The UK government, for example, estimates that as many as four out of ten firms in the country came under attack in 2018. In the US, the average cost of a cyberattack in 2017 was $22.21 million dollars. So clearly, the consequences of not having the right protections can be severe.
But with so many types of attack, and criminals constantly evolving their tactics, what sort of threats should firms be looking out for, and how should they go about defending themselves? Here are seven of the most common issues, and what to do about them.
Perhaps the most basic and familiar threat to many users, malware covers a wide range of unwanted programs that can cause any number of issues for a business, from destroying data to sapping resources by turning machines into botnets or cryptocurrency miners.
There are a few key categories, such as viruses, which seek to replicate and spread as widely as possible, Trojans, which gain entry to networks by disguising themselves as legitimate applications, and spyware, which looks to monitor an employee's usage to gather sensitive data.
Defending against these multitude of threats is no easy task, which is why having strong antimalware tools is paramount. There are hundreds of tools out there claiming to offer protection, but firms need to ensure the solutions they choose can detect even previously unknown malware by spotting their key characteristics - for example, a program that tries to hide once installed. It's also essential this is kept up to date and is able to scan every potential entry point to a network, from emails to USB flash drives.
Learn more: Keyloggers: Everything You Need To Know
One of the most common types of social engineering threat, phishing typically involves sending emails that purport to be from a recognized and trusted source, usually with a fake link that invites them to enter personal details into an online form. These are often designed as ways to get access to financial data or username and password combinations, but they can do more than that - especially with the more targeted 'spear phishing' variety, which will be tailored precisely to an individual recipient.
For example, in 2016, a Snapchat employee sent sensitive payroll information to a scammer after receiving an email claiming to come from the company's CEO. All the scammer had to do was ask for the data and the unwitting employee simply emailed what they requested.
Effective email security tools can help reduce the likelihood of such emails getting through, but they're not 100% effective. Therefore, user education is the best way to tackle this threat. By training people to be wary and spot the telltale signs of a phishing attempt, firms can ensure their employees are not handing over valuable data to anyone that asks for it.
Learn more: 5 Ways to Avoid Phishing Email Security Threats
A specific type of malware, ransomware works by encrypting key files on a machine or network, then demanding a payment - usually in the form of Bitcoin or another cryptocurrency - to make them accessible again. This is a relatively simple form of attack, but it has the power to be hugely disruptive, as was seen with the 2017 WannaCry incident. Depending on the particular type of ransomware used, an attack may encrypt certain file types that make it impossible to access critical business information, or block vital system files that prevents a computer from booting up altogether.
To defend against ransomware, prevention is certainly better than a cure. Indeed, once files are encrypted, there is often nothing firms can do to get them back without paying a ransom, or waiting and hoping a key is released publicly. Therefore, as well as normal antimalware procedures, an essential defense is to ensure all key files are safely backed up away from the primary network.
Distributed Denial of Service (DDoS) attacks involve an attacker flooding a system - often a web server - with traffic requests until it simply cannot cope with the volume of requests it is being asked to deliver, with the result being that it slows to a crawl and is effectively taken offline. This is a particularly tricky form of attack to deal with as it takes little skill to pull off and doesn’t require attackers to actually breach a firm's perimeter. Indeed, botnets that provide the resources needed to launch a DDoS attack can be bought on the dark web for just a few dollars.
Until recently, DDoS attackers were regarded as more of a nuisance than a serious threat to firms. They might take a website offline for a few hours, which would certainly have an impact on revenue for digital-focused firms, but that was about the limit of their impact. Now, however, the landscape is different. Sustained botnet attacks are bigger than ever before and can last for days or weeks rather than hours, and they're also increasingly used as a cover for other attacks, such as data exfiltration, rather than being an end in themselves.
Therefore, preventative and remedial measures must be taken. While companies can take several steps themselves, such as bandwidth buffering, having a DDoS mitigation service can be the most effective defense. Indeed, in 2018, Github came under attack from a DDoS botnet totaling 1.35TB of data per hour - the largest such attack ever recorded - but was able to defeat the attempt in just eight minutes thanks to its mitigation service.
Learn more: Why are DDoS Attacks Increasing Every Year?
Enterprise networks are getting ever-more complex, and that means the number of potential vulnerabilities within them is on the rise. Issues such as zero-day attacks, SQL injections and advanced persistent threats all seek to take advantage of weaknesses in code that can allow hackers to gain access to a network in order to plant malware, exfiltrate data or damage systems.
One of the main ways hackers do this is by taking advantage of outdated and unpatched software, so ensuring all systems are up-to-date is vital in guarding against many of these attacks. Yet it's something that many businesses still fail to do. For instance, Verizon’s 2018 Data Breach Investigation Report found that 99% of exploited vulnerabilities were already more than 12 months old, with published software security patches available.
Therefore, a good patch management plan is essential, especially as network sprawl continues to be an issue. This can be challenging, but many of the tasks involved in this can now be automated with the help of modern patch management tools and applications.
6. Data loss
Data is frequently described as the new oil, and for many hackers, the ultimate aim of their efforts will be to steal it, in order to sell it on the dark web for use in identity fraud, blackmail or as part of corporate espionage. Whether it's social engineering or hacking into a database using known vulnerabilities, getting data out of an organization is often the final step of any attack.
It may be the case that hackers can sit inside a network for months looking for the most valuable information and waiting for the right time to act, so even if a firm's perimeter has been breached, there are still measures businesses can take to protect themselves from the most serious consequences - but to do this, they'll need good data loss prevention tools.
This usually refers to a series of measures designed to look for suspicious activities and block the access and exfiltration of data by unauthorized users. It may monitor endpoints and send out alerts if data is copied or transferred outside of normal, approved processes.
Learn more: 3 Ways to Reduce the Risk of Data Loss
7. End users
It's often said that the biggest weakness in any security system is the part sitting behind the keyboard. But while many of the above threats can be assisted by careless employees who don't follow basic security guidelines, you should also be taking steps to ensure your employees can't harm the business deliberately, as well as accidentally. Malicious insiders who are looking to extract data or damage systems are a threat that any business may face, and it can be tough to predict, so it pays to take precautions.
Ensuring all employees have the right level of access is the first step. Restricting users to only the applications and data they need to do their job can be a great help - but of course, it will not stop privileged users and those who have a legitimate need to access sensitive information.
Therefore, this needs to be backed up with effective monitoring that can quickly identify any unusual or suspicious activity and shut it down, or challenge users to confirm they have a genuine reason for their actions.
- Security Automation: Best Practices
- 3 Components of An Effective Anti-Phishing Strategy
- Vulnerability Risk Management
- The Total Economic Impact of Rapid7 InsightVM
Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.
Join the conversation...