[BreachExchange] How to protect against cyber threats

Audrey McNeil audrey at riskbasedsecurity.com
Fri May 12 14:01:25 EDT 2017


The cyber threatscape is a dynamic and rapid environment where individual
threats hit the victim, the headlines and the waste-bin of history in quick
succession. Some threats, however, are the hardy perennials of the security
world. So how do you deal with those?


Malware is short for malicious software, and long on threat durability.
Last year enterprise organisations downloaded a piece of known malware
every 81 seconds. Malware itself is constantly mutating, with some reports
suggesting as many as 12 million new variants were produced every month
last year.

To frame that rate of growth in some contextual perspective, more 'new'
malware was seen across the last two years than the entire previous decade
in total. Luckily, malware (which includes the ransomware epidemic) is
amongst the easier of threats to mitigate as it almost invariably requires
action to install.

Phishing, or some form of social engineering, remains the primary attack
vector with payload by way of an infected attachment or malicious link.
User education by way of awareness training and phishing simulation
exercises should be a threat mitigating priority, along with application
whitelisting, patch management strategy and a behavioural exploit
prevention solution.

Distributed Denial of Service (DDoS)

Although malware remains at the top of hacker tools to disrupt network
traffic and take websites down, enterprise-targeted DDoS attacks are hot on
the heels of such strikes. In fact, the two often run side-by-side to cause
as much disruption as possible to an organisation.

The problem with DDoS attacks is that they cause a huge amount of damage to
a business and can bring an entire website down, even if the organisation
thinks it has the capacity to deal with a digital battering ram. Consumers
are largely kept out of the loop, only experiencing the results of the
attack – essentially, not being able to use a website rather than finding
themselves directly targeted.

The motivation behind such attacks varies. Sometimes the attacker wants to
take a political stand against the business in question, while other
criminals might want to cripple the company financially. There's also the
possibility of holding the firm to ransom, although it's less common than
the other reasons behind DDoS attacks.

Whatever the reason hackers decide to launch a DDoS attack on a company,
the overall motivation is to cause business disruption, affect customer
churn and increase the cost of operating. Added to that, criminals
sometimes use DDoS attacks to take the focus away from another attack on
the network, so the onslaught could end up costing more than it originally

Business can protect against DDoS attacks using layered defences including
'scrubbing' networks, which entails passing it through high-capacity
networks using scrubbing filters that clean the traffic, or by using web
application firewalls that stop attacks from infiltrating the network.

Shadow IT

At number three on our list of cyber threats to the enterprise is something
way too many people don't properly understand: shadow IT.

Although the term itself is becoming more commonplace, it tends to be
wrongly dismissed as being synonymous with the Bring Your Own Device (BYOD)
mobile technology phenomena. The real threat, however, comes to the
organisation through rogue services that employees (and management up to
and including the C-suite are often amongst them) use to increase
productivity but which are completely unauthorised.

By flying under the organisational radar these services, which can range
from cloud storage provision through to social media tools, are also off
the security map. Securing endpoints that aren't visible to you isn't easy.
In fact, it's pretty much impossible to stop all shadow IT use, but you can
control and secure it through a mix of education, policy and technology.

Educated staff who are aware of the risks associated with unauthorised
service use are more likely to ask for help, especially if policy
encourages this rather than brandishing an executioner's axe. The final
piece of the puzzle is technology, which can help bring visibility and
control back to the organisation. Small steps such as monitoring expenses
and implementing authentication through a centralised billing system can
have a big visibility reach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170512/4dd366cc/attachment.html>

More information about the BreachExchange mailing list