Cyberthreats You Need to Know (and What to Do About Them)
Did you know that we’ve just come to the end of National Cybersecurity Awareness Month?
When you think about it, October is a fitting choice for such a designation. After all, this is the time of year we’re all watching scary movies about vampires, zombies, and—if you’ve got classic taste—Michael Myers.
Fright of these fictional monsters is part of October’s annual charm, but when it comes to your cybersecurity, the fear of breaches is decidedly not charming. It’s not a nice feeling to know there are actual malicious actors out there, lurking like Halloween ghouls, waiting to find a weakness in your applications, networks, or employees so they can take advantage, leaving you with financial and reputational losses.
As a top cybersecurity assessment firm, we understand what it takes to comply with many different security frameworks, including how to keep any digital “monsters” out of your networks.
In this article, we’ll go over three of the prominent methods cybercriminals use to exploit organizations—phishing, insider threats, and ransomware—along with some basic mitigating tactics you can use against them.
As with haunted houses, the scariest things are what we don’t know is out there, but having read this article, you’ll be more on your toes and ready for the next jump scare.
3 Cyber Threats You Need to Know About in 2022
You’re likely already familiar with the concept of phishing attacks—someone poses as a legitimate institution, often through website ads or e-mails, and dupes you into providing your personal information. Should anyone at your organization click on the wrong link at any given time, suddenly the “horror movie” has manifested itself and made you an example of the price paid for lax cybersecurity.
Common hallmarks of a phishing scam include:
- Too Perfect: As in, the idea—a cash prize or something similar—is too good to be true.
- “Act Fast!”: Sometimes, cyber criminals will even threaten negative consequences if you don’t provide personal details immediately, like shutting down your account.
- Subtle Hyperlink Deception: Bad actors will get sneaky with their URLs—at a quick glance, you might read bankofarnerica.com and see nothing wrong, but if you examine it closer, you’ll see clicking it won’t direct you to your bank.
Phishing actually falls under the larger umbrella of social engineering, which encompasses more tactics that take advantage of unsuspecting people.
2. Insider Threats
The human element to your cybersecurity is also particularly important when it comes to dealing with insider threats. Phishing may originate externally, but insider threats come from within your organization—think employees (current and former), vendors, or other stakeholders. They use their authorized access to do harm—whether they’re being deliberately malicious or unwittingly negligent.
Examples of insider threats include:
- Those who exfiltrate data after being fired or furloughed
- Those who sell company data or trade secrets for profit
- Lax third-party vendor security (which was responsible for the infamous Target breach)
The point is that you not only have to worry about those who don’t have access getting into places they shouldn’t—you also have to worry about those that do have access.
Finally, we come to ransomware—one of the most prevalent of cyberthreats at the minute. What was a popular buzzword has become extremely lucrative for cybercriminals. A type of malware, ransomware allows a hacker to encrypt a victim’s file system and revoke the organization’s access so that they can extract money in exchange for the data and/or restoration of access.
These criminals often use the following to get their exploitation malware onto your systems:
- Phishing—mentioned above
- Drive-by downloading—when a user unknowingly visits an infected website, at which point malware is downloaded and installed without their knowledge.
- Poor patch management – Internet-facing servers or services with unpatched vulnerabilities allowing remote code execution (RCE). When this type of issue is exploited, an attacker gains a foothold on your infrastructure, they can execute ransomware, or pivot deeper within the network.
Not only do you stand to potentially suffer an irreversible loss of your data, but the ransom numbers that must be paid aren’t always small peanuts either—the highest known ransom payment to date was $40 million USD paid by CNA Financial in 2021.
Given that 2021 also showed a 100% increase in the attacks themselves, it’s long past time to start taking these threats seriously.
How to Mitigate Cyberthreats
So then, how to equip yourself with the right tools and—perhaps most importantly—informed employees in preparation to defend against these villains?
Take Internal Action
Let’s break down these two facets we mentioned and provide some basic starting points:
What You Should Do
At a baseline, do you have these in place?
To take it up a notch, have you implemented these?
Instill a clean desk policy
Mandate adequate security training and awareness activities
How to know what’s “adequate?”
Human error remains one of the biggest threats against security, but your staff can also serve as the biggest assets here as well—they just have to know what to look for while going about their work.
For more information on how to build a successful cybersecurity program across the board, read our article on the 5 cornerstones you need.
Leverage Security and Compliance Assessments Against Cyberthreats
Many organizations already have to comply with different industry standards such as NIST, PCI, ISO, and HIPAA—adhering to those best practices within the frameworks will help tighten your security. You also might consider penetration testing, of which there are different types that will simulate specific cyberattacks on your networks and applications to discover your vulnerabilities:
- How to Prepare for Your API Penetration Test
- What is an External Network Penetration Test?
- How to Prepare for Your Web Application Penetration Test
- How to Prepare for Your Internal Network Pen Test
Schellman does perform all of these, but in light of the epidemic of ransomware, in particular, we’ve also created a service that addresses this specific cyber threat—it’s called our Ransomware Preparedness Assessment.
To support you in shoring up your cyber defenses, we also created a Ransomware Checklist you can use for an internal evaluation, but this relatively quick assessment will evaluate those efforts and determine if you’re really ready against such threats—such independent confirmation will help you sleep better at night.
Next Steps for Your Cybersecurity
October may be National Cybersecurity Awareness Month, but the need for cyber defenses is year-round, especially now as attacks continue to grow more and more sophisticated. Awareness is key—for you and your staff—and now you know about three big approaches hackers use.
We also provided tips and other resources to help you shore up your protections, along with new unique assessment options that can support those efforts—if you think you may be interested in exploring the possibilities for added reassurance, please contact us.
In the meantime, for more tips on personal accountability and security, the National Initiative for Cybersecurity Careers and Studies (NICCS) is a great resource that offers good details on how individuals should be cognizant of internet use from both a personal and professional standpoint.
You might also check out our other content on other cybersecurity resources and threats so you can take all the necessary steps to protect yourself:
About JOSH TOMKIEL
Josh Tomkiel is a Director and Penetration Tester based in Philadelphia, PA with over 10 years of experience within the Information Technology field. Josh has a deep background in all facets of penetration testing and works closely with Schellman's other service lines to ensure penetration testing requirements are met. Additionally, Josh leads the Schellman's Red Team service offering, which provides an in-depth security assessment focusing on different tactics, techniques, and procedures (TTPs) for clients with mature security programs.