Sunday, November 29, 2015
The security landscape changes at an incredible pace. To keep your secure systems and sensitive data safe and sound, your organisation needs to stay one step ahead of the latest threats and vulnerabilities.
Today, I'm helping you to identify and take action against the 5 most common types of security attack.
1) Malware (17%)
The growing rise of shadow IT has contributed to malware (the unintentional installation of malicious software) leap-frogging all other attack vectors to become the most common security threat faced by organisations.
Many of the most high-profile (and most damaging) attacks rely on social engineering, with attackers using targeted spear-phishing attacks to gain access to secure networks, before installing RAM-scraping malware into card processing systems. The resulting loss of payment information is devastating for the targeted companies, damaging both their finances and reputation.
2) Distributed Denial of Service (17%)
Distributed Denial of Service (DDoS) attacks are used to shut-down an organisation's on-line services, by redirecting huge volumes of traffic (often from compromised computers) to a single website.
In recent years, DDoS attacks have been used as a form of 'ransomware', with attackers using the threat of denial of service to extort money from organisations. In other cases, DDoS attacks are used by hackers to hide serious data breaches, masking the real impact of their actions by forcing web services offline.
3) SQL Injection (8%)
Vulnerabilities in website content management systems (CMS) have proved to be one of the most common vectors for SQL injection, with recent large-scale data breaches resulting from insecurities in popular platforms like Drupal and Joomla!. The problem is worsened by the use of insecure third-party CMS plugins, affording attackers another method of entry into a site's infrastructure.
4) Phishing (5%)
Phishing is a form of social engineering that uses emails, messaging apps, social media, web browsers and even intranet services, to trick end-users into parting with login credentials, and granting access to secure systems.
Hackers can then use these login credentials to install malware and extricate data - often completely unbeknownst to the victim, and the organisation.Phishing is growing in prevalence, for two simple reasons: it's easy to do, and it works.
5) Watering Hole (4%)
Watering hole attacks are designed to target an entire group of people, often those in a single organisation, industry or team. In these attacks, malicious third parties observe their targets, and identify the websites they most regularly use. The websites are then infected with malware, in the hope of infecting one or more of the targets.
These attacks are particularly problematic for organisations. Third-party websites are outside of your control, but by infecting members of your organisation with malware, your secure systems can be compromised, placing your information at risk.
Guarding Against Attacks :
Attackers are using an increasingly diverse range of tools to target organisations and compromise their secure systems. As a result, there's no one-size-fits-all solution to the problem posed by malicious attackers.
However, there's a particular facet of security that most organisations can dramatically (and effectively) improve. While most organisations understand the importance of firewalls, anti-virus and anti-malware software, few understand the crucial role employees play in ensuring security.
Many of these attack vectors only succeed because they target the human element of security. To improve your resilience to some of the most damaging attacks, it's essential to roll-out security awareness training: helping everyone in your organisation understand to identify potential security risks, and understand the course of action required to remediate them.
