What’s a Cyber Threat?
Cyber threats can be defined as any type of offensive action that targets computer information systems, infrastructures, applications, computer networks and much more. Their primary objective is: stealing, altering, exposing or destroying data, gaining unauthorized access to sensitive information, or make unauthorized use of a particular asset.
Cyber threats are on the rise. According to a report by the University of Maryland and Symantec, there is a cyberattack every 39 seconds and a 600% increase in cyberattacks has been recorded recently. These figures emphasize the need for organizations to be proactive in protecting themselves from hackers. With that said, this article will highlight the 5 most common types of cyber threats in 2020, and how to prevent each one.
1. Cryptolocker / Ransomware
How it works: A cryptolocker, also known as a Ransomware, is a threat that has gained a lot of notoriety over the last several years. It acts as a Trojan horse, infecting your computer and searching for any files it can encrypt on your computer and other devices connected to the network. Once the files have been encrypted, a ransom paid in cryptocurrency is requested from the attackers. Refusing to pay within a specific deadline can lead to the data being leaked or destroyed altogether. For example, a medical clinic in California who didn’t have the necessary measures in place was forced to shut down permanently following a devastating ransomware that deleted all of its patient data.
How to prevent: One of the most efficient way to recover from a Ransomware attack is to regularly back up your data. This way, you can revert the infected systems to its state before it was encrypted, thus limiting the impact on your business operations and saving your valuable data. It’s also recommended to filter .exe emails within your email client and to only open attachment from known senders, as 93% of ransomware attacks occurred through an infected phishing email attachment.
In addition to these measures, you should always perform updates when possible. Whether it’s for software, anti-virus and operating systems on your computers/networks, a large portion of updates are released to patch security vulnerabilities. Once these vulnerabilities are publicly known, hackers incorporate them into their toolset and look for any vulnerable targets that did not perform the update. They use bots that constantly scan the internet looking for these vulnerabilities in order to infect the vulnerable systems. A good example of this, is Microsoft urging its users to update their Windows servers after they’ve detected active exploitations of a critical vulnerability recently patched in an update. Another example is one of the biggest ransomware attack in history, which targeted the UK’s NHS medical centers. This ransomware attack, which cost the NHS over €92m, occurred through the exploitation of a vulnerability in an outdated version of Windows.
2. Cross-Site Scripting (XSS) Attack
How to prevent: The best way to protect your company from this cyber threat is to conduct a comprehensive penetration test. A penetration test will confirm the existence of vulnerabilities within your applications or networks — such as vulnerabilities to XSS attacks. Supported by evidence, it will prove the impact that this vulnerability could have on your users or your company as a whole if it was exploited by hackers. Penetration testing thus allows you to prioritize what needs to be fixed through concrete technical recommendations. It gives you the perspective of an attacker by replicating techniques they would use in a real cyberattack, identifying every way in which these XSS attacks could be performed and how exactly you can prevent them.
3. Insider Threat
How it works: As the name suggests, insider cyber threats comes from an internal source, such as current or former employees, contractors, or business associates. These individuals have more information regarding the organization’s security measures, data, and computer systems, which they could potentially leverage their knowledge for nefarious ends. These attackers are generally connected directly into your company’s internal network, which are known to be less secure than external networks. With this specific access and knowledge, they can gain access to and compromise critical assets for the company that are not properly secured internally.
How to prevent: To protect your company from insider threats, it is vital that you periodically perform enterprise-wide cybersecurity assessments and clearly document cybersecurity measures. Networks and systems should be rigorously segmented and access provided to employees should be restricted to the strict minimum. In addition, it is crucial to have your user permissions and segmentation audited by a third-party regularly to ensure that they cannot elevate privileges within your systems, allowing them to gain unauthorized access to critical assets.
How it works: Phishing attacks are convincing emails sent to persuade an employee to perform a certain action (e.g.: downloading an infected email attachment or providing their credentials in a malicious web page). It often impersonates a trusted source, such as a client, a provider, the government or even another employee. It can be highly targeted (sent to specific employees only) or in the form of a mass email campaign delivered to every single employee. The scammers generally act under a feasible pretext, such as filling out a document for a new company policy. They often leverage publicly known information to make their emails as convincing as possible or link to web pages that replicate a resource the user can trust, hosted on a web domain with a similar name to the one it is impersonating. Phishing is the primary vector of infection used by attack groups to perform various types of cyberattacks and has shown to be very efficient in organizations of all sizes.
How to prevent: Employees who regularly process emails should be thoroughly trained to identify phishing attempts and their level of awareness should be regularly assessed with the help of a phishing test. These tests replicate a real phishing scenario in the way they would be carried out by hackers. This way, companies can be aware of which employees are susceptible to fall for phishing attacks so they can be further trained to identify it. It will also prove to their employees that it actually represents a risk for the company. Organizations with an Office 365 environment should also consider Microsoft’s ATP (Advanced Threat Protection), which has built in protections for phishing.
To Wrap Things Up
As you can see from the 5 types of cyber threats discussed above, modern attackers use a wide variety of methods to target your company. It is important to note that these are only common attacks, but they only scratch the surface of common cyberattacks. For that reason, mounting a good defense against cyber threats is crucial for any business. The measures stay the same no matter what type of attack you are trying to prevent:
- Keep your systems and software updated
- Assess and train your employees
- Audit your user privileges
- Segment your networks and assets
- Perform penetration tests regularly
- Use a least-privilege model in your IT environment
- Regularly back up your data
- Continuously audit your IT systems