As cybersecurity threats become more prominent and the Internet of Things (IoT) devices become more essential, the tactics behind the threats are evolving into more sophisticated forms. This can lead to an increase in certain types of cybersecurity attacks and threats that can sometimes catch IT managers off guard. Knowing what types of attacks and tactics are on the rise can help managers plan proper prevention and mitigation strategies. Given that 31 percent of organizations have been subject to cyber-attacks according to United States Cybersecurity Magazine, managers can no longer afford to be lax when it comes to security protocols.
What are the Top Threats?
Financial fraud through compromised business emails, credential stuffing, web application attacks, data breaches, and malware attacks have made the top list of threats. Compromised business emails come in the form of false requests to employees to pay nonexistent invoices, modify bank accounts, and purchase gift cards. Many of these emails are written using spoofing techniques that make it appear as though the email is coming from a top-level executive or a person of authority within the organization. When employees are misled by the emails and disclose the financial information the attackers are looking for, the company’s financial accounts and resources become compromised.
Credential stuffing occurs with unauthorized access to the company’s systems or enterprise-level applications via a legitimate employee’s username and password. With credential stuffing, a large number of employees’ usernames and passwords are either obtained through social engineering, phishing, or random guessing. Since it is natural for most to keep reusing the same usernames and passwords, it can make it easy for attackers to guess credentials that are similar in nature or that are updated in a sequential manner.
Web application attacks take advantage of vulnerabilities in the coding of applications and configurations. Common types of attacks include distributed denial of service (DDOS) and bypassing network firewalls to obtain sensitive data. Sometimes web application attacks are used in order to gain access into an organization, including physical access to a company’s servers. Data breaches can occur through web application attacks and unauthorized access to a company’s cloud storage accounts. Weak encryption systems and malware are often to blame with data breaches. Malware can come disguised in the form of freeware or shareware, file-sharing programs, programs or infected files stored on USB drives, and infected files or links shared through email.
Mitigating the Risks
Guarding an organization against compromised business emails includes enabling two-factor or multi-factor authentication. With two-factor authentication, a person must not only enter in credentials but provide another source of verification. This can be a code that is sent via text message to the person’s cell phone. Secondary means of authentication can also come in the form of a fingerprint or key fob. While it is easier for an attacker to guess a weak password and username, it is not easy to gain access to a code sent to a physical device that is only in the possession of the authorized user or duplicate a means of identification that is unique to the person’s physicality. Other means of guarding against compromised business emails include detection rules, employee education about spoofing, and more stringent policies regarding accounting and appropriate uses of email.
Two-factor authentication can also protect an organization against credential stuffing. Additional means include manual checking of passwords against known compromised credentials, enforcing frequent password change policies, employee education about not disclosing credentials, implementing detection rules, and employee education about social engineering and phishing tactics. Web application attacks can be prevented through more stringent firewalls, intrusion detection tools, limiting inbound access requests to server-based applications and systems, stricter scrutiny of cloud service providers and the providers’ security protocols, and the implementation of stricter internal security processes and policies.
Cybersecurity threats are unlikely to become a thing of the past as more devices and business processes become network integrated. However, simply having an internal IT security team in place is not enough to guard against attacks and unauthorized access. Developing both a defensive and an offensive game plan for the top threats most organizations face is an important step towards protecting a company’s sensitive data and technology-related resources.