Arm Yourself Against Modern Cyber Threats

Mark Ziesemer / March 19, 2018
Arm Yourself Against Modern Cyber Threats

On a near-weekly basis, we hear of companies and organizations being “hacked.” These information security incidents may range from denial-of-service attacks, including ransomware, crypto mining, etc. – to data breaches / theft where the sensitive or confidential information that is valuable to hackers is stolen. While the largest affected companies are frequently the ones making news headlines, no organization is immune. Affected organizations ultimately ask themselves why they weren’t prepared for these attacks. In most cases it’s due to legacy security hardware, software, and practices – combined with a reactive rather than a proactive approach to an organization’s defenses.

In today’s world there are new and innovative threats from hackers who bypass these reactive, legacy, and/or perimeter defenses. If organizations don’t incorporate new and innovative defenses, they will be vulnerable to these threats and might find themselves in news headlines and faced with staggering liabilities. Both technical and administrative defenses need to be working around the clock to keep your organization safe.

A big reason why there is a large wave of security threats is because it has become harder to defend against multiple threat vectors. While an organization was once possibly able to defend against threats in the office, today people work anywhere and everywhere - making it harder to defend and stretching IT teams thin. The good news is that there are modern defense capabilities which will address multiple vulnerabilities hackers are creatively taking advantage of. What do these new types of threats look like?

New and innovative cyber threats

Cybercriminals are smart, creative, and increasingly organized. Their methods are sophisticated, stealthy, and fast. These hackers have taken advantage of our freedom in the workplace by identifying vulnerabilities. IT professionals need to constantly defend against these new threats. There are a number of new threats that IT professionals have to consider as they look to take a proactive approach to defense:

  • Ransomware, which is the method of locking people out of their data and forcing organizations to pay – usually in Bitcoin or other cryptocurrency – to  get it back. Many are forced to give in or rebuild their whole network.  According to security experts, cybercriminals took in an estimated $1 Billion in 2016.[1]

  • File manipulation and/or sabotage of software/appliances to affect stock value or deface websites.

  • Exploitation of zero-day vulnerabilities – taking advantage of a security vulnerability on the same day that the vulnerability becomes generally known, or before patches are readily available.

  • Exploitation of vulnerabilities that have already have patches available, but where the patches have not been effectively or fully applied across an organization’s applications and infrastructure (which is unfortunately more common of an occurrence than the zero-day vulnerabilities mentioned above).

  • Interception of split-second online credit card transactions.

  • Hacking of Internet-connected devices – ranging from security cameras to smart watches, skateboards, and even cars.

  • Phishing has evolved into spear phishing, which uses malicious emails that appear to come from someone the user knows and trusts.[2]

  • Older threats like the Heartbleed vulnerability are being revised into new attack schemes.

  • Distributed denial-of-service (DDOS) attacks flood servers with incoming traffic in order to overwhelm them and prevent an organization from continuing to function and service their customers.

  • Polymorphic and environmentally-aware malware.

  • New classes of side-channel / covert channel attacks, such as the Meltdown and Spectre vulnerabilities.

Traditional security is not effective

Once adequate or cutting-edge security from 5 to 10 years ago is now no match against the sophistication and creativity of today’s attacks. Traditional security methods include legacy defenses like firewalls, proxy servers, and having a DMZ for network security. These defenses are generally perimeter-based, which weren’t designed to defend a large or multi-variable perimeter. They may work well in the office or facility, but can’t extend out to provide protection to mobile or remote users, or large increases in traffic. These devices are inherently reactive, only able to protect after an attack is detected. There are also gaps in the time it takes to apply patches and security updates to the network once new vulnerabilities are disclosed. Many changes to the technology landscape are providing cyber criminals with new platforms to attack:

  • Networks have changed: Networks now extend beyond the physical office to remote sites and data centers, and to the cloud.

  • Distribution of data: Through cloud-delivered solutions, data is stored on third-party servers that are accessed from third-party networks over Wi-Fi access points and through wireless carriers.[3]

  • BYOD: Laptops, tablets, and mobile devices are often outside an organization’s reach.

  • Internet of Things: A growing array of connect devices are providing cybercriminals a different opportunity to access a network.

Practices you should be implementing to combat these attacks

The good news is that there are modern defenses to combat these attacks and protect new technological vulnerabilities:

  • Cloud-delivered security services.[4]

  • Leveraging a DNS security solution, as well as shoring-up your own DNS infrastructure.

  • Identifying approved interactions between users and data based on the specific data you’re trying to protect.

  • Implementing network micro-segmentation.

  • Continuously identifying threats across all users, devices, applications, and ports.

  • Creating multiple layers of protection / defense-in-depth.

  • Accounting for advanced threats that are specifically designed to outmaneuver security tools.

  • Staying up-to-date on the latest attacks with intelligence and protection.

  • Creating and maintaining security policies that account for current trends in Information Technology and Information Security.

  • Keeping security simple for end-users, while promoting security training and awareness.

With the increasing frequency and severity of cyber-attacks, it is critical for your organization to follow these and other best security practices. No one wants their organization’s name in the news for something that could have been easily prevented.  To help identify your organization’s risks and options for remediation, consider a cyber security assessment as part of your security strategy.  These assessments will provide your team with the recommendations you need to protect your organization from modern threats.
 

 


[1] Lawrence, Miller. Ransomware Defense for Dummies. John Wiley & Sons Inc., 2017. PDF

[2], [3], [4] What attacks aren’t you seeing? Cisco. PDF

Mark Ziesemer
About the Author


Mark Ziesemer
Information Security Architect
Mark is a versatile Information Technology professional with over 15 years of comprehensive experience and an Information Security focus across networking, infrastructure/operations, cloud technologies, and software development.  He has regularly been involved in all areas of I.T. from design, engineering, and architecture through operations, support, and training – with emphases in security, high availability, monitoring, performance, quality, automation, standards compliance, and documentation across all efforts – and with a proficiency towards providing enterprise services and solutions.

Comments
Blog post currently doesn't have any comments.