Posted on Jul 28, 2021
When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom.
Now, in 2021, the threat landscape has changed. Malware sites still exist, although they’re not the threat they once were, and ransomware is one of the biggest threats faced by organizations. Still, some attack vectors are evergreen — phishing and credential theft have never gone out of style.
So, what does your organization's attack surface look like in 2021?
Phishing is a social engineering attack, which means that a bad actor is playing on your sympathies, or trying to convince you that they’re someone else in order to obtain sensitive data, like your Personally Identifiable Information (PII), financial information, or credentials.
If you’ve ever been emailed by a prince in Nigeria who needs to get rid of some money, you’ve experienced a phishing attack. Most such attacks – especially those that target businesses - are much more sophisticated and are less easy to spot. Some campaigns target an individual using publicly available information, such as information posted to social media, and look legitimate. Phishing can be conducted via email, text, or messaging. You can avoid getting conned by training your staff to spot the telltale signs of a scam, such as the need to input certain information right now. You should also encourage them to check with the purported sender of a potential message through another means of communication before responding.
Malware is any malicious software that is intentionally designed to harm your devices, network, or system. Malware comes in several flavors: from the traditional computer viruses and self-replicating worms to ransomware, which we will get to in the next section. It is often delivered to a computer or network through a phishing email that was clicked on but sometimes is downloaded from a malicious website by mistake. You can avoid malware by monitoring user traffic online, user email behavior, and by using antivirus solutions.
Ransomware has been responsible for some of the biggest data breaches in recent history. The Colonial Pipeline attack earlier this spring is the most recent example. Ransomware is a sort of malware that locks a user out of their systems and data. To obtain the encryption key, they must pay a ransom. If they don’t, consequences are threatened. This can range from posting proprietary information on a public website to simply not getting their data back. That doesn’t mean that the criminals always keep their word when the ransom is paid – they are criminals after all. Avoid ransomware attacks by not clicking on suspicious links, scanning emails for malware, and by keeping a backup of all data. If you are targeted but have your data and systems backed up, you will be able to keep doing business, despite the attack.
First, the bad news: Denial of Service attacks are one of the most common attack vectors; according to Dark Reading, DDoS attacks in the first quarter of 2021 are up by 31% compared to the same period in 2020. Now the good news: DDoS attacks are easy to prevent. DDoS attacks are designed to overwhelm a system by bombarding it with requests. However, you can mitigate a DDoS attack by monitoring network traffic and filtering incoming traffic.
We’ve all heard horror stories about users with 1234 as their passwords, or users who reuse passwords across sites. The numbers back these scary stories up a Google Harris poll found that 65% of users reuse their favorite credentials across multiple — or every — site they use. If those users work for you, that’s not good news for you. It means you’re one credential leak or phishing attempt away from a data breach. What’s the risk of an exposed credential? Well, that depends on the credential: privileged access credentials, which give administrative access to devices and systems, are a much higher risk than your basic user access credentials. Also, the credentials that allow servers, devices, and security tools to integrate with each other would be devastating in the hands of an attacker. To avoid compromised credentials, consider two-factor authentication or do away with passwords by using passwordless authentication for your users.
When you think of a bad actor, who do you think of? Do you think of the bad guys outside of your organization, or do you think of someone who might work for your organization? While yes, there are criminals outside your company, it’s potentially far more damaging to your enterprise when the call is coming from inside the house.
Malicious insiders are employees who expose private company information through privileged misuse – using their access to hurt your company or make money by exploiting your data or networks. To avoid this, know who is behaving suspiciously; monitor data and network access for odd behavior and make a point of knowing which employees are disgruntled.
Not all insider threats are malicious. Some are simply mistakes. Take misconfiguration, for example. When there’s a configuration error, that can leave an organization open to threats and risks. If an Amazon Web Services bucket is misconfigured, that can leave valuable data open to the public internet, and your organization will never know who has seen that data. To avoid this, put processes in place to make sure every part of your network is configured correctly and consistently monitor your networks for inconsistencies.
If you’re sending unencrypted data, you could be inviting a problem. Data encryption translates your data into another form that only people with access to a secret key or password can read. The purpose: protecting your data during storage or transmission between networks. When there’s no encryption or weak encryption, a bad actor who has hacked into a system will simply be able to read your sensitive data. The solution is simple: strong encryption, especially for sensitive data.
Web application attacks are any attack on your enterprise’s internet presence. They often target e-commerce but can also target any other web application. These attacks include SQL injection and cross-site scripting. These sorts of attacks are focused on a particular goal, such as repurposing the web app for malware distribution, for example. You can prevent some of these attacks by using web application firewalls, utilizing secure development, and monitoring for vulnerabilities.
In the last year, much of the workforce has remained at home, working remotely. This has understandably caused security issues. Home wireless networks aren’t as secure as they are in the workplace. Also, your average home network doesn’t have firewalls, and some workers may be using their personal devices to access your network. Criminals are understandably focusing on these insecure endpoints as a way into your enterprise. While many workers are returning to the office, you can protect your remote workers by consistently monitoring your endpoint security and responding to incidents quickly.
SecurityScorecard’s risk ratings can help you monitor your own organization’s safety. Our ratings easy-to-understand security ratings continuously monitor your organization’s information security across 10 groups of risk factors, including endpoint security and application security. Our tools also allow you to monitor the cyberhealth of your vendors, so that you’ll be able to quickly investigate and respond if you or a vendor falls out of compliance.
By continuously monitoring your security, you’ll be able to better protect your remote team and your data.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You can’t manage what you can’t measure. Check out our list of the top 20 cybersecurity KPIs to track in 2021.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.