The Ultimate Guide To Cyberattacks
Without the proper IT security in place, you are vulnerable to cybercriminals trying to enter your network and gain access to your data.
Articles published June 28, 2017 by Ben Killion
Your organization could be moments away from a data breach. Without the proper IT security in place, you are vulnerable to cybercriminals trying to enter your network and gain access to your data. You’ve seen the cyberattacks all over the news. How is your business proactively preparing for such threats?
Today, there are many different kinds of cyberattacks used by hackers to target susceptible organizations, and it can be difficult to keep track of them all and understand the intricacies of how they work.
To help you immediately identify specific cyberattacks and keep your organization protected, we’ve provided the ultimate guide to cyberattacks, including tips and solutions your organization can implement to be secure and safe from harm.
Phishing scams are appropriately named. Simply put, they are email scams that try to lure people into clicking on links that have viruses, much like someone trying to lure fish with bait. The email will offer something lucrative and tempting. It will likely disguise a link to a site you’re seemingly familiar with, in order to get you to click or download malicious software.
Phishing scams are gaining in popularity. A recent Internet Security report shows a 55 percent increase in phishing campaigns targeting employees at businesses of all sizes. There’s no question that everyone is at risk these days. As a result, it’s becoming increasingly important to know how to identify a fake email without falling prey to its bait.
Most of the time, phishing emails are quite sophisticated and look very authentic and legitimate. Here are eight examples of things to look for:
- A sense of urgency: “Hurry,” “ASAP,” “need this done by…”
- A threat: “We will suspend your account.”
- Directions to do something: “Validate,” “‘verify,” “confirm,” “update.”
- Requests for personal information: SSN, address, account information.
- Unknown web addresses: These may be doctored to look legitimate.
- Fake/poor quality images.
- Poor spelling/grammar.
- Improbable scenarios.
Phishing emails usually have something spelled wrong or seem “phishy,” and usually target large volumes of people. You may have also heard of a newer, more precise, method of targeting, called spear phishing. Like phishing emails, spear phishing attacks pretend to be a trusted source. While phishing emails target many people, spear phishing attacks usually target only a few specific people that have been researched beforehand. Spear phishing attacks are much more successful because the perpetrators have done the research and customized the email, and can be harder to identify as fake.
The next time you get a suspicious-looking email, follow these best practices:
- Ask yourself: Was the email expected? Do I know the sender? Is the request in the email normal?
- Hover your cursor over the link…Is it legitimate? Look at it closely!
- If the email is from someone claiming to be a person you know, call that person to verify if they sent the email.
By now, you’ve probably heard of the term ransomware. In the cyberworld, ransomware is a constantly evolving and growing threat. Ransomware is a form of malware software that “kidnaps” access to your network, applications, or data until a certain amount of money is paid by the victim. It does this by encrypting certain data, so you can’t get to the information, or blocks access to systems and applications. Ransomware usually infects your computer or device with a Trojan virus from phishing emails or malicious programs on a website. Once it is installed, a ransom message usually pops up when the user restarts their device. Ransomware attacks are increasingly popular among hackers, as they have primarily shifted away from servers and on to endpoints. In general, endpoint users are typically less technical and have different levels of trust.
If your organization has been affected by ransomware, consider these five steps recommended by Fortinet:
- Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives.
- If your network has been infected, immediately disconnect all connected devices.
- Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening.
- Backed up data should be stored offline. When an infection is detected, take backup systems offline as well and scan backups to ensure they are free of malware.
- Contact law enforcement immediately to report any ransomware events and request assistance.
Steps to Ensure You’re Prepared
It’s not enough to just be reactive. Your organization needs to be proactive in how it approaches ransomware. Here are eight steps to ensure your organization is prepared for an attack:
- Employee awareness: Educate your employees on how to identify phishing emails, malware, and ransomware. The number one element to ransomware’s success is the human element. Continuous education and testing of employees’ understanding through internal phishing campaigns are crucial pieces to the ransomware solution.
- Back up regularly: Make sure you’re backing up data on a regular basis, to ensure that the backups are operating as planned and can be efficiently restored.
- Have a plan: Having a plan in place is essential for preparedness. This plan should thoroughly lay out response and solution details, should your organization fall victim to an attack.
