• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

Four Common Types of Cybersecurity Attacks You Need to Protect Against in 2020

Private: Negin Aminian
03/11/2020

As technology has become more complex, so have the attack vectors that cyber criminals leverage to gain unauthorized access to networks. Furthermore, the ever-evolving nature of the cyberthreat landscape has made it difficult for organizations to implement security solutions without them quickly becoming obsolete. This means that for organizations to stay ahead of threat actors, they need to have a comprehensive understanding of prevalent cybersecurity attacks.

It is important to identify which threats pose the greatest risk to your company and build proactive security strategies to protect against them. This will ensure that the preventive measures you take are effective and allow you to better manage cybersecurity at your organization.

Here is a list of the most common cybersecurity attacks that you need to protect against in 2020.

1. Malware

Malware has long posed a serious threat to organizations due to the variety of methods in which it can be distributed onto critical networks. While you used to be able to protect against malware with a simple firewall, in recent years, cybercriminals have modified their attack strategies so they remain undetected when infiltrating networks. Unfortunately, this is only going to get worse throughout 2020 with hazardous malware becoming easier than ever to obtain.

This trend can be attributed to the growth of the Malware-as-a-Service (MaaS) model. MaaS allows cybercriminals to rent malware on a subscription basis, significantly lowering the bar for launching sophisticated attacks. Additionally, the cloud-based nature of MaaS kits allows developers to constantly update their malware with fresh exploits and modified evasion techniques.

Fileless malware attacks are yet another threat that organizations need to be aware of. What makes this exploit particularly dangerous is the fact that it does not leverage traditional executable files when carrying out attacks. Instead, adversaries exploit vulnerabilities in a desktop’s core operating system. All actions appear as though they are legitimate processes, allowing threat actors to avoid detection from security tools.

2. DDoS

A Distributed Denial-of-Service (DDoS) attack works by disrupting normal traffic flow to a specific server on a site, causing an overflow of data and rendering it inoperable. DDoS attacks typically begin with cybercriminals using malware to take control of a variety of online machines, creating a botnet. From there, the attacker uses their botnet to submit requests to a target server until capacity is reached and a denial-of-service occurs. At this point, the organization that has been compromised will usually have to pay a ransom fee to restore their site.

As businesses increasingly adopt IoT devices, the risk of being targeted in a DDoS attack is greater than ever before. These devices tend to lack any real security protocols, making them vulnerable to being hacked into and used as a bot. The introduction of 5G will only make this worse as botnets will not need to harness as many mobile or IoT devices to launch an attack. As this threat continues to grow in complexity, having a strong cybersecurity posture will be essential for organizations to stay protected.

3. Zero-day exploits

Zero-day exploits are one of the most dangerous cybersecurity threats because they target unknown vulnerabilities in systems. Generally, there is no way to protect against them until they have been discovered. Once a Zero-day exploit has been identified, a software patch should be administered to fix the vulnerability. However, patch management is not always effective and typically requires that all systems be patched before the threat is mitigated. This poses a significant risk to larger organizations, as even one unpatched machine can lead to an entire network being breached.

Employee training is a necessity when working to lower the risk that these threats pose. Cybercriminals will distribute Zero-day exploits over the web or through email, so teaching employees basic cybersecurity best practices is essential.

4. Social engineering

Where traditional cybersecurity attacks focus on exploiting system vulnerabilities, social engineering attacks instead rely on human manipulation to gain access to valuable information. Some of the most common social engineering attack techniques include:

Phishing

Phishing occurs when an attacker disguises malicious emails as legitimate conversations to trick employees into downloading malware or sharing sensitive information. These emails will appear to come from a trusted source, such as a company official so that employees will open the message and follow the instructions within.

In the past year, phishing kits and Phishing-as-a-Service (PaaS) have grown in popularity, making this a major threat to organizations in 2020. As with Zero-day exploits, employee training is key to protecting against phishing attacks. Teaching employees how to identify fraudulent emails will not only protect your business from an attack but will also keep them safe from targeted phishing scams.

Pretexting

Pretexting is a highly targeted form of social engineering that involves an extended dialogue between an insider and a cybercriminal posing as a vendor. Pretexters will communicate with employees until they have built enough trust to obtain personal and financial information. Similar to phishing, protecting against this threat requires that employees avoid any suspicious emails and take extra steps to verify the identity of the vendors they are talking to.

Watering hole attacks

A watering hole attack occurs when a cybercriminal injects malicious code onto a public website to steal personal information. Threat actors will monitor the web activity of upper-level executives’ to identify the sites that they visit most often. From there, an exploit code is written and uploaded. This form of attack is often coupled with Zero-day exploits, making it very hard to protect against. The success rate of watering hole attacks made it become a go-to attack method for cybercriminals in 2019, and this trend is expected to continue in 2020.

How SecurityScorecard can keep you protected

When working to secure your organization from external threats, having visibility across your network ecosystem is crucial. Visibility allows you to better identify and manage potential threat activity, ensuring that you are able to protect against future attacks. The same can be said about businesses that work with third-party vendors as the security protocols they have in place often directly impact overall organizational success.

SecurityScorecard’s Security Ratings provide you with the tools and intelligence you need to continuously monitor your organization’s cyberhealth. Our letter grade system allows organizations to instantly evaluate the performance of their cybersecurity programs across ten groups of risk factors. This increased visibility helps businesses prioritize vulnerabilities based on their severity, resulting in quicker remediation of risk. You can also assess the strength of your third-party vendor’s security and equip them with actionable intelligence should they need to improve.

With new cyberthreats introduced every day, having the ability to quickly identify and mitigate cyber risk is vital. Employing Security Ratings, can proactively manage the threats that face your business keeping you and your customers secure.

Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube