• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

10 Common Cyber Attack Vectors and How to Avoid Them

07/28/2021

When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom.

Now, in 2021, the threat landscape has changed. Malware sites still exist, although they’re not the threat they once were, and ransomware is one of the biggest threats faced by organizations. Still, some attack vectors are evergreen — phishing and credential theft have never gone out of style.

So, what does your organization’s attack surface look like in 2021?

Common cyber attack vectors in 2021

1. Phishing

Phishing is a social engineering attack, which means that a bad actor is playing on your sympathies, or trying to convince you that they’re someone else in order to obtain sensitive data, like your Personally Identifiable Information (PII), financial information, or credentials.

If you’ve ever been emailed by a prince in Nigeria who needs to get rid of some money, you’ve experienced a phishing attack. Most such attacks – especially those that target businesses – are much more sophisticated and are less easy to spot. Some campaigns target an individual using publicly available information, such as information posted to social media, and look legitimate. Phishing can be conducted via email, text, or messaging. You can avoid getting conned by training your staff to spot the telltale signs of a scam, such as the need to input certain information right now. You should also encourage them to check with the purported sender of a potential message through another means of communication before responding.

2. Malware

Malware is any malicious software that is intentionally designed to harm your devices, network, or system. Malware comes in several flavors: from the traditional computer viruses and self-replicating worms to ransomware, which we will get to in the next section. It is often delivered to a computer or network through a phishing email that was clicked on but sometimes is downloaded from a malicious website by mistake. You can avoid malware by monitoring user traffic online, user email behavior, and by using antivirus solutions.

3. Ransomware

Ransomware has been responsible for some of the biggest data breaches in recent history. The Colonial Pipeline attack earlier this spring is the most recent example. Ransomware is a sort of malware that locks a user out of their systems and data. To obtain the encryption key, they must pay a ransom. If they don’t, consequences are threatened. This can range from posting proprietary information on a public website to simply not getting their data back. That doesn’t mean that the criminals always keep their word when the ransom is paid – they are criminals after all. Avoid ransomware attacks by not clicking on suspicious links, scanning emails for malware, and by keeping a backup of all data. If you are targeted but have your data and systems backed up, you will be able to keep doing business, despite the attack.

4. Denial of Service (DDoS) Attacks

First, the bad news: Denial of Service attacks are one of the most common attack vectors; according to Dark Reading, DDoS attacks in the first quarter of 2021 are up by 31% compared to the same period in 2020. Now the good news: DDoS attacks are easy to prevent. DDoS attacks are designed to overwhelm a system by bombarding it with requests. However, you can mitigate a DDoS attack by monitoring network traffic and filtering incoming traffic.

5. Compromised Credentials

We’ve all heard horror stories about users with 1234 as their passwords, or users who reuse passwords across sites. The numbers back these scary stories up a Google Harris poll found that 65% of users reuse their favorite credentials across multiple — or every — site they use. If those users work for you, that’s not good news for you. It means you’re one credential leak or phishing attempt away from a data breach. What’s the risk of an exposed credential? Well, that depends on the credential: privileged access credentials, which give administrative access to devices and systems, are a much higher risk than your basic user access credentials. Also, the credentials that allow servers, devices, and security tools to integrate with each other would be devastating in the hands of an attacker. To avoid compromised credentials, consider two-factor authentication or do away with passwords by using passwordless authentication for your users.

6. Malicious Insiders

When you think of a bad actor, who do you think of? Do you think of the bad guys outside of your organization, or do you think of someone who might work for your organization? While yes, there are criminals outside your company, it’s potentially far more damaging to your enterprise when the call is coming from inside the house.

Malicious insiders are employees who expose private company information through privileged misuse – using their access to hurt your company or make money by exploiting your data or networks. To avoid this, know who is behaving suspiciously; monitor data and network access for odd behavior and make a point of knowing which employees are disgruntled.

7. Misconfiguration

Not all insider threats are malicious. Some are simply mistakes. Take misconfiguration, for example. When there’s a configuration error, that can leave an organization open to threats and risks. If an Amazon Web Services bucket is misconfigured, that can leave valuable data open to the public internet, and your organization will never know who has seen that data. To avoid this, put processes in place to make sure every part of your network is configured correctly and consistently monitor your networks for inconsistencies.

8. A Lack of Encryption

If you’re sending unencrypted data, you could be inviting a problem. Data encryption translates your data into another form that only people with access to a secret key or password can read. The purpose: protecting your data during storage or transmission between networks. When there’s no encryption or weak encryption, a bad actor who has hacked into a system will simply be able to read your sensitive data. The solution is simple: strong encryption, especially for sensitive data.

9. Web Application Attacks

Web application attacks are any attack on your enterprise’s internet presence. They often target e-commerce but can also target any other web application. These attacks include SQL injection and cross-site scripting. These sorts of attacks are focused on a particular goal, such as repurposing the web app for malware distribution, for example. You can prevent some of these attacks by using web application firewalls, utilizing secure development, and monitoring for vulnerabilities.

10. Your Remote Workforce

In the last year, much of the workforce has remained at home, working remotely. This has understandably caused security issues. Home wireless networks aren’t as secure as they are in the workplace. Also, your average home network doesn’t have firewalls, and some workers may be using their personal devices to access your network. Criminals are understandably focusing on these insecure endpoints as a way into your enterprise. While many workers are returning to the office, you can protect your remote workers by consistently monitoring your endpoint security and responding to incidents quickly.

How can SecurityScorecard help?

SecurityScorecard’s risk ratings can help you monitor your own organization’s safety. Our ratings easy-to-understand security ratings continuously monitor your organization’s information security across 10 groups of risk factors, including endpoint security and application security. Our tools also allow you to monitor the cyberhealth of your vendors, so that you’ll be able to quickly investigate and respond if you or a vendor falls out of compliance.

By continuously monitoring your security, you’ll be able to better protect your remote team and your data.

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube