Navigating an Evolving Threat Landscape
Over the past year, COVID-19 has forced organisations to operate with an almost entirely distributed digital workforce working from home.
This has been a force multiplier in the cyber attacks and threats facing organisations.
Guide to Cyber Threats & How to Navigate Them:
The past year has seen an exponential increase in cybercrime as organisations have raced to adapt to the ‘new normal’ of work from home.
At researchHQ, our team have hand-selected some of the most valuable and relevant content to help organisations navigate this shifting threat landscape.
Threat Trends & Predictions:
For those looking for an overview of the cyber threat trends that have shaped the past year, Accenture’s cyber threatscape report is a great place to start.
Alternatively, if you’re looking to predict the months ahead, check out SecurityScorecard’s blog post on the top 5 enterprise cybersecurity threats of 2021.
If a video format is more your speed, try Fortinet’s insightful discussion of the current cyber threat landscape.
Ransomware is one of the largest threats facing organisations today, Sophos’ State of Ransomware report is an insightful resource unpacking this threat.
If you want something to stick on in the background, check out SecureWorks’ podcast breaking down Ransomware as today’s number one threat.
Table of Contents:
- The first step in any successful cybersecurity strategy is forming a comprehensive understanding of the threat landscape in which an organisation sits.
- As cyber threats grow increasingly complex and sophisticated, organisations must protect against a diverse range of potential attack vectors.
- Easy mistakes resulting from a lack of basic cyber hygiene and employee education can expose organisations to serious cyber threats.
- Simple best practices, such as regular updates and internal cybersecurity policies, are the foundation to successful threat mitigation.
What are Cyber Threats?
Cyber threats are malicious acts involving unauthorized access, damage, theft or disruption of sensitive data or digital systems and networks.
While the three terms are heavily interlinked, it is worth clarifying the difference between cyber attacks, cyber threats and cyber risk.
Cyber attacks are offensive actions that are used to achieve the malicious intentions mentioned above. The potential for these attacks to occur is the cyber threats facing organisations.
Cyber risk is based on an assessment of the probability of a given cyber threat impacting an organisation and the extent of that impact.
Effectively identifying and managing cyber threats demands an understanding of all three of these points and how they relate to one another.
Today organisations face a cyber threat landscape that is constantly shifting and evolving.
This evolution involves not only the increasingly sophisticated technology being deployed but equally the how and why of its deployment.
All of this results in an ever-growing list of various types of malware, threat actors and attack methods.
The overwhelming nature is a challenge in and of itself.
However, a quick skim of any whitepaper or google search results will reveal a few key headliners to be particularly cautious of.
Today’s ‘biggest’ cyber threats include:
- Social engineering
- Distributed Denial of Service (DDoS) attacks
- Structured Query Language (SQL) Injections
- Zero-day Exploits
The full list of potential cyber threats facing organisations is significantly longer than this, however, this selection represents some of the most prominent attack types.
Ransomware is a form of malware, an umbrella term encompassing all malicious software intended to damage a computer, server or network.
This particular malicious software encrypts the target’s files and data, the attacker then sets a price or ‘ransom’ and restores access upon payment.
Ransomware has been a dominant force within cybersecurity since 2013, with Sophos going as far as to describe this as the ‘ransomware era’.
It is a threat which shows no signs of going away any time and is increasingly sophisticated in both the technology deployed and the groups involved.
Check out this report to learn more about the state of ransomware.
Social engineering is a malicious practice which manipulates human psychology or exploits human error to gain access to an organisation’s systems and data.
In comparison to most attacks which rely on more technical techniques, malware or software vulnerabilities, social engineering is a relatively simple process.
Hackers generally exploit employees’ lack of knowledge, fear or basic human error to get them to divulge information or perform a specific action.
Attack methods are often as simple as a scam email or fake phone call.
While this threat appears simple, it continues to prove a very effective method for hackers, in particular, when attempting to sabotage a network or steal information.
Sitting on the complete opposite end of the threat spectrum from social engineering are DDoS attacks.
