Combating common information security threats

What are the security threats most often faced by businesses today and how can they be overcome?

The cyber security landscape is complex and fast-moving, making it challenging to keep up with emerging threats. Some security trends endure, such as the prevalence of ransomware – the National Cyber Security Centre (NCSC) calls the data-locking malware “the most significant cyber threat” to UK businesses today.

Ransomware is so damaging because it can bring organisations to a standstill. Among the worst attacks, the 2021 US Colonial Pipeline cyber-assault left critical services unable to operate. Five years ago, the infamous WannaCry attack on the UK’s NHS saw North Korean state-sponsored adversaries taking advantage of outdated Windows operating systems in a wake-up call to all healthcare organisations across the globe.

>See also: Mitigating common network management security issues

Cyber-attackers use weak points in a company’s defences in order to plant ransomware and other types of malware.

The software supply chain is a common target: take the example of the 2020 SolarWinds incident, which saw adversaries plant malicious code in a software update to stealthily gain access to multiple companies and government agencies.

Phishing emails

Many would-be attackers gain entry through phishing emails targeting a firm’s employees to click on a link or download an attachment. Social engineering and email phishing – where malicious actors try to infiltrate organisations by tricking employees into giving over sensitive information or opening virus-ridden files – are “by far the most popular tactic” deployed by hackers, says Andy Barratt, UK MD of cyber security consultancy Coalfire.

>See also: Establishing a strong information security policy

Covid-19 and the move towards hybrid working has made things worse, he says. “Cyber criminals continue to exploit the cultural shift to remote working, which has made phishing ruses even easier – especially when employees might not have met their team in person.”

Managing cyber security threats

In order to manage cyber security threats such as these, businesses need to be aware of their adversaries and who they target. Attackers range from nation state threat actors through to cyber criminals and hacktivists, and breach attempts often ramp up at a time of political instability. Indeed, the Russia-Ukraine war has seen an increase in cyber-attacks across the globe, leading to warnings from the UK’s NCSC and US National Security Agency (NSA) for businesses to bolster their security defences.

Nation states

In general, the state actors most likely to be a threat to Western organisations are Russia, China, Iran and North Korea, with each nation having its own aims and targets. One of the most common aims of nation states over the past few years has been to spread misinformation to disrupt the democratic process, says Steve Forbes, government cyber security expert at Nominet.

But nation states also attack for financial gain, or “simply to cause chaos and confusion”, he says. “Attacks like these are difficult to measure both in terms of scale and impact, but their potential for large-scale disruption is becoming more apparent.”

>See also: How to ensure 5G wireless network security

Businesses should be on alert for cyber threat actors from Eastern Europe, Russia and Iran, which are “particularly active at the moment”, says Joe Stewart, principal security researcher with eSentire’s Threat Response Unit research team. “They are very active on forums such as XSS and Exploit.in and on Telegram channels, offering ransomware services.”

With this in mind, keeping up with threat intelligence is key, including industry cooperation to ensure your business is up to date with the information security threats its sector is facing.

Internal security threats

And while nation states are a threat, businesses should not disregard the risk of malicious action from the inside, as happened in the high profile Morrisons case, says Daniel Milnes, a partner specialising in governance, procurement and information at Forbes Solicitors. “In this instance, a fully authorised ‘super user’ abused system permissions and caused significant problems.”

Human error

Successful attacks can also be a result of innocent human error or misconfiguration. To reduce the risk of becoming a victim, it’s important that regular security awareness programmes for staff are implemented to tackle threats such as email phishing, says Phil Robinson, principal consultant at security consultancy Prism Infosec.

Zero trust, which relies on strong user authentication, is “extremely powerful” when dealing with a mobile workforce, says Cloudflare’s CTO, John Graham-Cumming.

Making leaders aware

Protecting your organisation from the most common security problems starts from the top. As threats increase, putting the issue of cyber risk in front of C-suite leaders should be “a top priority”, says Miri Marciano associate director at BCG. “Unless the topic is in the C-suite, cyber security will exist separately from business and strategy, rather than being tightly integrated.”

Another priority is to quantify the threat, Marciano says. “Firms should quantify their exposure to cyber-attacks and anticipate the costs and resources required to combat them.”

At the same time, a critical factor in reducing risk is having a strong cyber security policy, says Lorenzo Grillo, managing director and cyber security specialist at Alvarez & Marsal. “However, many companies still do not have one, or it is not really implemented,” he says.

As part of this, companies should ensure they are implementing steps to ensure their network is secure, including the right technology, policies and procedures to avoid falling victim to cyber-attacks. “Technology is a part of the solution, but a holistic response requires comprehensive strategy, policy and process,” Grillo adds.

Grillo also outlines the importance of backing up data, which safeguards business from threats including ransomware. “Ensure you encrypt your backups, especially if storing them in the cloud. Hackers often target a backup server but if your information is encrypted, their attempts will be useless.”

Incident response plan

Overarching this, firms should not forget the basics, says Stewart. “That means looking at common software vulnerabilities and patching them quickly, controlling user identities and deploying effective security analytics.”

Security threats are always changing. In an increasingly hostile threat landscape, experts therefore outline the importance of testing your defences and ensuring incident response plans are in place in case the worst does happen.

“Some companies don’t have any plans in place, which is difficult to believe when so many have seen their systems attacked,” Stewart says. “Having a good incident response plan can reduce the impact of a breach considerably, as well as making it easier to get systems back up and running.”

Related:

Jake Moore – deepfake is the next weapon in cybercrime – ESET cybersecurity specialist Jake Moore on what safeguards every business should have to combat cybercriminals, how CTOs can make their job easier, and why deepfake video is the next front in the cyberwar

Hackers can guess your password using thermal imagery – A thermal attack system guessed 93% of eight-symbol passwords and all six-symbol passwords in a study

Spending on cyber security to hit $188bn next yearCyber security spending will also enjoy double-digit growth in 2024 until cheaper solutions enter the market

Leave a comment