Feb 20, 2018
The first defense against cyber threats is to assume you will be attacked — if you’re not under attack already.
These kinds of threats await everybody who uses the internet and mobile devices. Understanding what you’re up against is the vital first step toward learning how to deal with these risks.
With that in mind, here’s a look at four of the most common cyber threats.
1. Financial cybercrime
Ransomware has become a global menace for one simple reason: It’s easy to get away with.
Before the rise of ransomware, cybercriminals have had to do risky things like stalking retail point-of-service operations and installing data scanners on ATMs. Every time they steal something, they leave a potential data trail that could lead the police to their doorstep.
Those scammers have to spend months or years perfecting these techniques. They have to devote time and resources, and to commit their crimes in specific geographic areas. And they live under constant threat of getting caught and convicted.
Contrast that with ransomware: A single cybercriminal can find an app on the dark web and use nefarious techniques to pollute the world with a ton of spam that’s loaded with malware designed to encrypt somebody’s computer if they accidentally click on the wrong link.
The hostage taker gets paid in untraceable bitcoin and is free to offend again with little chance of getting caught. It’s so much simpler than other cybercrimes that it’s amazing it doesn’t happen even more often.
2. Social engineering
Perhaps the most insidious cybercriminals are the ones engaging in social engineering — manipulating people’s natural tendency to let down their guard around people they know and trust.
Social engineering works like this: Cybercriminals create phony web pages that look identical to common online services like Gmail or WordPress. They then use tactics like spear-phishing to get into people’s email accounts, monitor their activity, learn how they do business and start to emulate them.
It even happens to CEOs: Somebody spoofs a top executive’s account info and uses it to request a wire transfer of, say, several hundred thousand dollars. The recipient doesn’t realize the account is fake and approves the transaction. And the cybercriminal sneaks off with a six-figure prize.
Perhaps most infamously, Russian hackers used social engineering to access emails of the Democratic Party in the 2016 election. These high-profile cases, however, shouldn’t give people the impression that they are safe if they are obscure. Anybody with an email account is vulnerable to social engineering because it relies on the trust that binds societies together.
3. Employee negligence or misconduct (or both)
You can implement world-class cybersecurity tools and hire the best cyber defenders on the planet, but guess what? Cybercriminals might not attack your strongest points of defense.
Instead, they can attack where you’re the weakest — people who have poor training and minimal supervision, but still have access to your networks. And sometimes you’ll just have bad luck: an employee forgets a laptop in a taxi or leaves a smartphone behind in a coffee shop.
In some ways, it’s easier to live with the reality of careless or unlucky employees. What’s worse are the disgruntle ones who deliberately try to sabotage your business. Many workers decide to exact revenge months or years afterwards, and they hide their motives and try to cover their tracks.
They also do their own brand of social engineering, exploiting your trust and doing as much damage as they can get away with. For all your efforts to thwart external security threats, you can easily overlook the risk of internal ones.
4. Email vulnerabilities
Email uses open protocols that transmit data unprotected by default. It also relies on email clients and servers that might have unpatched vulnerabilities.
Because email is ubiquitous and often unprotected, it makes a particularly attractive target for cybercriminals. Indeed, email enables cybercrimes in all the threat areas we’ve outlined here.
You can protect email with encryption in the client, in storage, and during transmission — provided you have the expertise to configure everything correctly. You also need software to monitor your email servers for signs of suspicious activities.
Ideally, you’d have access to machine-learning algorithms that can help sniff out bad actors and kick them out of your systems before they can do any more damage.
Partnering with ENT and Barracuda Networks for cybersecurity
We’ve dealt with all these threats at Essential Network Technologies, from malware to ransomware and more. Our network technicians have deep training and certifications to keep our clients’ networks secure, but we don’t rely on our wits alone. We partner with the experts at Barracuda Networks for services like:
- Office 365 email security
- Public cloud deployments
- SSL VPN & remote access
- Web application firewalls
Today’s cyber threats are too numerous to ignore — but it’s just too hard to face them on your own. At ENT, we can help you manage your risks with local experts and world-class cybersecurity technology.
To find out how we can strengthen your security posture register for the webinar below.