While attackers constantly come up with new tactics and tricks, their overall strategies remain the same. Understanding the patterns is a critical success factor to protect your organization against cyber-threats.
As much as the digital universe grows, so does its shadow world. Cybercrime has become a lucrative ecosystem that is evolving quickly. Damages are predicted to reach US$8 trillion by 2021, according to Juniper Research. While criminals tend to come up with new tactics and tricks, their strategies follow the same patterns. Based upon research conducted by Verizon, more than 88 percent of all incidents fall into one of the following eight categories:
[clickToTweet tweet=”‘…#Cybercrime has become a lucrative ecosystem that is evolving quickly…'” quote=”‘…Cybercrime has become a lucrative ecosystem that is evolving quickly…'”]
Crimeware
This includes all kinds of malware designed to automate cybercrime, with Ransomware being the most prominent example. For the criminal, launching an attack and holding files for ransom is incredibly fast, of low risk and easy to capitalize on — especially with cryptocurrency such as Bitcoin that allows them to anonymously pocket payments.
How to mitigate it
It all begins with constant patching and stressing the importance of software updates – that applies not only for the latest anti-virus patterns, but also for applications and even the operating system itself. Watch out for macro-enabled MS Office documents and train users never to click on suspicious links. Also, create backups regularly to be able to redeploy clean images if needed.
Distributed Denial of Service (DDoS)
Attacks aiming to interfere and compromise the availability of networks and systems belong into this category. DDoS attacks are often targeted at large organizations. While some poor souls face a constant interruption, most attacks are over within a matter of days.
How to mitigate it
Understanding the types and levels of mitigation you need is key. Beyond setting up firewalls and putting close monitoring in place, embed DDoS mitigation into your business continuity and disaster recovery concepts. Make sure that you have DDoS mitigation services in place to defeat any attacks, that they’re regularly tested, and that they actually work as planned.
Espionage
Increasingly, state-affiliated actors are entering the scene aiming to gather intelligence or aid their local economy, for example. Whether it’s a malicious e-mail or other types of malware that paves the way in, this is usually followed by tactics aimed at blending in, giving the hacker time to quietly capture the desired digital assets.
How to mitigate it
Conduct regular security awareness training and encourage your teams to report phishy e-mails. Make it difficult for the adversary to jump from a rigged machine to other devices on your network. Apart from leveraging networking security to prevent unauthorized access in the first place, again close monitoring will help you to discover suspicious activities. If you have reasons to believe that there have been attempts or an attack is underway, get the authorities involved quickly.
Fraud
An emerging tactic includes suspicious e-mails where “the CEO” or another senior official suddenly orders wire transfers with an urgent and believable back-story. While it might sound simple, unfortunately it often works.
How to mitigate it
Instruct your teams — especially in finance — that no one will request a payment via an unauthorized process. Moreover, ask IT to mark external e-mails with an unmistakable stamp.
Human Error
Where wood is chopped, splinters must fall. However, data lost through human error can be harmful too — especially if it’s the customer or a supplier who makes you aware of your mishap.
How to mitigate it
Implement and enforce a formal procedure for data lifetime management, especially disposing digital assets that might contain sensitive data. Furthermore, establish a formal approval process that at least requires a four-eye principle before releasing corporate information to the public.
Insider Misuse
Users are often unaware and easy to dupe, while others even act with malicious intent. Some insiders abscond with data aiming to convert it into cash in the future. Whether it’s a case of unsanctioned snooping, taking data to a new employer or setting up a competitor, insiders statistically account for around a third of all cyber-threats.
How to mitigate it
Implement access control, logging and monitoring of use, and look out for large data transfers and use of USB devices. Enforce encryption on data in use, at rest, and in motion.
Skimming
Skimming devices are typically placed on terminals that handle payment transactions — such as ATMs, POS terminals or gas pumps. While ATMs continue to be the prime target, the number of gas pump terminals used to collect payment card information more than tripled compared to 2016.
How to mitigate it
Train employees who carry corporate payment cards to spot signs of tampering, monitor your own payment terminals with video surveillance, whenever possible, and make sure the recordings are reviewed regularly.
Web Application Attacks
Not all web applications are trustworthy. While they don’t necessarily hold payment card data, they do often request users to submit their names, addresses and other sensitive information. Security is often weaker than online retail sites, so attackers use them as an easy way to capture personal data and credentials for use elsewhere.
How to mitigate it
Encourage users to vary their credentials and leverage two-factor authentication. Limit the amount of sensitive information stored in web-facing applications.
Takeaways
Only when aware of the threat landscape can you identify white spots and come up with measures to mitigate risks.
If you were off to Everest, you would probably leave the shorts at home and double-up on the thermal wear. The same applies when assessing where to spend your precious budget. The themes above help you understand the most common patterns. Only when aware of the threat landscape can you identify white spots and come up with measures to mitigate risks.
You don’t have to be big, rich or famous to become a target. Cybercrime is part of today’s reality and literally affects everybody. It’s often about identity theft, collecting credit payment card data and cloning the identities of everyday people. Similarly, it’s not just households finding themselves on the target list. Start-ups are chased for their breakthrough inventions, blue chips often fall victim for their customer records, and others are identified as a soft target and stepping stone to exploit their partners’ ecosystems.
Cybercriminals don’t rely on the status quo. As the value of some forms of data falls, they are casting their nets wider and come up with new tactics. While no system is 100% secure, too many organizations are just making it far too easy for criminals. The following seven tips cover simple mistakes that happen time and again:
- Start with physical security, as not all data theft happens online
- Restrict access rights
- Train staff to spot the warning signs and trigger alerts
- Patch promptly
- Monitoring, log files and change management systems can give you early warning of suspicious activities
- Use two-factor authentication to limit the damage of a lost or stolen device
- Encrypt sensitive data, so that it is next to useless when being stolen