Five common misperceptions about business cyberattacks
Date:
Sat, 31 Jul 2021 06:41:48 +0000
Description:
Its easy to think "itll never happen to us", but those decision makers are counting the costs now.
FULL STORY ======================================================================
Most decision makers in IT management are having to spin so many plates, all at the same time, that theres always a danger one of them will eventually
fall to the floor and smash. About the author
Peter Mackenzie, incident response manager, Sophos .
The problem is, just because youve attended to a cyber security issue, or decided that its not relevant for your business, that doesnt mean you can forget all about it. With the increasing sophistication and determination of attackers, and the type of threats evolving all the time, you cant afford to drop your guard with any aspect of security, even for a moment.
While maintaining IT security is an increasingly challenging task, a good place to start is to avoid a number of common misperceptions, all of which were encountered within a wide range of organizations when investigating and neutralizing attacks over the past year. Misperception 1: We are too small to be a target and dont really have anything worth stealing
It's easy to think attackers might be targeting bigger fish than your organization. Or that youre in a low-interest sector and simply dont have any assets likely to attract the attention of a passing cybercriminal. But our experience tells us otherwise. If you have processing power and a digital presence, you are a potential target.
Its worth remembering that even though hackers from North Korea and Russia make the headlines, most attacks are not carried out by nation states but opportunists looking for easy prey. So, whatever size your business, if you have any weaknesses in your defenses, such as security gaps, errors or misconfigurations, then you could easily be next. Misperception 2: We dont need advanced security technologies installed everywhere
Some IT teams still believe that endpoint security software is enough to thwart all threats, and that they subsequently dont need security for their servers . Big mistake. Unlike in the past, any errors in configuration, patching or protection make servers a primary target.
The list of attack techniques designed to bypass or disable endpoint software include those operated by humans which exploit social engineering, malicious code injected directly into memory, fileless malware attacks such as reflective DLL (Dynamic Link Library), and attacks using legitimate remote access agents like Cobalt Strike, alongside everyday IT admin tools. Unfortunately, basic anti-virus technologies will struggle to detect and
block such threats.
Even the assumption that protected endpoints can prevent intruders from
making their way to unprotected servers is misguided. Recent experience tells us servers are now a prime target and attackers can easily find their way in using stolen access credentials.
Most contemporary cyber criminals have a strong understanding of Linux machines. In fact, attackers can hack into and install back doors in Linux machines to hide and maintain access to your network . If your organization only relies on basic security, intruders wont find it too difficult to bypass your defenses in this way. Misperception 3: We already have robust security policies in place
Yes, having security policies for applications and users is critical. But
once youve got them in place, thats not the end of the matter. These policies need to be checked and updated constantly as new features and functionality are added to devices connected to the network, and the strategies of cyber attackers become increasingly more sophisticated.
Your organization needs to test its cyber security policies regularly, using techniques such as penetration testing , tabletop exercises and trial runs of your disaster recovery plans to ensure your defenses are as robust as you would like to believe. Misperception 4: Our employees understand security
According to Sophos State of Ransomware 2021, 22 per cent of organizations believe theyll be hit by ransomware in the next 12 months as its hard to stop their end users from compromising security. Training helps but messages learned can soon be forgotten.
Besides, social engineering tactics like phishing emails are becoming increasingly hard to spot. Messages are often hand-crafted, accurately written, persuasive, and carefully targeted.
Cyber criminals are constantly finding new ways to catch end users unaware.
As they step up their efforts, you need to increase yours too. Educate your employees on ways to spot suspicious messages and what to do when they
receive one. Make sure they have the contact details of the right person in your team to notify, and that they do it immediately so other employees can
be alerted. Misperception 5: Incident response teams can recover my data
after a ransomware attack
Unfortunately, your confidence in the response teams powers of recovery is misguided. Attackers today are more professional than ever. They make fewer mistakes and the encryption process has improved, so you can no longer rely
on your responders to find a way to undo the damage.
Automatic backups like Windows Volume Shadow Copies are also deleted by most modern ransomware. As well as overwriting the original data stored on disk, this makes recovery impossible if you arent prepared to pay the ransom. And, even then, only 8 per cent of organizations that pay the ransom successfully retrieve all their data.
As you will have gathered by now, IT decision makers and complacency do not
go well together. Too many organizations who believed it could never happen
to them are now counting the cost after it has happened.
Instead of sitting back and assuming everythings going to be OK, you need to take full control of your business affairs before somebody else does.
======================================================================
Link to news story:
https://www.techradar.com/news/five-common-misperceptions-about-business-cyber attacks/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)