Cyber security threats can sneak in anywhere!
Whether it comes from China, Russia, North Korea, Iran or even the United States cyber security threats are relentless and their numbers are on the rise. They are masters of disguise and manipulation and they are constantly evolving, (one could say mutating) to find new ways to harm, harass and steal.
Many cyber security vendors promise full protection against these threats but that is just not the case. They don't protect against all threats simply because they can't. The truth is that it's not possible to block all malware 100% of the time. Defensiveness is just not enough because new threats keep cropping up and go undetected, at least at first. And sometimes people just “click before they think”.
Types of cyber security threats:
- Viruses are computer programs written to alter the way a computer operates without the users' knowledge or permission. Technically it must replicate and execute itself to be classified as a virus and this process usually causes damage to your computer.
- Worms which are closely related to viruses are a standalone computer program which replicates itself and spreads to other computers. While it may not damage or corrupt existing files like a virus at the very least it consumes the computer and network resources.
- Trojans are a type of malware that is disguised as legitimate software. They are often employed by cyber thieves and hackers to gain access to a system. Users are often coerced by some form of social engineering into downloading and executing this malware on their computer.
- Spyware is a program that monitors your online activity or installs programs without your consent to capture personal information. Many online services, retailers and financial institutions also collect this information. But since this is done with your permission, (read the fine print in the “Terms and Conditions” section) it isn't considered spyware. However the information often ends up going to the same nefarious souls. Either because the organization(s) that you trusted gave your information to them for money, political gain or because their security was so lax that the hackers just broke in and took it.
- Phishing is one of the most successful methods for cyber criminals to gain access to a computer. By masquerading as a legitimate business or trustworthy person phishers can steal sensitive financial or personal information through fraudulent emails or instant messages. While antivirus products with identity theft protection can be “taught” to recognize phishing threats one of the most common giveaways it bad grammar. If the message really did come from a major institution it will have been checked by marketing, financial, legal and management departments and they will have corrected any errors. Conversely the hacker from some third world country probably doesn't count English as a primary language and is likely to make mistakes with a complex language such as modern English.
- Hackers and other predatory types are programmers who are engaged in this activity for their own gain. Breaking into computer systems to steal, change or destroy information as a means of cyber terrorism or to demand a ransom. Their goal is to compromise credit card information, lock you out of your data and steal your identity.
The “Attack Cycle”
How the threat propagates through the system. A cyber attack consists of four main stages
- Delivery of the malware into your system, having evading the antivirus and your ever watchful eye.
- Pre- Execution where the malware is just waiting for the green light.
- Runtime as the malware attempts to execute. This is the last chance for the protection to wake up.
- Post damage and remediation. Hopefully you have backups.
The best case is to stop the threat at stage one. Running an antivirus scan might stop it at stage two. The ability to block malware execution in real time and repair the damage is only about 85% effective even with the best antivirus solutions.
Prevention and Protection strategies:
We'll start with the obvious but often overlooked prevention methods. The first is to keep your software up-to-date! Both the operating system and your antivirus program need to be current. So run your updates!
Change the password. Do not depend on the default password because thousands of people all know what that password is. Many companies ship hardware with a unique password assigned to each unit so that every router in that series doesn't have the same common password. Complex passwords are really no better than an equally long password that you can remember. A pass phrase is an even better idea and using a two factor identification is great if available.
If you store large amounts of customer data then encryption is a very important safety measure. If some hacker does break into your system at least the data isn't just sitting there in plain text. Try to put as many roadblocks in the cyber criminal's path as possible.
Firewalls are another important defense. Not just the software firewall that is built into most modern operating systems but a separate piece of hardware that is dedicated to filtering out threats.
An antivirus program running on your computer us a good start and for an alert individual on their home computer that may be enough. But for a business we need to be more proactive. New threats appear constantly and it just isn't possible to keep the antivirus program current. It would have to constantly be updating.
The ability to check every incoming message and attachments along with every download and compare them to a current list of threats requires access to a cloud based database of threats that is updated constantly. If a suspicious item is detected it is sent to a detection center where it can be checked before it is delivered to the Inbox.
A virtual computer called a “sandbox” is created just to run the suspicious item and see if it generates any malicious activity. If no malicious activity is detected the message is sent on to the user. If malicious activity is detected it will be deleted before it can be delivered and a notice is sent to the user. The identity of the newly found malware will be added to the database almost instantly. The virtual computer is simply shut down killing the malware, emptying the sandbox and the host computer system is not affected.
Doing all of this in real time, (or at least very close to real time) requires some advanced artificial intelligence plus the co-ordination of hardware, software, network configuration and the cloud based cyber security service.
It is rumored that the next feature update, (1903) of Windows 10 will include a sandbox feature. That's great for those of us who actually know how to utilize this feature and assuming that we really do use it. But can you really check every attachment and download manually?
Make security a part of your culture:
One of the most effective things you can do to keep your company safe from cyber attacks is to foster a culture that's focused on security.
Employees are often the place where security threats infiltrate an organization. Remember don't open messages from unknown senders. Hover over links to make sure they go where they claim to go. Beware of file sharing websites and don't download anything from them. Stay away from porn sites because they are just spyware central.
We're all human. We make mistakes. Employees will sometimes choose an insecure password or fall prey to a phishing scam via email or the phone.
The best way to prevent these sorts of issues is by properly training all employees in good cyber security practices and building those practices into the company culture. Encourage employees to do the right thing with passwords and other sensitive information and be aware of simple threats like phishing or malware.
It is not a question of if you will suffer a cyber attack, the question is when. And then how do you recover afterwards? How long will it take? How much will it cost and how much business will you lose as a result?
Worst case scenario is you have to format the drives and start over from a blank machine. Reloading the operating system, subsequent updates, necessary office software and related updates and then restoring the data from backups of even hard copies.
I sure hope you have backups! People often forget about running a backup until they need a backup and then it's too late. Frequent readers of this newsletter know that I preach the gospel of backing up data. Companies have gone out of business after a serious cyber attack because they were not properly prepared beforehand. And causing such mayhem and destruction is often one of the goals of these attackers. Don't let them win by not being prepared.