[BreachExchange] Cyber Security: The Last Line of Defense
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Dec 2 15:22:50 EST 2016
https://dzone.com/articles/cyber-security-the-last-line-of-defense
Cyberworld, the Internet and its underlying infrastructure, have come under
serious threat. Networks are compromised daily, data and information are
continuously hacked, and computer viruses and other cyber incidents
threaten our lives as we know it. What then is our last line of defense?
How do we secure information, networks, and life? The answer is Cyber
Security. Securing our information on the Internet can help us breathe easy
and relax a little more. This article throws some light on the possible
security threats in the cyber world, and how we can play our part in
protecting ourselves.
What Is Cyber Security?
Cyber security, also referred to as Information Technology (IT) security,
focuses on protecting computers, networks, programs, and data from
unintended or unauthorized access, change or destruction. Cyber security
protects the data and integrity of computing assets belonging to or
connecting to an organization’s network. The purpose of cyber security is
to defend against all forms of threats in the cyber world throughout the
entire phase of a cyber attack.
Why Is Cyber Security Important?
Governments, military, corporations, financial institutions, hospitals and
other businesses, collect, process, and store a great deal of confidential
information on computers and transmit that data across networks to other
computers. With the growing volume and sophistication of cyber attacks,
ongoing attention is required to protect sensitive business and personal
information, as well as safeguard national security.
But why is this so important? Because, year after year, the worldwide
expenditure for cyber security continues to grow: 71.1 billion in 2014
(7.9% over 2013), and 75 billion in 2015 (4.7% from 2014) and is expected
to reach 101 billion by 2018. Organizations are starting to understand that
malware is a publicly-available commodity that makes it easy for anyone to
become a cyber attacker, and worse, some companies offer security solutions
that do little to defend against attacks. Cyber security demands focus and
dedication.
Types of Cyber Risks
Cyber risks can be divided into three distinct areas:
Cybercrime: Conducted by individuals working alone, or in organized groups,
intent on extracting money, data or causing disruption. Cybercrime can take
many forms. This includes acquiring credit/debit card data and intellectual
property and impairing the operations of a website or service.
Cyberwar: A nation state conducting sabotage and espionage against another
nation to cause disruption or to extract data. This could involve the use
of Advanced Persistent Threats (APTs).
Cyberterror: An organization, working independently of a nation state,
conducting terrorist activities through the medium of cyberspace.
Introduction to Cyber Criminals
A cyber criminal is an individual who commits cybercrimes, where he/she
makes use of the computer either as a tool or as a target or as both.
Cyber Criminals Use Computers in Three Broad Ways:
Select the computer as their target: These criminals attack other people's
computers to perform malicious activities, such as spreading viruses, data
theft, identity theft, etc.
Use the computer as their weapon: They use the computer to carry out
"conventional crimes," such as spam, fraud, illegal gambling, etc.
Use computers as their accessory: They use the computer to save stolen or
illegally obtained data.
Cyber Criminals Often Work in Organized Groups
Some cyber-criminal roles are:
Programmers: Write code or programs used by cyber-criminal organizations
Distributors: Distribute and sell stolen data and goods from associated
cyber criminals
IT experts: Maintain a cyber-criminal organization's IT infrastructure,
such as servers, encryption technologies, and databases
Hackers: Exploit systems, applications, and network vulnerabilities
Fraudsters: Create and deploy schemes like spam and phishing
System hosts and providers: Host sites and servers that possess illegal
contents
Cashiers: Provide account names to cyber criminals and control drop accounts
Money mules: Manage bank account wire transfers
Tellers: Transfer and launder illegal money via digital and foreign
exchange methods
Leaders: Often connected to big bosses of large criminal organizations.
They assemble and direct cyber-criminal teams and usually lack technical
knowledge.
Here are several types of attacks cyber criminals use to commit crimes.
