The way we work has changed in recent years, and with this shift, new cybersecurity risks have also arrived. Hybrid and remote work has spurred businesses to move their data and processes to the cloud, led to the introduction of new devices, and expanded the digital footprints of many organizations. All of these changes create new opportunities for cyber attacks. IBM’s 2022 Cost of a data breach report estimated that, for the majority of companies, it’s not if a data breach will happen, but when. Cyber attacks are not only becoming more frequent — they’re also getting more sophisticated. “For example, modern attacks are significantly more likely to have multiple stages that exposes companies to different kinds of risks. A ransomware attack can lock users out of the company network while also exfiltrating sensitive data to sell on the dark web,” wrote Cisco.Fortunately, there are steps that companies can take to mitigate common security risks. Building a strong defense starts with understanding what it is you’re up against. Beware of these four common types of cyber threats – and learn what you can do to prevent them.
Advanced phishing attacks
Phishing takes place when a hacker tricks an individual into handing over information or exposing sensitive data using a link (with hidden malware) or a false email. Phishing attacks typically trick users into downloading malware or giving up their credentials, enabling hackers to steal confidential data. Microsoft’s recent survey of business leaders in four countries found that phishing threats are currently the biggest risk to security. Since March 2020, 90% of those polled said that phishing attacks have impacted their organization, and 28% admitted that attackers had successfully phished their users.Recently, phishing emails have targeted enterprises to capture personal data and financial information using one of the following tactics:
- Using download links for platforms and tools that help remote teams communicate, such as video conferencing
- Posing as “critical update” downloads for enterprise collaboration solutions, such as Microsoft OneDrive, and social media applications
- Targeting IT service providers that ask for payment in order to provide tech support.
Phishing is so effective because it can be very hard to recognize and targets individual people, rather than IT vulnerabilities. As users become savvier, hackers are also changing their tactics and using machine learning to craft and distribute fake messages more quickly. Hackers are also reportedly coming up with new ways to evade automated security tools. How to prevent phishing: The best chance to prevent phishing attacks is to educate your teams on what to look for in a phishing message. Poor spelling and grammar, as well as an email address that doesn’t match the user, are telling signs of a phishing message. If an offer seems too good to be true, it is a good sign you’re being scammed. In addition to user education, you can add multi-factor authentication and other interventions to stop phishing messages from getting through. “Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink," said one security expert told ZDNet.Keep in mind, though, that even multi-factor authentication is not a silver bullet – as illustrated by last month’s major Uber Breach. You’ll need to rely on a combination of security tools and processes to ensure that employees are educated about phishing threats while minimizing their exposure to phishing-based attacks.
Ransomware
Ransomware is a type of security threat that encrypts a victim’s files, so they can’t access their information. The hacker then asks for a ransom – usually payment – to restore access and decrypt the user’s data. There was a seven-fold increase in ransomware attacks in 2020 targeting companies of all sizes. In 2021, Cisco estimates that 50% of organizations experienced ransomware attacks. Two high-profile cases of ransomware were found at Colonial Pipeline and the city of Baltimore. The Colonial Pipeline is one of the largest and most important oil pipelines in the U.S., supplying oil to the East Coast states from the Gulf of Mexico. The ransomware attack launched by a group known as DarkSide stole 100 gigabytes of data within a two-hour window. The company had to temporarily shut down the pipeline and pay a nearly $5 million ransom to regain access to files and data. Similarly, the city of Baltimore was hit by ransomware in 2019, forcing the city to stop processing all payments in and out. Ransomware is a potent threat that’s often used in addition to phishing attacks, which is why implementing security to prevent this threat is critical. How to prevent ransomware: First and foremost, it’s important to make sure your security protocols are kept airtight – and apply security patches as quickly as possible to prevent hackers from exploiting vulnerabilities.Multifactor authentication can also prevent hackers from getting too far into your system. And, you should regularly back up your system so if a ransomware attack does happen, you’ll be able to recover some data.
