Protect Your Organization with Improved Incident Response
A well-planned incident response capability can protect your organization from external and internal threats, no matter where work takes place.
According to a recent survey by the World Economic Forum, cyber attacks are the number-one concern among executives in advanced economies.
This alone explains why Gartner forecasts worldwide information security spending is set to exceed $124 billion in 2019, an increase of 12.4% over 2018. But where is all that money going?
A significant portion will go toward preventing (and, for an unfortunate few, responding to) the dreaded cyber breach. A few big-ticket items include cybersecurity software systems, countermeasures, and the salaries of the experts hired to fend off attacks.
Though each company is different, there are some common themes that routinely crop up as significant dangers. Some are new, as the cybersecurity landscape is constantly shifting and evolving with the emergence of new threats and vulnerabilities. Others are much older strategies that have been used since the dawn of the Internet and, though simple, won’t go away. For businesses to minimize their risk of a data security breach, they need to be constantly vigilant for both types.
According to experts, here are the top threats companies need to be worried about to protect against a breach:
This is the single biggest threat to any organization, year after year. While some “insider” attacks are the result of employees intentionally causing harm, the overwhelming majority are the result of employees making some simple—and highly preventable—mistakes. These age-old vulnerabilities include falling prey to phishing attempts, visiting malware-laden websites, bringing compromised USB drives or other personal devices to work, or failing to safeguard their user credentials. One common mistake is when employees use “shadow IT” apps, or apps not expressly approved by IT departments. Though the users themselves typically aren’t aware of the issues, the rogue apps may have security or compliance issues that can cause major problems.
Phishing schemes—social engineering attacks designed to steal user logins, credit card numbers, or personal information—are the origin of most successful cyber attacks. They’re successful because the attacks seem to come from a trusted source, like a person’s bank or coworker. Business email compromise (BEC), a highly targeted spear phishing technique, is by itself responsible for over $12 billion in losses globally. Although many people still equate phishing with emails, this threat has evolved in recent years as hackers have moved to text messages, phone calls, and even social media quizzes to trick unwitting victims.
According to Verizon’s 2018 Data Breach Report, ransomware is the “top variety of malicious software, found in 39% of cases where malware was identified.” Ransomware attacks begin by first getting encryption malware onto a business’ network (often accomplished through phishing). Once the malware is on the network, it begins to encrypt all of the files on the network to make them inaccessible to the system’s users. Next, the victim receives a message telling them that their files have been encrypted, and they must pay money to get the encryption key. This is often a ploy, and the victim never gets access to his files again—even after paying significant sums.
Cryptojacking, a slight twist on ransomware, is a very new phenomenon that has emerged with the rise of cryptocurrencies. This brand of malware lets hackers take over enterprise computer equipment in order to mine cryptocurrencies. This poses a severe cyber security threat that can crash applications and even damage hardware.
According to that same Verizon Data Breach Report, nearly 60% of data breach incidents in 2016 could be attributed to intrusion attempts made by people outside of an organization attempting to bypass network security. In other words, hackers. As a general rule, these malicious actors probe a network for its weakest defenses—such as unpatched security vulnerabilities in business software or software update supply chains—and attempt to exploit them. In 2019, the number of potential vulnerabilities has exploded due to the proliferation of cloud security threats, unsecured Internet of Things (IoT) devices, and even wearables, all of which broaden a company’s potential “attack surface.”
Unfortunately all it takes is one vulnerability for hackers to be in business. This is what happened when JP Morgan Chase suffered a data breach in 2014. The company’s security team neglected to upgrade just one of its network servers with dual-factor authentication (DFA), leaving the bank vulnerable to intrusion.
DDoS stands for distributed denial of service, an attack designed to flood a victim’s network resources so they cannot process legitimate traffic on their network. At a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination. They achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. Networks of compromised IoT devices that can be remotely controlled and used to launch attacks on a massive scale, sometimes including millions of machines and computers.
Frighteningly, DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped, and restarted to hide other breaches in progress. By using DDoS attacks as a distraction, attackers can divert a cybersecurity team’s attention long enough to launch a different kind of attack.
While many countermeasures get quite technical and require next-generation solutions, one important cybersecurity strategy is comparatively easy and effective: employee education. By keeping employees vigilant for signs of an attack, companies can ward off the great majority of attempts. As an illustrative example, most phishing attacks can be prevented if targets just know the warning signs—such as suspicious emails coming from trusted entities.
It’s important to create a comprehensive cybersecurity strategy to protect your business’ most sensitive data—one that covers the biggest cybersecurity threats to your business. LogicGate’s IT Security Risk solution gives you complete ownership of your cybersecurity risk, helping you pinpoint relevant technology assets and classify their underlying data by risk level. You can customize your inventory of threat actors and threat events and configure rules to assess for capability, intent, and targeting. Then you’ll define custom risk appetites, which determine mitigation strategies applied to risks over a particular tolerance level.
You can also use LogicGate’s repository of control frameworks to ensure compliance with industry best practice standards. Map controls to business processes, assets, and risks and identify deficiencies versus standard frameworks such as NIST, COSO, ISO, to name a few. Next, you’ll create accountability by assigning compliance activities with due dates to the relevant lines of business, ensuring the right steps are being taken to keep your employees up-to-date on the most critical threats and properly equipped to respond.
For more on IT Security Risk Management, check out LogicGate's eBook below on Building a Cyber-Savvy Culture: A Guide to Unlocking the Power of IT Security as a Business Enabler.
Risk Cloud Exchange is an ecosystem that is designed to inspire your risk program in Risk Cloud by giving you that holistic look into the…
LogicGate CEO Matt Kunkel, discusses the 6 biggest GRC trends that you should be prepared for in 2021.