Dealing With Cyber Security Threats Is Hard Work

Uploaded on 2022-08-09 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Modern society, economy, and critical infrastructures have become highly dependent on computer networks and information and communications technologies (ICT), however, with such advances comes a rise in the scale and complexity of cyber security challenges. 

Increased dependence on ICT and the pervasive inter-connectivity of critical infrastructure generates exposure to an evolving range of threats. Securing your network against cyber threats can be challenging, but taking care of the basics can go a long way towards keeping hackers out.

Cyber security is hard. Technology is continually changing, cyber criminals' tools and techniques are always evolving and maintaining the security of a network with users who each want to do their own thing without being restricted by security is a constant challenge.

Ransomware is a significant problem as cyber criminals threaten to encrypt networks and victims give into their extortion demands for the decryption key and government cyber security agencies in the US and UK while have issued warnings about the hacking and cyber threats as a result of Russia's invasion of Ukraine. But while these are some of the most headline-grabbing cyber security threats, there are other issues that might not be discussed as much but are still significant cyber security problems that organisations must be prepared to deal with. 

For many businesses remote working has become the normal and organisations are moving towards cloud based applications and services to enable this.  But while this shift has been effective for productivity and improving employee happiness, hybrid working also comes with additional cyber security risks that organisations might not be thinking about making it easier for cyber criminals to operate. 

"The main concern that remains for me around remote work is inadvertent exposure and public-facing applications," says Jamie Collier, senior threat intelligence advisor at Mandiant

For example, cloud applications like Microsoft Office 365 and Google Workspace offer employees the ability to work from anywhere, but if hackers can get user names and passwords they can enter the network. That's especially true if the password is weak enough to be cracked in a brute force attack.  

Cyber Security Updates Are Often Ignored

“In 2020 and 2021, we observe a spike in non-malicious incidents, as the COVID-19 pandemic became a multiplier for human errors and system misconfigurations, up to the point that most of the breaches in 2020 were caused by errors, “says an ENISA statement. "We increasingly see all of those configuration issues and threat groups are actually getting a lot of success, they don't even necessarily need an exploit because the defenders provided that open goal," says Jamie Collier. 

  • It's not only security vulnerabilities in cloud based applications that are being ignored and cyber security teams often struggle to manage vulnerability management and patching. "The velocity of vulnerabilities to our infrastructure, technologies and tools over the last year has created quite a challenge for organisations," says Thomas Etheridge, SVP of services at Crowdstrike
  • Phishing is also used in several ways, from stealing sensitive information like bank details and passwords from individuals to being used as the opening stage in sophisticated cyber attacks targeting whole organisations. 

All it takes is a convincing email lure and a well-designed fake version of a real website, or any other online service that people use a login name and password to access, and data falls right into the hands of the attackers. Hackers target businesses using phishing emails and social engineering to target businesses and trick employees into transferring large sums of money to bank accounts owned by the fraudsters.  

"If you actually look at the amount of money business email compromise groups are making, it's significantly higher than what ransomware groups are making," says Jason Steer, CISO at Recorded Future

Cyber Security Basics Make A Big Difference

When it comes to securing cloud services, emails and the wider network, there are steps that information security teams can take that can help protect users, and the network, from most cyberattacks.  

  • Applying security patches as soon as possible prevents cyber criminals from exploiting known vulnerabilities in software to enter or move around networks, so it should be a pillar of cybersecurity strategy for any organisation in any sector. 
  • Using Multi-Factor Authentication (MFA) can also provide a significant barrier to cyber attacks, because it means that, even if a hacker has a legitimate username and password, they're unable to take control of a cloud service or email account without the user approving it. 
  • Users should not use simple passwords as the more complex passwords makes accounts more difficult to break into. Using a password manager can help with this.  

These measures might sound like basics of cyber security, but to ensure that people and networks are safe from cyber attacks, the basics need to be put in place before anything else.

ENISA:    Roderic Broadhurst:    Science Direct:    ZDNet:    Futurelearn:    Security Magazine

You Might Also Read: 

How to Prepare Your Security Team For The Future Of Vulnerability Management:

 

« Hot Competition To Build 5G In India
Unexplained Surge In Robotext Scams »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

Morphisec

Morphisec

Morphisec Endpoint Threat Prevention blocks zero-days and advanced attacks in real time, before they cause any damage.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

BitNinja

BitNinja

BitNinja provides full-stack server security in one easy-to-use protection suite. Enjoy real-time protection, automatic false positive handling and threat analysis for more in-depth insights.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

Onyxia

Onyxia

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.