- Update and patch regularly: Make patches and updates on your system, software, and firmware a frequent occurrence. For more information on updates and end of life support dates, read our post here.
- Limit administrative access: Don’t allow employees to have administrative account access. This will restrict what a ransomware attack could potentially infect.
- Have software restrictions: Prevent ransomware attacks from infiltrating and running common programs with a software restriction policy, or put access controls in place.
- Eliminate macros: Macros automatically perform frequent tasks, but they can be disabled. Disabling macros will ensure malicious content doesn’t automatically load.
- Block internet ads: Many third-party ads have some type of malware. It’s best to avoid the risk by disabling all internet ads on devices.
Whether it’s your organization that gets infected or a home computer, the impact of ransomware can be devastating. You can permanently lose important and private information, you can expose critical flaws in your organization, impact your reputation, and potentially lose a lot of money. However, even if you pay the ransom, it doesn’t guarantee that you’ll get the data back. The FBI recommends that you don’t pay the ransom, because it will only encourage cyber criminals and keep ransomware attacks thriving.
Distributed Denial of Service (DDoS) attacks use already infected systems or a group of authorized users to target one system by flooding it with traffic, and rendering it inaccessible. These attacks come from many different sources, which makes it extremely difficult to stop, since it’s attacking from many different addresses.
Popular websites, such as Netflix, the New York Times, and Reddit have all been susceptible to DDoS attacks in the past. To combat your organization from being a DDoS attack target, here is some advice to follow.
- Spread out your servers. Having your servers in different data centers that are on different networks ensure that your data and servers are dispersed throughout several locations. That way, you aren’t a major target to DDoS attacks, since they usually attack organizations that have a single source.
- Have the right hardware. In order to prevent DDoS attacks, you also need the appropriate hardware to mitigates these kinds of cyberattacks. Managed firewall solutions can defend your organization against many different kinds of DDoS attacks, allowing you to have peace of mind that your network and servers are safe.
- Ensure your organization is not the source of DDoS attacks. It’s also beneficial to take preventive steps, such as installing and maintaining anti-virus software, performing timely system updates, and ensuring firewalls and network devices are properly configured.
Regardless of your method to prevent DDoS attacks, the best time to implement a solution is before an attack happens, not during or after. Being prepared is essential to mitigating DDoS attacks.
When you think of spam, do you think of the food or the email? Spam emails are emails that are anonymous, sent to large groups of people, and unsolicited. Most email inboxes have a spam filter, so you usually won’t see spam emails unless you go into your spam folder. However, there are many spam emails that get past the spam filter and appear in your inbox, unscathed.
Chances are that you can easily spot the majority of spam emails and delete them without opening. However, cybercriminals continue to find new and innovative ways to trick users and make their messages appear real or legitimate. It only takes one email and one click to fall prey to a malicious attack.
Like phishing emails, spam usually asks the recipient to provide sensitive and confidential information, in order to use it for malicious intents.
Recent data from Google broke down the various types of spam attacks by industry, showing that businesses are more likely to get hit with spam than others:
- Businesses (1.0 times as likely)
- Nonprofits (0.4 times as likely)
- Education (0.4 times as likely)
- Government (0.4 times as likely)
The same tips and advice for identifying and dealing with phishing emails can also be applied to spam emails. Whenever you get spam, delete it and report the ones you suspect to be malicious (that goes for the spam food, too).
CNN Money Report revealed that there are nearly one million malware threats released each day. Malware is a general term for a program or file that is malicious and harmful to a computer and its user, including viruses, worms, Trojan horses, and spyware. Malware is known for infecting computers and corrupting data files, as well as taking over the computer system.
Let’s break down the types of malware attacks one by one.
- Viruses. This is the most common malware, and is a program that infects programs and files.
- Worms. These can spread through a system or server without any interaction, making them very dangerous.
- Trojan horses. These appear as authentic programs, but when they’re installed they become malicious.
- Spyware. This malware collects user information and data and monitors their activity without the user knowing.
To help prevent your organization’s computers from malware, take these proactive steps:
- Update your software regularly. Don’t wait to install available updates to your software, browsers, and plugins. Updating regularly when updates become available increases your safety, because many times these help patch any security vulnerabilities.
- Implement a firewall and anti-virus. A state-of-the-art, effective firewall and anti-virus program can block malware from reaching you.
