In our digital world today, the imminent threats that aim to disrupt your business and your clients can come from a gamut of sources and malicious applications.Here we share the four biggest and most relevant cyber threats that could impact your business—and how you can protect yourself from them.
Phishing is undeniably the most important of cyber threats in business that one must worry about. Your people are already inside your perimeter, behind your firewall and have access to your resources and protected assets. This is why phishing attacks are the most common way that malware gets into organisations—downloaded because an internal user clicked on a link or attachment in a phishing email. Yes, that human factor.
Security Awareness Training programs remain the best defense, but it isn’t a one-and-done approach: training needs to be repeated multiple times per year, and it is recommended that you simulate phishing attacks (i.e. phish your own people) at regular intervals to spot check, audit, provide constructive feedback, and reinforce education over and over again. In the US, Verizon has reported that 30 percent of phishing messages get opened by targeted users and 12 percent of those users click the malicious attachment or link. Sophisticated phishing attacks are designed to look real—that’s why people are fooled into clicking with devastating results.
Read our post on How to Identify Phishing Emails.
Ransomware is another major cyber threat in business. It is malware that infects your machine and begins by quietly encrypting files. When it has done its work, it sends you a ransom note that to see your files again, you’re going to have to pay. The price is always in a cryptocurrency, usually Bitcoin (BTC) per machine to decrypt your files. In most cases, attackers are willing to decrypt a few files for free, to prove they can, and have even taken to negotiating with companies who try to lower the extortion payment.
It’s wrong to pay the ransom, unless you have no other option available. You’re directly funding the crime and the criminals if you pay, which will only encourage them to keep doing it. Also, you’re now included the list of people who pay when extorted, so you can almost guarantee to be a victim again in the future. The solution to ransomware is a well-defined and executed disaster recovery/backup and restore program. Backup, backup, backup–you should be backing up your assets at regular intervals and frequently testing restore and recoverability. If you can restore your organization from backup, you will not need to pay ransom.
3. Nation State/APT Actors
Nation state actors, also known as advanced persistent threat (APT) actors, are a concern of bigger entereprise. The top reasons a nation-state would target your organisation are to steal intellectual property, influence political decisions, or to cause physical or monetary damage. These are often the “unknown unknowns” of threats. There are things you know, things you know you don’t know, and this other category: what you don’t know that you don’t know. These scare people more than anything else—which shouldn’t be the case if you’re doing security the right way.
Honestly, a persistent actor who goes after something relentlessly will eventually get it. They’re trying to do it quietly and covertly, but if that fails, a smash and grab will work just as well. Implementing a security program with a defense-in-depth strategy is your best defense. Hunting teams have uncovering unknown unknowns as part of their charter. No one can be the “abnormality” on your network and be completely silent. It is your diligence that will let you find these cyber threats in business sooner, minimise losses, and may even help you evade the loss altogether.
4. Insider Threat
The final category in the top five cyber threats list is the insider threat. These generally come in two flavors: the unintentional and the intentional. Most of your security policy and program focuses around prevention of unintentional losses from your employees. It’s the intentional criminal you have to hunt down. Why do your employees become an intentional threat actor? Many do it to steal property or information for personal gain or to benefit another organization or country. Most of the reported cases of insider threat (greater than 80 percent) to date have been done during working hours, with the activity planned beforehand, and financial gain as the motive. Revenge and having real financial difficulties have not shown to be a majority of the reasons in insider threat cases to date.
This is the hardest type of attacker to find. It requires forensic examination of your network and assets to uncover. There are many things you can do to lessen the impact of an insider threat. Physical security of employee devices can help mitigate losses in cases of insider threat; a well-implemented asset management solution can prevent lost or stolen devices from giving attackers valuable information. Connection to insecure networks, particularly unsecured wireless networks, is another preventative measure to help loss from unintentional insider threats. Your best overall protection form cyber threats in business is still a fully developed and implemented security program.
Remember, security isn’t a product or something you buy: it’s what you do every day.
Read up on how our security solution, Xari Xecure Suite can help you.