DDoS attacks attempt to overwhelm a target network or server in order to disrupt its normal traffic.
This is usually achieved by hijacking a number of internet-connected devices to form a botnet or ‘zombie network’.
Such as technique allows a malicious actor to use potentially thousands of devices simultaneously to overwhelm a target.
While the primary goal of these attacks is simply to slow or take down the target, the motivations behind them can be diverse ranging between hacktivism, extortion or blackmail to name a few.
SQL injections insert malicious code into an organisation’s system or network.
This code is specifically designed to trick and manipulate databases into enabling access to data not usually accessible.
Depending on their intent, these types of attacks can have diverse and far-reaching impacts on an organisation.
These attacks primarily seek to gain unauthorised access to data which can then be stolen, corrupted or deleted.
Zero-day exploits sit in an interesting position on this list, occurring under far more specific circumstances than the threats previously mentioned.
When a security vulnerability is discovered by an organisation it will typically be kept secret until it has been patched.
However, under specific circumstances this is not possible and the vulnerability is made publicly available.
A zero-day exploit attacks vulnerabilities that are publicly known but have not yet been patched or dealt with.
While they often only have a very short attack window, when they are effective and go unnoticed they can be incredibly damaging.
A Diverse Toolkit for Malicious Actors:
What is most evident from the list above is the diverse range of methods malicious actors can employ against an organisation.
When assessing these threats it is particularly important to note that they most likely will not come in the form of a standalone attack.
Each potential threat represents a tool in an attacker’s toolkit which can potentially be chained together to form a larger and more sophisticated attack.
To effectively navigate these varying threats demands that organisations not only understand them individually but equally how they might be utilised collectively.
The Rise of Remote Working:
While the global pandemic has significantly accelerated remote working, it is a trend that is likely to last well into the future.
This has raised the challenge for enterprise IT teams and security professionals who must now manage and secure a much larger and more distributed network.
Whether using social engineering techniques or sophisticated malware, remote working has presented malicious actors with a new opportunity.
Now more than ever before it is essential for organisations to avoid making easy mistakes and implement effective best practices.
Common Mistakes Exposing Enterprises’ to Cyber Threats:
Building or selecting the best possible security system is essential to effectively navigating today’s constantly evolving cyber threat landscape.
That said, the first step towards an effective cybersecurity strategy is to learn from the mistakes of those who have gone before you.
All-too-often organisations across the globe fall into the same, largely avoidable, pitfalls and expose themselves to severe cybersecurity threats.
Lack of Staff Training:
One of the biggest cybersecurity challenges is the ongoing assumption that cybersecurity is the responsibility of the IT team alone.
Far too many organisations treat cybersecurity training as a box to be ticked with an annual powerpoint presentation.
As much as 95% of security breaches are the result of social engineering, according to SafeAtLast.
All it takes is one member of any team within an organisation falling victim to one of these attacks for sensitive company data to potentially be exposed or a network jeopardised.
Enforcing thorough enterprise-wide cybersecurity training will help foster a culture of security within an organisation.
The growth of remote working is expanding the network which organisations must protect. Now more than ever it is crucial for security to become a practice built into the fabric of an organisation.
The time and money spent on effective cybersecurity training pales in comparison to the potential costs of a data breach.
Data breaches resulting from a sophisticated cyberattack are a major threat for organisations.
They are also exciting and attention-grabbing.
Less exciting, but equally dangerous, is data leakage.
Data leaks occur when data is accidentally exposed, allowing malicious actors to access it without any effort.
Unlike data breaches, no cyber attack is required for data leakage to occur. In fact, it is often the result of poor security practices or accidental actions by employees.
Two common sources of data leaks to be wary of are third party actors and the cloud.
Data leaks expose organisations to the same damage as breaches. The potential loss of company and customer data has severe financial, legal and reputational repercussions.
It is important to remember that while protecting flashy external threats is important, internal misconfigurations going unnoticed in the background can be equally damaging.
Trust by Default:
It is easy to make the mistaken assumption that a particular application, device or even user within your network is more trustworthy than others.
