The Top 4 Cyber Threats - Is Your Business Protected?

Uploaded on 2022-09-12 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware stories remain rife in 2022. From Nvidia, to the Costa Rica government, to schools in the UK, it seems that no public or private body is immune from attack. It seems that even those with the budget for sophisticated cyber protection are still being breached. Is it possible for businesses to ever really be protected? Absolutely – if organisations give cyber security the attention it deserves.

While many cyber security companies have advanced methods for extracting ransomware and restoring systems to normal, this can often be enormously expensive – even after the reputational hit companies take when it’s reported.

For smaller organisations, ransomware is all too often a fatal blow. Prevention is the only way to truly defeat ransomware. In light of this, what are the main weaknesses hackers are exploiting, and how can businesses strengthen their defences? 

Why phishing hasn’t gone out of fashion:    Phishing is old school, yet it remains one of the largest threats to businesses today. Sometimes referred to as the ‘spray-and-pray’ approach, these campaigns can reap benefits for cybercriminals even if only a tiny percentage of the many messages sent manage to hit their target. On the other side, a more specific form of this approach is called spear phishing, which refers to targeting and personalising an attack to a specific individual, group, or organisation. 

Phishing criminals are always seeking ways to maximise their profits, and with phishing, they know they can do that by better tailoring the email lure to resonate with the intended recipient. At the end of 2021, research carried out by BlackBerry revealed that Chinese cyber espionage group APT41 had been targeting victims in India with a supposedly state-sponsored campaign that played on people's hopes for a swift end to the pandemic. If these hackers were then able to access the user’s business emails, servers or more, they have every opportunity to cause destruction. 

It’s become increasingly difficult for everyday users to spot targeted phishing messages and spear phishing attempts.

This means that phishing defence must involve a strong partnership and action between the employee and employer. Employees play a vital role by following security guidelines, guaranteeing all their devices are protected by security software and promptly running auto-updates to ensure that phishing attackers can't exploit known, fixable vulnerabilities. Employers can bolster phishing awareness not only through regular employee training, but also by arming users with endpoint security controls for both corporate and employee-owned devices that work both online and off.

Watch out: are you being socially engineered?:   In a similar vein to phishing, social engineering baits its victims into its trap. This can be done through various methods, email, phone, texting, in person, social media and more. Hackers are now targeting their prey in numerous ways. This is particularly true of users who work at organisations which have a high value to an attacker, such as banking and financial institutions. For example, a threat actor could create a fake LinkedIn profile - or honeypot - that looks convincing enough for staff to accept their friend request. They soon amass many connections as each colleague sees they’re connected to the next and believes they must be legitimate. Through messages, often contrived to seek help or support, an employee may share a small nugget of information which is just enough to give attackers that ‘in’ they were looking for.

This is the case when considering one organisation at a time. The emergence of Artificial Intelligence (AI) as a tool in cyber means social engineering campaigns can run at scale, seeking victims with a more widespread approach. 
Again, the weak link in the security chain is the human element – the employees – which is why changing and shaping employee behaviour can make one of the longest-lasting contributions to the security of an organisation.

Once employees learn basic security protocols, they can understand just how many attacks may be prevented simply by practicing a consistent security regimen. 

Spot the vulnerabilities - before an attacker does:   Integral to computer security and network security, Vulnerability Management is the practice of identifying, classifying, prioritising, remediating, and mitigating software vulnerabilities. 

These days, hackers aren’t waiting for an exploit to be published – they are busy installing backdoors that lay dormant until they find an exploit to use. Yet some organisations still operate on the assumption that they are safe until an exploit has been publicly released. 

Unfortunately, this means that companies can be too slow to upgrade or patch systems that require it, lagging behind attackers who are sprinting ahead of those updates being run.

Organisations should therefore be proactive rather than reactive in their detection. Have a member responsible for tracking exploits, scanning the company’s systems for vulnerabilities, and patching them quickly. Systems that include AI or machine learning will provide even faster detection of threats or weaknesses. If this isn’t a possibility, outsourcing the job will provide round the clock coverage and ease of mind.

Wake up from alert fatigue:   For businesses using internal resources, alert fatigue is a major concern due to the sheer volume of security alerts requiring triage each day. Organisations tend to run multiple security solutions, which can generate hundreds or even thousands of security alerts daily, depending on the size of the business. Of these, 99% can be dismissed as false positives, or ‘noise’. Only 1% typically require investigation and 0.1% command attention. But, with a constant stream of alerts coming through, fatigue makes it difficult to focus on what really matters and can lead to true positives being missed. 

Organisations may therefore find it more cost-effective to leverage subscription-based managed detection and response (MDR) solutions.

These services provide continuous threat hunting and monitoring, including through AI, to filter data and remove the noise and irrelevant alerts, meaning they can assess real threats to the business and when to escalate, so that an organisation’s internal team can prioritise and focus their efforts.

Understanding attack techniques is the first step to mitigating them:   Cyber attackers are having a field day in 2022. There are more connected devices than ever which could provide entry points to networks, but techniques aren’t necessarily getting more sophisticated. The 2022 BlackBerry Threat Report found that the proliferation of digital channels has brought old tactics back into the mainstream, primarily because of their ability to scale. 

Fundamentally the beginning of each attack is the same – the criminal has to enter through an unsecured door. Lock all the doors and windows, and your perimeter defences become strong. Thus, businesses should exercise proactivity by building defences to prevent attacks from happening. If the resource isn’t available internally, don’t be afraid to outsource.

Education and support are vital as we all work together to ensure that hackers’ attempts to breach our defences fail time and time again.
 
 Keiron Holyome is VP UK&I and Middle East at BlackBerry

You Might Also Read: 

Why A Managed Security Service Provider Should Be On Your Cyber Roadmap:

 

« Cyber Crime Against Individuals
Japan’s Government Websites Come Under Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Linklaters LLP

Linklaters LLP

Linklaters is an international law firm. Practice areas include Information Management and Data Protection.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Watchdata Technologies

Watchdata Technologies

Watchdata Technologies is a pioneer in digital authentication and transaction security.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

RangeForce

RangeForce

RangeForce delivers the only integrated cybersecurity simulation and skills analysis platform that combines a virtual cyber range with hand-on training.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Alias

Alias

Alias (formerly Alias Forensics) provide penetration testing, vulnerability assessments, incident response and security consulting services.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Zyber 365 Group

Zyber 365 Group

Zyber 365 are providing a robust, decentralized, and cyber-secured operating system which adheres to the fundamental principles of environmental sustainability.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

CeTu

CeTu

CeTu - Data Orchestration for the Modern SOC. Strengthen security and optimize costs with the world's first AI-native platform for scaling and future-proofing your data stack.

NAM-CSIRT

NAM-CSIRT

NAM-CSIRT is a team established to contribute to the security and stability of critical infrastructure and critical information infrastructure of the Republic of Namibia.