Transportation, power, and other services may be disrupted by large
scale cyber incidents. The extent of the disruption is highly
uncertain as it will be determined by many unknown factors such as
the target and size of the incident.
Individually-owned devices such as computers, tablets, mobile
phones, and gaming systems that connect to the Internet are
vulnerable to intrusion. Personal information may be at risk without
proper security.
Immediate Actions
Check to
make sure the software on all of your systems is up-to-date.
Run a
scan to make sure your system is not infected or acting
suspiciously.
If you
find a problem, disconnect your device from the Internet and
perform a full system restore.
At Home
Disconnect your device (computer, gaming system, tablet, etc.)
from the Internet. By removing the Internet connection, you
prevent an attacker or virus from being able to access your
computer and perform tasks such as locating personal data,
manipulating or deleting files, or using your device to attack
others.
If you
have anti-virus software installed on your computer, update the
virus definitions (if possible), and perform a manual scan of your
entire system. Install all of the appropriate patches to fix known
vulnerabilities.
At Work
If you
have access to an IT department, contact them immediately. The
sooner they can investigate and clean your computer, the less
damage to your computer and other computers on the network.
If you
believe you might have revealed sensitive information about your
organization, report it to the appropriate people within the
organization, including network administrators. They can be alert
for any suspicious or unusual activity.
At a Public Place (library, school, etc.)
Immediately inform a librarian, teacher, or manager in charge. If
they have access to an IT department, contact them immediately.
Immediate Actions if your Personally Identifiable Information (PII)
is compromised:
PII is
information that can be used to uniquely identify, contact, or
locate a single person. PII includes but is not limited to:
Full Name
Social
security number
Address
Date of
birth
Place of
birth
Driver’s
License Number
Vehicle
registration plate number
Credit
card numbers
Physical
appearance
Gender or
race
If you believe your PII is compromised:
Immediately change all passwords; financial passwords first. If
you used the same password for multiple resources, make sure to
change it for each account, and do not use that password in the
future.
If you
believe the compromise was caused by malicious code, disconnect
your computer from the Internet.
Restart
your computer in safe mode and perform a full system restore.
Contact
companies, including banks, where you have accounts as well as
credit reporting companies.
Close any
accounts that may have been compromised. Watch for any
unexplainable or unauthorized charges to your accounts.
Cyber threats are becoming more of a norm than an exception for
businesses in our information-driven age. Until now, most companies
had a small group of staff responsible for their IT and
cybersecurity. However, recent developments suggest that these
organizations are in need of greater defenses as hackers and malware
become more and more sophisticated. To prevent data breaches and
ensuing disasters, all
types of industries have been taking considerable steps
to improve their data security and compliance across the board.
And it’s not just small businesses. Government regulations have
popped up across the globe to protect economies and constituents.
Some of these laws that you may have heard of include the Health
Insurance Portability and Accountability Act (HIPAA) for
safeguarding healthcare information, the Sarbanes-Oxley
Act (SOX) to regulate U.S. businesses’ financial records and
the General
Data Protection Regulation (GDPR) for companies within the
European Union.
Clearly, agencies big and small are taking cybersecurity seriously,
and there’s a good reason for it.
Why Is It Important to Address Cybersecurity Threats?
Most enterprises have come to understand the importance of
addressing internet security. With nearly
two-thirds of a recently surveyed group of small organizations having
experienced cyber attacks in the last two years, the risks of a lack
of cybersecurity are becoming more widely talked about. These risks
include:
Compromising of private data. Companies today rely heavily
on the data they collect, whether it’s market information, various
account details or the personal information of customers. If a cyber
hack occurs, not only is there a chance for this information to be
stolen by another entity, but data could also be altered in a way
that drastically damages the company’s operational reliability.
Costly
recovery expenses. Not only does a breach in security put
information at risk, but there are also potentially devastating
financial repercussions. Most of these are in the form of “hidden” costs
that can continue to impact your business for up to two years after
the incident. Whether it’s in the form of new IT training, acquiring
new software or the lengthy process of restoring lost data, the loss
of both time and money can be devastating.