(You may recognize a few of them):
Botnet: a network of software robots, or bots, that automatically spread
malware
Fast Flux: moving data quickly among the computers in a botnet to make it
difficult to trace the source of malware or phishing websites
Zombie Computer: a computer that has been hacked into and is used to launch
malicious attacks or to become part of a botnet
Social Engineering: using lies and manipulation to trick people into
revealing their personal information. Phishing is a form of social
engineering
Denial-of-Service attacks: flooding a network or server with traffic in
order to make it unavailable to its users
Skimmers: Devices that steal credit card information when the card is
swiped through them. This can happen in stores or restaurants when the card
is out of the owner's view, and frequently the credit card information is
then sold online through a criminal community.
Types of Malware
Cyber criminals operate remotely, in what is called ‘automation at a
distance,’ using numerous means of attacks available. This broadly falls
under the umbrella term of malware (malicious software). This includes:
Viruses
Aim: To gain access to steal, modify, and/or corrupt information and files
from a targeted computer system.
Technique: A small piece of software program that can replicate itself and
spread from one computer to another by attaching itself to another computer
file.
Worms
Aim: Exploiting weaknesses in operating systems, seeking to damage
networks, and often deliver payloads which allow remote control of the
infected computer.
Technique: Worms are self-replicating and do not require a program to
attach themselves. Worms continually look for vulnerabilities and report
back to the worm author when weaknesses are discovered.
Spyware/Adware
Aim: To take control of your computer and/or to collect personal
information without your knowledge.
Technique: By opening attachments, clicking links or downloading infected
software, spyware/adware is installed on your computer.
Trojans
Aim: To create a ‘backdoor’ on your computer by which information can be
stolen and damage caused.
Technique: A software program appears to perform one function (for example,
virus removal) but acts as something else.
Attack Vectors
The attack vector is a systematic way or path which is used to gain access
to your system or network by hackers. There are also a number of attack
vectors available to cyber criminals which allow them to infect computers
with malware or to harvest stolen data: phishing, pharming, drive-by, MITM
(man in the middle attack), social engineering, among others.
A Few Ways to Help Overcome the Most Common Cyber Threats a Business Faces
Big and small businesses constantly find themselves vulnerable, confused,
and unsuspecting of cyber security threats. It is absolutely necessary to
be prepared to deal with cyber threats and succeed against the most common
cyber threats being encountered.
Internal Attacks
Internal attacks are probably one of the deadliest attacks because it
threatens client’s data and systems. Dishonest employees and IT staff who
possess the right training can gain access to systems, which can cause
major damages. The best way to avoid this threat is to restrict and monitor
everyone who has privileged access to important data and files, ensuring
their access to these files are terminated immediately upon relieving them
of their duties from the company.
BYOD – Bring Your Own Device
Data theft is at an all-time high, so many companies have implemented BYOD
policies. To deal with BYOD security issues, it is absolutely necessary to
have a structured and effective policy in place. This will help companies
monitor their business emails closely, and keep an eye out for what works
and documents are being downloaded.
Third-party Service Providers
Technology is becoming more complex and a lot of companies are relying on
third-party service providers to help maintain their systems. This can
sometimes leave your business vulnerable because some of these third-party
service providers use remote access tools to connect to their network. They
leave their clients’ networks vulnerable because they do not always have
the best and effective security protocols when connecting to clients’
networks. In addition, using the same passwords for all clients can result
in major security breaches and serious risks.
Conclusion
Being enlightened and aware of the major security breaches and threats
encountered in the cyber world is very important. In 2016, we are facing a
multitude of threats, from headless worms to ghost-ware and two-faced
malware. Every minute we face a million threat in cyberspace. The most
important thing is to be aware and be prepared, rather than wait for a
threat to surface. Preparation is key to defeating these faceless threats.
Knowing more about cyber security measures can help you stay on top in your
industry.
While we are bombarded with millions of threats daily, taking a proactive
step in securing your data, files and information is the best defense out
there for your business. Helping clients and businesses deal with cyber
threats is also very important, as it becomes a huge problem if left
unattended over time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161202/6d55490f/attachment.html>
More information about the BreachExchange
mailing list