Mon, March 19, 2018

Types of Cyber Security Threats & How to Prevent Them

 

 

Cyber Security continues to be of concerns to both enterprise and small to medium sized businesses alike, due to the increasing sophistication and number of threats that are out there. Below we will outline a few of the most common cyber security threats, as well as a few best business practices to implement to protect your organization.

 

Bots

“Bots” is short for “robots” which are automated programs that function through and over the internet. Bots operates the same way that a human user would operate, but with malicious intent. This can make them difficult to detect and prevent from affecting a user or company’s data.

According to Incapsula’s annual Bot Traffic Report, bad bots made up 28.9% of website traffic.* With almost 30% of site traffic consisting of bad bots, how do these bots operate? There are numerous types of bots, but these are some of the most common bad bots.

  • Impersonator Bots: These types of bots are attack bots that disguise themselves as legitimate users to bypass a company’s security measures. Oftentimes, they’re linked to “Denial-of-Service” attacks, which block legitimate users from accessing the network, server, or site.
  • Scraper Bots: These bots search the internet for information and data it can steal and use elsewhere without the owners permission or knowledge. One example is the contact information, such as email addresses, that are listed on a company website. Scraper bots can search for this information as a means of then spoofing an email and requesting for information, payment, etc.
  • Spam Bots: This is one of the more commonly known bots, that deliver spam-like content through email, website content, or social media.

 

Trojans

A trojan is a dangerous malware that is often hidden or disguised as an innocent tool or legitimate software. Sometimes the Trojan itself is the malicious villain – for instance, the Spy Trojan will monitor computer activity for passwords, logins, and other sensitive information.  In other cases, it will just open the doors for other more malicious ones to come in. Trojans cannot self replicate like computer viruses, but they still can delete, copy, modify, block, or interfere with the abilities of an individual computer or network.

Social Engineering & Ransomware

Social Engineering refers to manipulating, influencing, or deceiving an individual in order to gain illegal access and control to a computer or network. Typically after gaining illegal access company data is held at “ransom”, preventing users from accessing until a sum of money (usually Bitcoin) is paid. According to the United States Justice Department, there were up to 4,000 ransomware attacks per day in 2016.

  • Phishing: Phishing typically is a fraudulent email, with a link or an attachment that contains malicious content. They are designed to gain personal information, such as passwords, credit card information, etc. and are becoming more and more difficult to differentiate. For example, there may only be subtle differences when looking at a legitimate email and the phishing email side by side – including small differences in URL, incorrect spelling, other random people cc’d on the email.
  • Baiting:  Baiting refers to dangling something in front of a victim to influence them to take some course of action. For instance, leaving USB thumb drives in a public or common area for them to download and infect their computer.
  • CEO Fraud: Also known as whaling, this social engineering tactic is where one will impersonate a C-level executive or administrator and request a wire or transfer of money.

 

Preventing Cyber Threats

Although these are just a few of the cyber threats that exist, there are ways to prevent them from impacting your business. For instance, implementing a firewall that also includes security features like Intrusion Protection, AV & Malware, and Advanced Threat Protection. Content filtering is also a very helpful security tool, where certain websites or applications are blocked.

However, one of the most important, yet most commonly overlooked prevention tool is user education.  At the end of the day, your organization can have all of the proper network security in place; it just takes one user to click a wrong link or go to an infected website. Education your users with Security Awareness Training can decrease your chances of a user clicking on a link in a phishing email because they’ve been trained on what to look for.