Weakened
client trust. Naturally, customers don’t like hearing that
their personal information has been compromised. After a cyber
attack occurs to a company they originally trusted to keep their
data safe, consumers may decide to discontinue their business and
seek services elsewhere, tarnishing not only the reputation of the
attacked company but also reducing its bottom line.
To prevent these losses, businesses need to pay special attention to
what leads to these online security incidents. Nearly
90 percent of data breaches are caused by a human-made mistake
or behavior, and further data
from the survey mentioned above suggests that employee ignorance
is one of the leading contributors, manifesting itself in a few
different forms:
Widespread
lack of understanding and training. It’s not only the IT
department who can accidentally expose the company to online
intruders. While many tech support employees are not necessarily
cybersecurity experts, which should be addressed more extensively,
other non-technical employees also carry the responsibility to
behave wisely online. If the workforce has a generally limited
knowledge of what threats look like, leading employees to find
themselves opening emails tagged with malware or accessing unsecured
networks, even prepared IT departments can’t defend the company
properly.
Lack of
groundwork for new IT initiatives. In 27 percent of survey
respondents, new IT policies contribute to the lack of preparation
for security incidents. Say the organization implements new cloud
computing initiatives or adopts new user controls without adequately
building foundations and training employees effectively. This can
lead to an absence of awareness, user errors and even the initial
installation of software without ensuring the right security
settings are in place, opening the company up to impending threats
from the start.
Overwhelmed technical departments. Another critical factor
in addressing cybersecurity is acknowledging that overworked IT
departments will be less adequately prepared to tackle cyber attacks
head-on. Understaffed or underskilled groups within small companies
might be those best suited to look into outsourcing business
network security solutions to help maintain proper defenses.
We can begin to take
steps toward better cybersecurity solutions by providing a greater
understanding of online threats, what they entail when they occur
and how to detect them. Let’s start by looking at the different
types of cybersecurity threats that businesses can face today.
What Are the Most Common Cybersecurity Threats for
Businesses?
Today, cyber attacks can come from a variety of places and in a
variety of forms. Some types of threats are more invasive than
others, but they can all be equally jarring for a business left
unprepared. A few of the typical attackers and sources of
cybersecurity threats include:
Organized crime
groups
Competitors of your business
Hackers
Terrorists
Foreign governments
While these sources are all coming at the company from the outside,
another considerable threat that businesses face is inside attacks,
often perpetrated by a disgruntled employee or contract worker who
has been trusted with network access. Inside attacks are one of the
reasons why security software like BlackStratus’s
own CYBERShark has become an essential asset in thoroughly
tracking user activity.
Some of these attacks are not intentionally malicious, like if a
user is simply testing their limits or digging through the network
to find information they don’t have access to. But it’s important to
note that, more and more, criminal
groups are incentivizing insiders to deliberately cause harm
from within.
The Types of Cybersecurity Threats That
Businesses Face
The way this harm looks can vary, so we should
take a moment to address the most common types
of cybersecurity threats that businesses need to watch for,
whether they are attacks coming from the
outside or from within the organization itself:
Phishing. Cybercriminals
will try to gain access to your secured network through different
means, the most common of which is through phishing. By using social
sites or email, these scammers will convince users to click on
misleading links, provide sensitive information or company data, or
even download content to their computer or server.
Malware. If
a victim of phishing does end up initiating a download, there’s a
good chance that the program received is harmful or malicious. A
Trojan virus, for example, is a form of malware brought onto the
network disguised as legitimate software, often carrying out its
true purpose without the user knowing. Malware comes in various
forms, tasked with anything from spying on the system to
manipulating its code.
Distributed Denial of Service (DDoS). This is a type of
attack that floods the server with requests from multiple sources,
leading it to become overwhelmed to the point of slowing down
substantially or even crashing. Once this occurs, the system becomes
impossible to use effectively until theses numerous interactions are
canceled and blocked.
Brute
Force or Password Attacks. These threats involve an
attacker attempting to gain access to a network by using a program
to ascertain a working password. They’re the primary reason it’s
important not to use the same password across the board and why
these login details need to be changed regularly.
