IT security is a big business. It’s no wonder why; cyber-crime is on the rise. There are more than a million new threats reported every day. In addition, there has been a general increase in malicious attacks that are capable of surmounting traditional IT security defenses. What’s more, with the expansion of cloud based services, remote working, and BYOD (Bring Your Own Device) policies, there’s an even wider surface area that must be protected.

Many successful, high profile attacks and data breaches are indicative of security weaknesses. There isn’t a business on this planet that can’t afford to be vigilant at all times. In addition to internal resources, IT security departments have access to a range of Security-As-A-Service (SECaaS) providers and professional cyber security experts. These services and experts can offer comprehensive penetration testing, ethical hacking, and fully Managed Detection & Response (MDR) services. All of which contribute to a robust defense against persistent IT threats.

Protecting your networks and systems is a core concern for us all – but what cyber threats are we dealing with?

  1. Malware

Compromising user privacy, theft, and destruction of personal data are the ultimate aims of malware such as: Viruses, Trojans, Worms, Spyware, Adware and Ransomware. There are various ways in which malicious code can find its way into IT systems. Often, opening an innocent looking email attachment or downloading a file from the internet is all it takes for security to be breached. Bogus advertisements and fake webpages are another way in. Attacks can spread very quickly if detection isn’t rapid enough.

Strategies to protect your IT system from malware attack include:

  • Installing strong security software, including: anti-virus, anti-spyware, anti-spam, and anti-phishing technologies, and keeping them updated updated
  • Being careful when opening attachments and peer-to-peer file sharing
  • Verifying that websites are legitimate before visiting
  • Keeping your browser software and operating system up to date
  • Backing up files regularly
  1. Password Attacks

It is an unfortunate fact that most chosen passwords are too weak and can be cracked in a matter of seconds. The typical method used by hackers to gain access is called ‘brute force’. Hackers will incessantly pound the account with literally thousands of common word/number combinations until the correct password is found.

There are many powerful strategies to strengthen passwords, including:

  • Using unique passwords for each account with no password sharing
  • Creating passwords using 12+ characters as well as a mix of numbers, letters (upper and lower case), and special characters
  • Avoiding obvious words/phrases and personal information
  • Changing passwords at least every 3 months
  • Using two factor authentication
  • Avoiding the use of your browser’s auto-fill function for passwords
  1. Social Engineering

These are scams that trick you into clicking on infected links or divulging sensitive information voluntarily in the false belief that it is safe to do so. They generally appear perfectly legitimate and, indeed, trusted at first glance.

Social engineering includes: email phishing attacks, phone phishing, text phishing, and highly personalized spear phishing to obtain personal information. It also includes water holing, pretexting, and a host of similar methods.

Guarding against social engineering attacks is difficult because it is the user who makes the decision to release the information. Protection therefore centers around raising awareness, education, and regular training updates.

Be very aware of the amount and type of personal information you divulge in the public domain, including social media accounts and public profiles. Always double check whether the person asking actually needs to know the information they’re asking for and err on the side of caution. Question everything and don’t be pressured into giving out information if you’re not comfortable – don’t override your gut feeling.

  1. Denial-of-Service Attacks (DoS)

DoS attacks rely on flooding the IT network with excessive data volumes and bogus requests until the service ceases to function. While a DoS attack is conducted from a single internet connection, a Distributed Denial-of-Service Attack (DDoS) is launched from multiple connected devices, and is even harder to deflect.

A successful DoS attack is a highly noticeable event, making it a popular choice for hacktivists, cyber vandals, or extortionists. Assaults can last for days, weeks, or even months and have the ability to not only seriously inconvenience the target business or organisation, but to inflict long-term and even terminal damage.

  1. Man-in-the-Middle (MITM)

A MITM attack is usually a type of eavesdropping in which the online information exchange is controlled by the attacker, who impersonates the endpoints. This gives the intruder the ability to capture and manipulate sensitive information in real-time, such as, for example, bank account details.

Close monitoring, authentication, and tamper detection are the main methods of protecting against MITM attacks.

Share:

subscriber