Common Cyber Security Threats - Part 2
Many times a conversation around 'cyber threats' gets too complicated, too technical and way beyond the average person's depth of knowledge. Many acronyms and terms are thrown around and many business leaders are lost in the jargon and complexities. Below is the first part of a few posts about what are common threats and how it might impact a typical business. Hope this helps to de-mystify the concepts a bit!
Ransomware – Exfiltration/Publication
Software is downloaded onto local desktop or network device (File Server) and harvests files on those devices. Data is transferred to external parties who then contact organization and inform them of possession of key business and privacy data with instructions for payment to prevent release of data to the public.
- Federal / State regulatory compliance violations
- Posting user data to the Dark Web for sell
- Public reputation of the organization
- Harm to persons that have identified data leaked (financial or medical fraud, identity theft, humiliation, etc.)
NOTE: It is not uncommon that even if ransom is paid the external parties will request additional monies in the future as there is no guarantee that the exfiltrated data has been destroyed.
- Phishing email that takes end-user to a disguised site and users unknowingly download malicious software
- Portable or mobile media (i.e., CD-ROM disks, USB / Thumb drives) are inserted into devices and software automatically downloaded
- Email attachments
- Open external ports or unaddressed vulnerabilities that allow 3rd parties access into the network
- Unattended vendor access where access is enabled through that party’s external access
Activities to Prevent:
- Phishing simulation for end-users to build skills and awareness of attempts for Phishing activities
- Actively managed Anti-virus/Malware/End-Point protection application
- Effective network / IP scheme architecture that can prevent spread of malicious software
- Properly managed firewall and external facing entry points into the network (firmware updates, patching, routine threat assessments)
Distributed Denial of Service (DDoS) Attack
External party continuously issues response requests to your organization that forces your firewall, internal servers, or other externally facing devices to respond and in essence rendering them unavailable due to performance capacity. This overloads the device with requests and prevents legitimate requests and processing needs from being fulfilled. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
- Poor performance of business-critical applications and processes
- Public reputation of the organization based on non-available IT assets for business processes
- Resource distraction and costs related to addressing such attacks
- 3rd Party applications with poor configuration resulting in vulnerabilities
- Unaddressed vulnerabilities within the network infrastructure
- Downloaded malicious software that enables ‘bot’ activity within the network
Activities to Prevent:
- Regular vulnerability assessment of internal and external facing devices and applications
- Managed network Layer 3 (or higher) switching and routing
- Managed firewall(s)