The corporate battle against cybercrime is raging every day, don’t be a casualty, follow Joseph Carson’s tips and keep your systems safe
War, in all its forms, has had a significant impact on society throughout history, with battles won and lost shaping the course of events for future generations. But while most wars have been fought on the physical battlefield, a new kind of fight has emerged and everyone is involved.
Over the past few years, the Internet has become a battleground where organisations and public institutions across all industries are engaged in a constant struggle to safeguard themselves against unknown attackers. These cybercriminals have declared a digital battle using common hacking techniques to penetrate and disrupt critical systems and business networks.
In order to stay protected, organisations need to recognise the scope of these threats as well as how to best respond to them.
The role of your employees in upholding your organisation’s cybersecurity cannot be overstated
Targets for cybercriminals
Cybercriminals often don’t discriminate between their targets. If an organisation is not fully prepared, it can fall prey to an attack regardless of size or the industry. However, there are certain industries that attackers tend to focus on more than others.
Cybercriminals are increasingly targeting government agencies and critical infrastructure, such as power grids and transportation networks. These are attractive because they house vast amounts of sensitive information, and their successful operation is often critical to the livelihood of citizens and success of society.
Attackers can exploit this with ransomware and other disruptive tactics to maximise the likelihood of receiving paid ransoms and financial benefits.
The education sector is also under constant threat from cybercriminals – specifically when it comes to ransomware attacks. In fact, the education sector is one of most targeted sectors when it comes to ransomware. In 2022, the sector reported the highest ransomware encryption rate compared to all other sectors at 74%.
Educational institutions store the personal information of students and faculty members and are notoriously slow to recover from ransomware attacks making them appealing targets.
Cybercriminals may also attempt to steal research data or disrupt learning management systems in an effort to cause city or state-wide disruptions while combining the data they gain with other sources for escalated breaches in other sectors.
Banks, credit unions, and investment firms have been at the top of the list for cybercriminals since the early days of the Internet. With the digital banking industry continuously growing, these organisations are at constant risk of financial fraud and service disruption.
As a target-rich sector, it’s of paramount importance for financial institutions to prioritise cyber security measures to defend against these threats and safeguard their customers’ financial well-being.
Healthcare organisations hold enormous amounts of confidential patient information, rendering them susceptible to cyber-attacks. Additionally, hospitals and other medical facilities utilise a range of technologies to administer crucial medical services, creating a vulnerability that attracts cyber criminals and that can obstruct operations and pose a genuine threat to patients’ safety.
Private enterprises and industries
Cybercriminals often single out private companies spanning a range of sectors, including retail, technology, manufacturing, and hospitality. These areas of business commonly retain high-value intellectual property and customer data, which can be highly profitable if confiscated or sold.
Additionally, small to medium-sized businesses often lack the necessary resources to establish robust cybersecurity protocols and teams, making them particularly vulnerable to cyber-attacks.
Commonly used tactics
Cybercriminals continually update their tactics and techniques. However, knowing your adversary’s methods and being equipped to face them head-on is central to your survival.
Phishing and spear-phishing
Phishing is a successful method used by cybercriminals to obtain personal data, such as login credentials, by creating seemingly authentic inquiries. Although commonly carried out through email, phishing happens via social media and text messages as well.
Spear-phishing is a more targeted phishing approach. Attackers carefully research and socially-engineer personalised messages for a specific target to increase the likelihood of a successful attack.
Ransomware / Ransomware-as-a-Service
Ransomware is a type of malicious software that can lock up files or networks by encrypting them. This makes them impossible to access until the person pays a ransom to the attacker, usually through cryptocurrencies that are harder to source and trace. Ransomware attacks have seen a rise in sophistication over recent years, with some groups even now offering Ransomware-as-a-Service (RaaS) to other criminals. RaaS enables less technically advanced individuals to carry out ransomware attacks, intensifying the prevalence of the threat.
Distributed Denial of Service (DDoS) attacks
Distributed Denial of Service (DDoS) attacks have become a common form of cybercrime used against organisations. These attacks often leverage a botnet network, composed of compromised devices, to generate overwhelming traffic towards a specific website or service.
This surge in traffic can cause severe operational disruptions resulting in substantial revenue losses for organisations that are reliant on interconnected services.
Zero-day exploits refer to technological weaknesses that remain hidden from software or hardware developers and users. These vulnerabilities represent a major security risk since they enable cybercriminals to illegally enter and extract private data from computer systems.
The absence of an existing defence mechanism against these exploits poses a significant danger to cybersecurity until a solution is identified by the vendor.
Keeping organisations protected and resilient
It is essential for organisations to prioritise cybersecurity wherever possible. This section will cover four crucial Defense-In-Depth (DID) strategies to assist you in safeguarding your organisation against potential cyber-attacks.
Regularly updating software and security patches
To uphold a robust cybersecurity posture, regular updates of software and security patches are critical. Outdated software can conceal potential vulnerabilities that cybercriminals can exploit, compromising your system’s security.
Timely software updates and the use of secure Remote Desktop Protocols (RDP) serve as a defence mechanism against these security gaps, safeguarding your organisation from security threats.
Privileged Access Management (PAM)
In order to enhance the protection of your organisation’s sensitive data, implementing Privileged Access Management (PAM) is a key imperative. This involves a comprehensive approach to controlling and monitoring access to critical systems, applications, and sensitive information by restricting access privileges solely to those who require them.
As a result, even if an unauthorised entity manages to infiltrate your network, access to vital information without the appropriate authorisation will be prohibited.
Develop reliable backup and disaster recovery plans
It is crucial for organisations to have a strong backup and disaster recovery plan in place to reduce the severity of a cyber-attack. Consistent data backups enable swift system restoration and prompt resumption of regular operations following a security breach.
Furthermore, the implementation of a prepared and efficient disaster recovery plan enhances an organisation’s capacity to handle cybersecurity incidents by limiting downtime and financial setbacks.
Educating employees and promoting cybersecurity awareness
The role of your employees in upholding your organisation’s cybersecurity cannot be overstated. Consistent training and fostering a cybersecurity-conscious environment are key in equipping them with the latest knowledge and best practices.
This ultimately enables them to skilfully identify and report potential threats, thereby considerably reducing the likelihood of successful cyber-attacks.
Keep your business prepared for battle
In today’s business landscape, cybersecurity is a critical factor that organisations cannot afford to overlook. To safeguard against the constantly transforming cyber fight, it’s essential to undertake measures to shield your organisation.
Consistent updates of software and security patches, enforcing privileged access management, developing dependable backup and disaster recovery plans, and educating staff on cybersecurity best practices are crucial tactics organisations must take to reduce risk. These preventative actions will put businesses in a better position to proactively manage potential security threats if and when they come.
Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the chief security scientist and advisory CISO at Delinea.