- Use strong passwords.Click here to see our password best practices. To prevent malware from infecting your computers, create a strong password that can’t easily be cracked, and make sure you always log out of websites.
Social engineering attacks are an ever-present danger for organizations, because they target the one thing that is the hardest to control: employees.
These attacks manipulate the target into taking some form of action, which often include providing confidential information. Common examples of social engineering attacks include emails that look normal but actually contain hidden links with viruses (phishing emails), pretexting phone calls where the cybercriminal acts like a trusted source and then engages the employee to divulge sensitive information, and searching unlocked trash and recycling bins to discover valuable information that could be used in a future attack.
Having a plan in place and educating your employees on how to prevent social engineering attacks is essential for every organization. Here are three best practices that your company could implement to reduce security risks:
- Have a data security policy (and communicate it). A data security policy should be used to define approved methods to securely transfer or share data and define restricted methods to help stop the use of unsupported or unsafe services and applications. They should include information about email policies, mobile devices, social networking, how to detect scams and malicious threats, and internet usage. These policies should be documented, communicated (multiple times), enforced, and periodically reviewed and updated.
- Understand user agreements. All data hosting services have user agreements that outline their terms and conditions. While these may be arduous to read, it’s important to understand the fine print. You need to be careful you are not consenting to allow the provider direct access to your business data and customer information. In addition, it’s important to understand third-party security policies and standards to protect your data within their hosting environment.
- Conduct security awareness trainings. Creating a culture around data security can help prevent a lot of breaches. One way to start is to make security awareness training a mandatory event for employees. This training should not only show employees the different kinds of cyber and social engineering attacks, but also show them how to thwart the attacks. Give concrete examples of actual threats, and possibly set up a test/false attack to identify employee behaviors and then additional training based on the outcomes. Once employees know how to stop these strikes before they even happen, the risk of a cyberattack decreases, and will validate the criticality of your organization’s data.
Three Solutions to Stay Secure
We’ve talked about a lot of different cyberattacks, what they are, and tips to prevent them from successfully attacking your organization, but another aspect to staying secure is to implement long-term cybersecurity solutions. These keep your organization protected, and also can assist you if you ever are attacked.
Here are three effective cybersecurity solutions:
1. Use a VPN or Unified Threat Management
Using a Virtual Private Network (VPN) allows you to have a secure connection wherever you are, whether at home, a coffee shop, or in the airport. A VPN encrypts your connection, making anyone else on the same Wi-Fi network unable to intercept your traffic. A quality, business-grade firewall will have VPN capabilities. In addition, there are many hosted services that offer VPNs.
Going one step further is Unified Threat Management. This is a more comprehensive approach, where multiple security functions work within a single platform. A firewall is part of Unified Threat Management, but it also includes: network intrusion detection/prevention, anti-virus, gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and reporting.
Most organizations have a firewall, but not all of them are using their firewall to its full potential. A firewall is the foundation to protecting your network from unauthorized access. A business-class firewall can perform additional services like blocking dangerous or unproductive websites, running in-depth reports showing which websites your employees are visiting, bandwidth consumption, and other information that can impact productivity.
2. Implement Essential Technology Services
Services such as anti-virus, firewall protection, network monitoring, and wireless security are layers of defense to give you state-of-the-art protection. Having a network that is protected behind a firewall and an elaborate network architecture is becoming a necessity, and can be the difference between being hacked and being safe.
Many organizations see the benefit to a managed security service because it provides more time for internal resources to focus on core business functions and initiatives, and allows them to run everything through a single vendor. With a managed service provider constantly monitoring and updating your network, your organization will improve efficiency and productivity.
3. Encrypt Your Data
To ensure maximum protection, it’s best practice to encrypt your data while in transit and at rest. Encryption renders information unreadable when accessed without proper authorization. Having a process in place that ensures sensitive devices are encrypted and that files and emails are being properly sent is imperative.
Don’t let the threat of a cyberattack keep you up at night. To avoid a catastrophe, you need to have cybersecurity solutions in place and thorough knowledge about the different kinds of cyberattacks out there. A secure organization is a prepared organization.
What does your organization need to do to become protected from cyberattacks?
View our infographic: Cybersecurity Defense In-depth - The Rise of Cyberattacks