10 Real World Security Threats & How to Defend Against Them
As high tech and big data evolves, cybercriminals are evolving as well. Cybercriminals are becoming increasingly sophisticated, cunning, and elusive as cyber defenders scramble to stay one step ahead. Even more disturbing is the fact that the level
of expertise required of hackers is decreasing as sophisticated internet tools become more widely available and easier to use. Dealing with clever adversaries with bad intentions requires implementation of a security strategy that maximizes people, policies, and technology. Here are 10 real world cybersecurity threats facing consumers and businesses large and small, and the best way to counter them.
1 ACCOUNT TAKEOVER:
An account takeover is one of the more stealthy ways cybercriminals can gain access to your account credentials. By means of proxies, botnets, social engineering, malware, or simply purchasing your personal information on the dark web, bad actors will then use
your harvested credentials and change the email address on the account, allowing an attacker to get as much use out of the stolen account or credit card as possible before being flagged for suspicious activity. Any website that requires a login is susceptible to this type of attack.
The best defense against account takeover is effective access control and network segmentation.
2 ADVANCED PERSISTENT THREAT:
Advanced persistent threats are the most sophisticated hacker groups in the world, usually nation-state operating at the behest of adversarial foreign governments such as Iran, North Korea, Russia, and China. APT groups, however, are also motivated by financial gain and operate independently. Crowdstrike is currently tracking over 100 active and extremely dangerous APT groups around the world.
The best defense against a targeted APT attack is a proactive approach to network security, multilayer defense in depth and centralized security and threat intelligence monitoring.
3 PASSWORD ATTACK:
A script kiddie with virtually no technical skills can use automated password crackers to test thousands of passwords to try to gain access to a computer. A brute force or dictionary attack is one of the simplest and surprisingly effective ways to obtain a
login and password combination that grants access to an application, server or password-protected account.
The best defense against a brute force password attack is to configure and implement a security policy that automatically locks any account after a certain number of failed login attempts. Another mitigation is multifactor authentication.
4 WEBSITE COMPROMISE:
Hackers know that a website is quite literally the front door to the servers and databases that store a treasure trove of valuable customer and business data. Hackers use many different techniques including fuzzing, cross-site scripting, SQL, and command injection to insert malicious code that an insecure website will pass along to the backend servers, potentially compromising the entire network. Hackers may even want to compromise your website to redirect users to a malicious site or as part of a larger objective to attack a different network.
The best defense against website compromise is safe coding practices including
input validation and data sanitization, and vulnerability scanning and penetration testing to identify vulnerabilities in your website before the bad guys do.
5 INSIDER THREAT:
Perhaps the trickiest of all adversaries is the malicious insider with everything to gain and nothing to lose. An insider threat is someone in your staff motivated to carry out a cyberattack utilizing authorized access and inside knowledge of your business operation. It is estimated that 20% of organizational cybercrime is committed by insiders. Malicious insiders often try to steal or leak sensitive information and assets, either for personal gain or to share with competitors. They might also attempt to sabotage your business with immediate or triggered system disruptions.
The best defense against insider threats is to proactively log, monitor, and audit employee behavior online (including administrators and privileged users) and implement strong access control, separation of duties, least privilege, and password policies.
6 IOT COMPROMISE:
Internet of Things, IoT devices are making life incredibly convenient for us, but the lack of embedded security is creating an additional avenue of attack for bad actors. There are nearly 22 billion people connected to IoT devices globally, and the number is
rising exponentially. Hackers are increasingly targeting IoT devices, and once they infiltrate an IoT system they can use this access for lateral movement to other connected devices and to infiltrate the larger network to achieve their objectives.
The best defense against IoT compromise is effective network segmentation, firewalls, and defense in depth.
7 SOCIAL ENGINEERING:
Social engineering includes phishing, spearphishing, pretexting, and a host of other tactics designed to collect your login, password, and other personal information, and introduce malware into a host. Social engineering is the most powerful tool in the cybercriminal's arsenal because it leverages human vulnerabilities, which is so much easier to exploit than technological vulnerabilities. By tricking legitimate users into allowing security breaches or compromising their credentials, it also makes it harder to detect an interloper in the system because an employee has enabled a hacker to bypass existing security controls.
The best defense against social engineering attacks is security awareness training to teach employees how to identify phishing emails and social engineering tactics. Another mitigation is maintaining up to date antivirus and antimalware software.
Ransomware attacks cost U.S. businesses around $7.5 billion in financial losses in 2019. There are too many types of computer viruses and malware to list them all, but 94% of all malware is delivered via email. Ransomware is an attack where a hacker infects a host
computer with malware that encrypts all the data and holds it hostage until an untraceable ransom is paid, usually by bitcoin on the dark web. Cybercriminals can deploy ransomware to individuals and businesses through spearphishing, drive-by downloads, as well as via remote service exploitation. Typically ransomware attacks were reserved for APT groups, but with the arrival of cryptocurrencies and anonymous transactions, ransomware attacks are becoming more popular with less technically savvy cybercriminals.
The best defense against computer viruses and malware is up to date antivirus and antimalware software and regular data backups.
9 DOS/DDOS ATTACK:
Denial-of-service and distributed denial-of-service attacks have been one of the most prevalent attacks on information systems for decades. In a DoS or DDoS attack, cyberattackers use various techniques to take a machine or network down, making its resources and services inaccessible to its customers, employees, and other users. A DoS attack can block the availability of websites, email services, DNS, web-based applications, and other resources. DoS and DDoS attacks are often politically or ideologically motivated, but can cause extensive damage and loss of revenue for a business. A cybercriminal may also attempt to financially extort a business through a DoS attack as well.
The best defense against a DoS attack is logging, monitoring, and filtering network traffic, network segmentation, and swift incident response if a Dos or DDos attack is detected.
10 DATA LOSS/BREACH:
Massive data breaches in large corporations often makes headlines these days, but data loss, theft, and exposure is risky business in the digital age. In 2019, the average cost of a data breach in the U.S. was $3.92 million. Unfortunately, data leaks in a cloud or network environment is not always due to malicious activity, but also occurs due to negligence, mismanagement, misconfiguration, and human error. However, data exfiltration is a lucrative business for hackers and cybercriminals and every business is a potential target.
The best defense is a data loss prevention system, data encryption, account management, network segmentation, and multilayer defense in depth.
For hackers and cybercriminals, your business is their business.
Your personal data and business data is too important to be
unprepared for a cyberattack. Incorrectly configured security controls, vulnerable websites, unpatched devices, or nonexistent security policies and procedures will jeopardize the security of your data and your business.