Just because a user or device was assessed to be trustworthy previously does not mean that it remains trustworthy today.
The device sprawl created by remote working has only raised the risk of trust by default.
All it takes is one compromised device or misplaced password to put an organisation’s entire network at risk.
Organizations should practice zero trust, assuming that any device accessing their network can’t be trusted and limiting accessessive user permissions.
Poor Password Hygiene:
At the risk of sounding like a broken record, passwords are important.
Organisations are rushing to deploy complex measures to protect against a constantly evolving and increasingly complex the threat landscape.
And that’s great. However, many run the risk of forgetting about the fundamentals.
So long as passwords exist within an organisation’s systems and network, they remain a potential attack vector.
One weak or out of date employee password risks exposing sensitive company or customer data to corruption, theft or deletion.
Key Best Practices to Help Mitigate Today’s Threats:
Knowing what mistakes to avoid is, however, just one side the coin when it comes to cyber threat mitigation.
Equally important is how organisations implement certain best practices to proactively tackle cyber threats and manage potential risks.
Keep IT Infrastructure Up-to-Date:
Outdated internal systems or third-party allow a range of vulnerabilities to go unnoticed for significant periods of time.
For large businesses the temptation to avoid or delay software updates and patches is understandable.
The tech stacks employed by enterprises today are large, diverse and complex. Even a simple software patch can be a huge disruption to operations across the business if not implemented correctly.
However, the simple fact is that an ‘is it ain’t broke then don’t fix it’ approach exposes organisations to huge risk.
As described above, zero-day exploits focus on vulnerabilities which are already public knowledge.
Once a software update or security patch is released, malicious actors quickly will act to exploit the vulnerabilities covered.
Regular updates may be an inconvenience, however, they are one which pale in comparison to dealing with a malicious actor successfully infiltrating an organisation’s network.
When it comes to dealing with the diverse and sophisticated array of threats out there today, manual cybersecurity processes often simply aren’t enough.
Automation is crucial to streamlining an enterprise’ cybersecurity processes and protecting against threats.
Artificial intelligence can be used to automate both the detection of vulnerabilities within an organisation’s network and automatically deploy security measures and alerts in response.
Not only does this enhance an organisation’s basic security processes. By creating a self-regulating security system, it also frees up cybersecurity professionals to focus on more complex matters.
Build a Team of Skilled Cybersecurity Experts:
The cybersecurity skills gap has increasingly been a point of concern over recent years. The pandemic shined a spotlight on these concerns.
In fact, in a report taken during the pandemic, (ISC)^2 reported that 52% of organisations said they were at risk due to a cybersecurity staff shortage.
As cyber threats and the tools needed to combat them grow increasingly complex, organisations can no longer solely rely on traditional IT teams.
Robust and diverse cybersecurity teams is necessity to supplement and guide broader IT teams on today’s constantly evolving threat landscape
Build, Document and Update Formal Cybersecurity Policies:
As mentioned above, building a culture of cybersecurity across an organisation is essential to effectively mitigating any potential threats.
Formulating a strategy to tackle the threat landscape is only step one. This strategy must then be formalised in a series of policies and documents.
Taking this extra step will help ensure that everyone across the company knows what their own individual responsibilities are and what practices they should be following.
This will also tie directly into improving cybersecurity training and awareness across the company, acting as a guiding force.
Finally, these policies should be regularly updated to match the evolving threat landscape and other factors which may influence an organisation’s unique risk assessments.
Cybersecurity exists in a state of constant flux with malicious actors and security professionals continuously evolving and innovating to gain the upper hand.
Organisations are faced with an ever shifting array of technologies and tactics deployed by malicious actors to infiltrate their networks and access their data.
Given the context, it can be easy to get overwhelmed. However, while there is no easy solution to tackle every cybersecurity threat, there are various relatively simple steps which will make this task significantly less daunting.
The trick to navigating today’s evolving threat landscape is to start with the basics. A solid foundation will allow more sophisticated cybersecurity tools and services to be deployed to their full potential against a diverse array of threats.