Three common cyber security threats and what to do about them

October 1, 2019
5
min read

Technology has changed significantly over the years making everyone's lives easier. Daily life is now more convenient and in many ways more enjoyable.

Never before has communication been so simple. Travel has also improved, making it easier to discover new places, and more difficult to get lost.

Education has also changed, we’re learning faster than before and have access to so much more information than before.

All because of tech –things get done faster. As technology evolves and becomes more integrated into our daily lives, so does the opportunity for cyber security threats to come arise.

Here are three cyber security threats that have become increasingly more common and what to do about them.

#1 Humans

Whether it’s unintentional human error, carelessness, an attacker from outside your organization or a malicious employee, humans are no doubt one of the biggest threats to cyber security.

The most typical example, would be anyone who has access to your network or IT-related systems. An attack could occur from an employee’s lack of awareness to cyber security threats including them falling for a simple phishing email, opening a link with a virus attached to it or having weak passwords.

Often times, hackers use social engineering to get their victim to provide sensitive information through malicious content, rather than hacking someones password.

While these examples are often outside of your organization, intentional threats within your organization can happen when an employee, former employee, or one of your vendor’s employee thinks they have something to gain by breaching your data.

The most recent example of a vendor’s employee stealing data would be the Capital One breach, where a former Amazon Web Services employee took advantage of their web application firewall to gain access to more than 100 million customer accounts.

How can you avoid a cyber attack from someone inside or outside of your organization?

Consider using an in-house or third party cyber security operations centre (CSOC). Your organization’s CSOC would be dedicated to monitoring and analyzing logs for your systems and website and would be able to investigate immediately any sign of threat. CSOC can be a group of individuals within your organization or a third part SaaS solution. Many cyber security SaaS solutions provide 24/7 access to cybersecurity experts who can help you navigate any problems.In addition to a CSOC, strong firewalls and antivirus solutions are necessary.  Finally, educate your employees on cybersecurity. Create a comprehensive cybersecurity policy and make it everyone’s responsibility to enforce it.

#2 Malware

Malware, aka. malicious software is any software intentionally designed to damage or do unwanted actions on a network, server, or computer. Malware affecting Windows outnumbers any other platform but has also become more increasingly popular on mobile devices such as tablets or phones. Malware includes and is not limited to macro-viruses, worms, trojans, ransomware, adware, backdoors, and downloaders.What can you do to prevent malware?

As recommended before, create a strong cybersecurity policy. Train employees how to avoid and not engage in  suspicious websites, applications and emails. Limit and create a list of users allowed to access to applications and systems. Use antivirus and anti-malware solutions, and ensure your cyber security updates and patches are updated.

#3 Phishing Attacks

Phishing affects nearly everyone, large and small businesses alike. At the core, phishing is a type of social engineering or fraudulent attempt to evoke someone’s sensitive information to perform some kind of malicious activity. Avanan's Global Phish Report states that 1 in every 99 emails is a phishing attack, which averages to nearly 5 emails per employee per week. Popular phishing techniques that you may have come across include:

Vishing or Voice Phishing. Where phishing occurs over voice calls. An example could be someone calling you, impersonating your bank.

Smishing (SMS Phishing). One of the easiest attempts of phishing where users are SMS’d. They may receive a fake DM linked to a fake persons profile, a fake contest win or anything to get a user to give up their personal information.

Search Engine Phishing. Where fake websites are created using keywords to rank in search engines and waiting for a user to land on the webpage.

Spear Phishing. Occurs when emails are sent to millions of targeted users. This is one of the most common used phishing attacks on both individuals and businesses.

Whaling. Similarly to Spear Fishing, the targeted users are more specific. They usually are C-suite employees or “Whales” like CEOs, CFOs...etc. Usually from banking, technology or healthcare.

So, what should you do to prevent phishing?

Phishing Reporting is a useful way to alert your IT department of suspected phishing emails. They then can share a warning about the suspected email to the rest of the company so that employees are aware of the threat before they are able to fall for it.

Ensure your website has an SSL certificate. SSL certificates ensure that there is a secure connection between your users and your website. Use a reliable spam filter on your companies email system that can prevent malicious emails from entering your organizations inbox. There are many 3rd party providers out there that can help implement a good spam filter.

If your company handles sensitive information via email, then considering a secure multipurpose internet mail extension (S/MIME) is a must. S/MIME allow employees to prove who the actual sender of an email is, encrypt/decrypt the contents of emails, and facilitate document sharing across networks with file integrity.

Finally, this applies to all three common cyber security threats: Cyber security awareness training.  As mentioned before, keep all of your employees informed and educated so that they don’t fall for someone’s trap.