Internet
of Things (IoT) or Algorithm Manipulation. As organizations
grow to rely more and more on their wearable tech, cloud-computing
industrial devices and other IoT applications, the more vulnerable
their data becomes. Similarly, as automation has led companies to
trust their algorithms to interpret and apply their data, they may
be susceptible to threats in the form of these systems and codes
being compromised without frequent monitoring and occasional human
interaction.
Ransomware. This
is a type of malware that, when opened, locks the system down and
encrypts the device so that no one can use it anymore. Ransomware is
one of the most sophisticated and damaging threats out there. The
computer or server affected will remain locked until a hefty ransom
is paid on its behalf, although some hackers are prone to not
following through on the unlocking that they promise, causing the
business to suffer even further.
These are some of the most widely understood attack patterns, which the
right security software can help you detect and prevent. In
addition to this list, businesses especially need to be aware of
what is called Advanced Persistent Threats, or APTs.
The Five Phases of an Advanced Persistent
Threat or Intrusion
These threats are precisely what the name implies: extensive and
aggressive, and drawn out over a long period. They are usually
composed of several phases, involving a string of cybersecurity
threats like the ones already mentioned. Here is what these phases
can look like and what you can expect from each one:
Reconnaissance and Probing. Employees who are too lazy to
check for warning signs may find themselves surrendering
confidential information. This phase usually involves a form of
phishing that relies on this human complacency. Sometimes the
hackers sit back and wait for the unsuspecting victim to visit a
fake website and input sensitive info. Other instances involve a
physical device being planted by an insider into one of the
network’s computers that will gather the data for them.
Intrusion
and System Compromise. Without doing anything too
suspicious, the perpetrator will then use the login credentials or
other access tools to enter the flow of network traffic, seeking
information to exploit or critical systems to disrupt. As they blend
into the typical workings of the network, the attacker can observe
activity for months from a remote location without being detected.
Exploitation and Malware Installation. The hacker moves
laterally on the network, gathering additional user account data to
expand their foothold and compromising sensitive files. As they go,
they begin to insert forms of malware like Trojans to exert further
control. They still may be weeks from detection, so the scope of the
damage they cause during this phase can take years to discover and
repair after the attacker is expelled.
Data
Capture or Manipulation. Next, the hacker will begin to
decrypt and remove information from the system that has been
infiltrated. Decryption is a process that takes time and skill, but
if the imposter has made it this far into the attack, they are
likely going to follow through with their objective.
Track-Covering and Exit. Once the attacker has what they
came for, they will either leave the network, create backdoor
entries so they can return undetected or even destroy the evidence
using ransomware. Even after their mission is complete, unless they
set off alarms or shut the system down with malware, their invasion
can remain undetected while a large percentage of company data has
been compromised. That’s why constant visualization and remaining
alert is crucial for network owners.
Preventing these kinds of persistent attacks is all about careful
and continuous monitoring of your system. It can be a challenge to
detect a data breach of this scale because of the attacker using
valid login credentials and remaining on the down-low for months at
a time. But the right tools can make a big difference in alerting
you to any unusual activity.
How Can You Detect Cybersecurity Threats Before They Occur?
Typically, businesses have a few different in-house approaches to
data management and protection that they resort to, from drilling
their employees on compliance to installing firewalls and keeping
their software up-to-date. Additional data breach detection methods
vary in complexity and effectiveness:
Basic
methods. As a first line of defense, businesses will
commonly incorporate a shallow stack of technologies that allow
real-time correlation and logging, enabling the owner to highlight
suspicious network events.
Emerging
methods. To go a step further, owners may incorporate
history analytical capabilities, taking any action of interest and
comparing current operations to previous instances when these
activities last occurred. This insight allows the business to
establish new precedents or policies to minimize these incidents.
Advanced
methods. Introducing intuitive security programs prevents
even insiders from conducting malicious activity without detectable
deviations from standard network behavior. It’s this kind of
oversight that is crucial in protecting sensitive data and avoiding
the substantial losses that cybersecurity threats can incur.
