Top five cyber threats facing your business and how to solve them
23 August 2018 | 0
Cyber security is a dynamic environment where new threats are emerging all the time. Many of the most prevalent risks exploit long-standing weaknesses, which fortunately makes them easy to combat. Here are five of the most widely seen threat types and how to mitigate the risk they pose to businesses.
Perhaps the most high profile security issue of recent times is credential theft. New regulations such as the General Data Protection Regulation (GDPR) are shining a light on organisations’ processes for breach notification, disclosure and for protecting IT environments. There are several steps that IT professionals can take to reduce the potential for compromise, such as frequently changing passwords, requiring users to use complex passwords, or better still, to adopt password managers. Password managers reduce the possibility of compromising multiple accounts as they create unique log-ins for every web service. Standalone Password Managers such as LastPass or integrated password utilities such as Chrome’s Password Manager work well.
Social engineering is also still very prevalent. Though not strictly a technical risk, scams like CEO fraud can carry a significant financial impact: we see businesses transferring between €20,000 and €100,000 to unauthorised accounts because a scammer has convincingly impersonated a legitimate customer. The best way to guard against social engineering scams is to implement safeguards in payment processes, like requiring authorisation from more than one person, or calling the company to verify if they have genuinely requested a change to their bank account. It is also worth refreshing security awareness training to ensure staff know about these scams and can spot some of the tactics.
Ransomware is not new, but 2017 was a banner year for wide-scale attacks. Large organisations like Maersk suffered hundreds of millions in losses. This year, we are noticing attackers are hijacking systems to mine for cryptocurrencies. If discovered, an attacker will install ransomware as a way of hiding their tracks. The impact will depend on how many machines are compromised, but it can disrupt business operations for several days while server rebuilding happens. The financial cost can extend to a reduced share price for public companies, and beyond that, to reputational damage.
“There are several steps that IT professionals can take to reduce the potential for compromise, such as frequently changing passwords, requiring users to use complex passwords, or better still, to adopt password managers. Password managers reduce the possibility of compromising multiple accounts as they create unique log-ins for every web service”
Fortunately, there are several ways to guard against ransomware. Regular, tested back-ups can restore systems post-attack while ensuring there is no loss of data. Keeping key systems patched will make them less vulnerable to exploit-based attacks. IT admins should only allow scripts to run on the network with elevated privileges, and they should remove domain-level admin rights from sysadmin’s accounts. Blocking access to uncategorised web sites can also protect drive-by attacks often coming from phishing sites or malvertising campaigns where no user interaction is even needed. These steps will make an IT environment more robust, together with strong AV and web filtering.
Phishing remains a pressing threat, partly because it is so broad in nature: it is often the precursor to credential theft, a data breach or as a way of introducing malware into an IT environment. Awareness training for staff can reduce phishing’s effectiveness, and AV with web threat shields can stop traffic to compromised links.
Lastly, the Internet of Things (IoT) is a more conceptual threat than the previous four, but one that organisations still need to address. Most devices and code in IoT projects do not incorporate security by design, and this leaves them vulnerable to being hijacked for DDoS attacks, or as a way of gaining access to other parts of a network.
Where possible, IT security teams should vet the tech before it is deployed. If your IT environment uses these devices, I recommend changing their default security settings from the manufacturer-issued standard log-ins. You should also adopt web filtering at the gateway or firewall. Some firewalls block traffic to known malicious IP addresses, but the fast-evolving nature of phishing and malware hosting sites mean this block list should update in real time if it is to be effective.
From a business perspective, security is about reducing exposure to risk. Adopting a layered approach to security will safeguard against some of the most common threats for now and into the future.
Adam Nash is EMEA sales manager with Webroot
Webroot is giving an exclusive free one-month trial of its business products. To avail of this exclusive offer, visit www.webroot.com/Bundle-Free-Trial/