege
regarding your data. This means only granting access to data to those
employees who need access to perform their duties. To implement this
principle, however, you’ll need to start by categorizing your data by sensitivity,
so that you know which data your employees should have the least access to.
You’ll also need clearly defined roles for the users in your organization, so
you’ll know which data different types of users need.
This traffic might include insiders uploading large files to personal cloud
applications, or sending large numbers of email messages containing
attachments to addresses outside the company, or downloading large files to
external storage devices such as USBs. You should also monitor for any
traffic sent to or from unknown locations-especially if your company only
operates in one country.
Start by creating a list of your company assets and keeping it current; it’s
impossible to know how to protect your assets if you aren’t exactly sure what
those assets are. Then conduct a risk assessment to determine the level of
risk each of those assets presents to your organization. Next, prioritize those
risks and create a mitigation plan for each one you identify. Finally, after
mitigating your existing cyber risks, it’s time to start the process again.
This includes making sure that the right people know what to do when a
security incident occurs, and that you have the right plans to cover your
assets in a number of disruptive events, including cybersecurity incidents,
natural disasters, and more. A disaster recovery plan will help your
organization ensure business continuity in the face of one of these
disruptions.