Cyber security threats continue to evolve at a rapid pace, especially given the increasingly connected nature of the world with all manner of devices - vending machines, household appliances and even vehicles - connected to a network.
How can your organisation identify the biggest cyber security threats and what can you do about them? Find out in this blog.
What are the types of cyber security threats facing organisations today?
Modern organisations face a broad array of threats. They include backdoors, DDoS attacks, DNS poisoning attacks, formjacking, cryptojacking, malware (which can include spyware, trojans, botnets, and others), phishing attacks, and many more.
Vulnerabilities can occur in a wide range of systems and devices. Discovering, tracking and fixing them all can be a huge challenge.
The scale of the problem makes it more than just a technical challenge. Sometimes businesses know they are vulnerable but lack the resources or the expertise to address it.
It is very common for attackers to recycle old tricks, because they know that many systems will still be running older, unpatched vulnerable code, even though a fix for the vulnerability in question already exists.
31 percent of organisations have at some point encountered a cyber attack on their operations technology, and if successful the consequences can be severe
Often a ‘new’ attack isn’t a new technique, just a different combination of techniques that haven’t been used together before.
Increasingly the more advanced end of the threat spectrum will be stealthy and patient, using a combination of different, smaller techniques over a long time period. They almost always include some type of social engineering – old-fashioned human ‘con tricks’ – to complement the technical measures that the attackers deploy.
Security is a people and process challenge as much as it is a technological one.
What are the risks are associated with cyber security threats?
As businesses rely on technology to run their critical day-to-day operations, the operational disruption caused by such an attack can be hugely disproportionate.
There are direct economic costs to cyber attacks such as theft of information, a disruption to trading and operations, and the costs of repair to an infected system.
Reputational damage and the lack of faith from customers can lead them to look elsewhere, resulting in a loss of income for the organisation.
Legal consequences can also arise from a breach where an organisation hasn’t implemented the correct measures, proving costly and doing further damage to the organisation’s brand perception.
How can organisations identify and protect themselves against cyber security threats?
A security professional’s role in an organisation is to quantify risk and communicate that to business leaders, who can then decide how much risk they want to expose themselves to, for how much reward.
The first step is gaining visibility of your organisation’s estate and an assumption that you are going to be vulnerable in places.
Security frameworks that have been developed by the industry are useful reference models to apply to ensure you have covered the key areas, to make sure everything is secure, and to have a process in-place for attacks and breaches.
There is a community project called the MITRE ATT&CK framework, which is collectively put together by the security industry and is kept up to date on a regular basis. It is a listing and classification of all the different attack techniques that are known. As new techniques are discovered, the list is updated.
Keep in mind that organisations are always changing: the data, the people, the processes, the technology, and so forth. Security assessment is an on-going process and needs to be a constant flow of examining, assessing and re-assessing.
In terms of solutions, it’s important to have the correct technology appropriately deployed. For example, with the growth of remote and mobile working it could be argued that for many organisations endpoint protection has supplanted the firewall as the first line of defence against cybercrime.
Traditional signature-based antivirus is decreasing in effectiveness: the signature database is so large these days that vendors face a Hobson’s choice between running a cut-down subset of the database or crippling endpoint performance.
Traditional signature-based antivirus is gradually being replaced by newer, more advanced behaviour-oriented solutions that allow or deny a program based upon what it’s trying to do, not on whether it matches a predefined code signature.
It’s vital that you constantly re-assess whether your current technology is keeping pace with today’s threats. Technology and software that was state of the art 5 years ago may be obsolete today.
The flip-side of this technological arms-race is that however good your security technology may be, it is equally important to adopt a good patching policy.
Many old viruses are still used by hackers because legacy technology is not being patched, and cyber criminals know that they can still get results from them.
Although cyber security remains a high-tech area and technologically complicated, it is also increasingly about people and their behaviours.
Social engineering is a common component of advanced attacks, whereby hackers try to use simple psychological techniques to trick users into divulging passwords and other important credentials.
Over time cybersecurity professionals have realised that the question of who or what to trust is too subtle and nuanced a question to be left entirely in the hands of a computer, and however sophisticated your security technology may be, you still need to take the view that it’s when, not if, you will be hacked.
Effective policies and procedures must be put in place to govern access to data and applications, and activity across the network must be constantly monitored by skilled professionals in order to manage risk and spot Indicators of Compromise (IoC) within your IT estate.
Technology can help with this, but people need to be firmly at the core of it.
It is often very difficult for an organisation to get all of these things right on their own, many are turning to specialist third parties for assistance with their cyber security strategy, implementation or management.
It’s important to consider a partner who can cover all three key areas: an advisory capability to help understand and prioritise risk, gaps and exposure, a technology capability to manage a wide range of systems and vendors, and the operational capability to plug the gaps in your own processes and provide advanced, proactive security services to identify threats and vulnerabilities rather than just traditional break-fix management of security technology.
Be cautious of providers who can’t address all three as they could leave you exposed.
Would you like to talk to us about protecting your networks, data, and people from cyber attacks? Contact us today.