Identity-based cyberattacks
Identity-based attacks use credentials to access systems and steal information. According to Gartner, misuse of credentials is now a primary method used by hackers. What does this look like in practice? Stolen credentials can include password-based cyberattacks that target users who have the same password for multiple sites. Research from the World Economic Forum found that 4 out of 5 global data breaches are caused by weak/stolen passwords. It’s one of the most common identity-based attacks that hackers are using today. There are several different ways a hacker can infiltrate your system using a password-based cyberattack. A brute force attack, for instance, uses a computer program to try to forcibly log in to a user’s account by trying all possible password combinations, starting with the most common and easiest-to-guess options – for instance, “1234” or “abcde”. There’s also a method known as “credential stuffing” that’s becoming increasingly popular. Credential stuffing occurs when someone uses stolen credentials from one organization to access user accounts at another organization. Hackers can find credentials that were obtained during a data breach and purchase them off the dark web. Notably, for these attacks to succeed, it’s often because an employee is reusing the same password on multiple sites. Sensitive data like passwords, credentials and secrets are in constant danger of exposure, especially as more companies conduct the majority of their business in the cloud. The highly collaborative and always-on nature of cloud services make it hard to enforce good password practices. Therefore, organizations need data loss prevention (DLP) to secure essential data from being exposed. How to prevent a password-based attack: Require your company to follow IAM best practices, such as the use of password-free multifactor authentication methods. This is a type of authentication that requires a user to confirm their identity during the login process through a separate channel. This extra step can also protect your workspace in case there’s any account compromised or if a device gets stolen. [Read more: 5 Identity and Access Management Best Practices]
IoT and smart medical devices
The internet of things makes life a lot easier – for both businesses and bad actors. Connected devices are an increasingly popular target for cyber threats. In 2019, cyberattacks on IoT devices increased by 300%. This includes attacks on everything from laptops and webcams to smart homes (like Google Nest), smart watches, routers, and other home appliances. Our personal devices aren’t the only things that are vulnerable. The Software Engineering Institute of Carnegie Mellon University reported, “As more devices are connected to hospital and clinic networks, patient data and information will be increasingly vulnerable. Even more concerning is the risk of remote compromise of a device directly connected to a patient. An attacker could theoretically increase or decrease dosages, send electrical signals to a patient or disable vital sign monitoring.”Healthcare providers must also contend with protecting patient data. As many healthcare providers shift to remote work, they become an attractive target for hackers. Protected health information (PHI) must be kept safe during all cloud-based activities – yet many SaaS providers, including Slack, are not HIPAA-compliant right out of the box.How to prevent IoT attacks: IoT attacks are sophisticated, and the best ways to protect your devices are to use strong passwords and keep your software up to date. Experts also suggest keeping your devices unlinked from social media. Along with protecting your devices, look for a DLP partner who can protect your patient data while working on SaaS and IaaS platforms. Check out our coverage of instituting and maintaining HIPAA compliance on Slack.
Third-party partner risk
Sometimes, the problem can originate from a partner in your supply chain or a third-party vendor. A recent report found that 60% of data breaches involve a third party, and that only 52% of companies have security standards in place regarding third-party vendors and contractors.Third-party risk has always been a concern for organizations, but since COVID and the rise of remote work, we’ve seen a dramatic acceleration in campaigns leveraging software supply chain attacks — not just through open source vulnerabilities, but through closed source applications and services as well.Not only can partners put your organization at risk of attack, but they can also lead to compliance liabilities. HIPAA is one example of a regulation that makes the primary healthcare provider responsible for PHI security at its partner vendors. If there’s a breach at any of your suppliers that compromises protected data, you could be liable for damages. How to mitigate third-party risk: Companies need to put pressure on their suppliers to demonstrate security best practices. If you provide third parties with access to your SaaS environments, proactively and regularly review their scoped permissions, so you can have a decent idea of your security posture. Where appropriate, you should remove or limit access. Likewise, invest in tools like cloud-native data loss prevention that continuously monitor your environments for sensitive data like API keys in messages, images, and logs that might be embedded in your SaaS environments. This will help reduce risks of insider threat and protect data from being shared in a space where it’s vulnerable to hackers.
[Read more: Dissecting Supply Chain Attacks: A Report on a Growing Sensitive Data Exposure Vector] Want to learn more? Get started with Nightfall by scheduling a demo at the link below.