Beginner’s Guide to Cyber Security
The threat is real. The growing media hype surrounding Cyber Security hacks is not unfounded, the number and regularity of security breaches is increasing year on year with 90% of large organisations in the UK and 74% of SME’s, according to the 2015 Information Security Breaches Survey, reporting some form of security breach. Unfortunately, the statistics demonstrate that the threat is not dissipating and companies are at risk on a daily basis with un-targeted and targeted attacks meaning anyone can become a victim.
- £1.46m – £3.14m - average cost of a cyber-attack to a large organisation
- £75k - £311k - average cost of a cyber-attack to an SME
- 14 - The median number of breaches suffered by large organisations in a year
- 4 - The median number of breaches suffered by SME’s
Source: Information Security Breaches Survey 2015, PWC
The technicality and complexity of cyber security often means that improper measures of security are put in place. This guide aims to provide a greater understanding into the types of cyber security threats present to organisations, an understanding of the key areas of vulnerability in the organisation and a recommendations of what solutions to implement to help reduce the chances of a breach.
2.0 How do Cyber Security Attacks Occur?
3.0 Types of Cyber Security Attack
3.1.1 Types of Phishing Attack
3.2.1 Types of Malware
4.0 How to Protect yourself from Cyber Security Threats
Cyber security is in essence the practices, processes & technologies that are designed to protect data, networks, data, software, programs and computers from breaches, attacks, damage and access by unauthorized users.
How do Cyber Security Attacks Occur?
In order to gain access to systems, networks and devices cyber attackers exploit vulnerabilities in a company’s security armoury. There are three common types of vulnerability as defined by the UK Government (2015) that a company can be exposed to:
- Flaws in software, network and device design – these are unintentional errors in design that are exploited by attackers. Ensure that proper patch management is in place so that you proactively update software and applications. Updates are brought out to counter the influence of hackers within the system.
- Features – Features are elements of software that are intended to enhance user experience but can be manipulated by attackers to breach a system
- User error – Regardless of how well designed security systems and policies that are in place within a company all of these can easily be undone due to user error. User error is still a critical flaw in any cyber security system which is why policies and training must be in place to ensure that employees are aware of, can identify and know how to respond to the presence of a cyber attack.
- User error related security breaches continue to rise:
75% of large organisations suffered user error related breach in last year – up 58% from last year
31% of small organisations suffered user error related breach in last year – up 22% from last year
Types of Cyber Security Attack
In order to make the right decision on the proper protection your business needs then you must have a key understanding of the threats out there on the market as each threat has unique properties. In this section of the guide, we will give you a greater understanding of the most common cyber security threats putting you at risk:
Phishing is one of the most common weapons at a cyber attackers arsenal. Phishing is an un-targeted tactic and is the process of tricking a victim (whether an organisation’s staff or customers) into imparting confidential information such as passwords and account details to a third party via email, websites and instant messaging that masquerades as a trusted entity. Phishing attacks commonly rely on social engineering to be successful manipulating people into actions rather than hacking the system.
The lure is most typically sent via email and a modern day phishing attack can target large-scale email addresses around the world that are obtained through security faults in retail websites. There are a multitude of attack tactics used by phishers ranging from man-in-the-middle attacks and key loggers, to complete re-creation of a corporate website, these attempts are often very sophisticated which means customers can easily be fooled into submitting personal, financial and password data.
Phishing emails can also contain attachments or links within the message that install malware, spyware or Trojans on the user’s device, which collect a user’s credentials locally, and are transmitted to the phisher.
Types of Phishing Attack
There are a considerable number of variations of phishing attack which are utilised by cybercriminals, the following are a sample of the types of tactics utilised by attackers:
- Email Phishing – Is the mass distribution of messages which contain requests for users’ to disclose some form of confidential information including verifying account information or updating payment details.
- Spear Phishing - Spear phishing is a targeted form of phishing which takes the principles of phishing sending emails masquerading as a legitimate entity but are targeted to specific users or organisations.
- Man in the middle phishing (MITM) – This form of phishing technique is where attackers position themselves in between the end user and a legitimate organisation to record the confidential information being passed through. MITM can be one of the most difficult forms of phishing attack to detect as victims transactions/interactions with the organisation are still submitted.
- Keyloggers and Screenloggers – Utilise forms of malware that monitor and feedback keyboard input in order to fraudulently gain access to passwords and other confidential information.
- Pharming – Also known as ‘phishing without a lure’ is a practice whereby malicious code is installed on a user’s server which directs users to fraudulent websites without their knowledge. This can be done by corrupting a user’s host file which will take a user to the corrupted website even if they type in the correct web address. A particularly sinister version of pharming is known as DNS (Domain Name System) poisoning where users are directed to fraudulent websites without the need for corruption of the personal host file.
- Malware Phishing – Is the process of download malware on a users’ device either through an attachment in an email, a downloadable web file or exploiting software vulnerabilities.
Malware is a term that encapsulates all types of software that are created with the capabilities of corrupting and damaging a computer, network or device with malicious intent. As an umbrella term malware contains a swathe of dangerous software that you can potentially be at risk to. At its core, malware is designed to go undetected, hiding not only users but detection mechanisms as well.
Incidents involving malware cyber attacks continue to plague both large and small organisations in 2015 with nearly three-quarters of large organisations subject to malware targeting and three-fifths of SME’s which was a 36% increase in the number of attacks on small businesses on the previous years’ figures.
Types of Malware
Here we will explore some of the different types of malware present in the cyber security environment:
- Viruses – A virus is a form of malware that replicates itself inside a users system to the point where it can corrupt the system of destroy data.
- Worms – Like a virus, worms are a self-replicating computer program that penetrate a users’ operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email.
- Trojan Horses – A Trojan horse is a destructive form of malware that masquerades itself as a useful application performing one or more destructive tasks once activated, such as stealing identity or financial data.
- Rootkits – A rootkit is a software or group of software that is designed to mask the fact that your operating system has been corrupted. They enable malware such as worms and viruses to infect your system by cloaking them as useful files to your antivirus software. They are extremely difficult to detect due to the fact they corrupt your system before it starts.
- Backdoors or Trapdoors - A hidden bypass to a program's security area, a backdoor or trapdoor may be created by a programmer to expedite troubleshooting or for some other innocuous purpose. But once discovered, the technique may be used by an attacker to damage, destroy or steal data.
- Spyware – Is a form of malware that is installed on to a users’ computer aimed to capture confidential information such as passwords, banking and credit card details. Spyware is another form of malware hidden from the user in order to garner valuable data.
- Botnets – Botnets are a network series of private, internet connected devices that are infected with malware and controlled without a users’ knowledge. These devices are then controlled to distribute phishing attacks, send spam and undertake DDoS attacks.
- Distributed Denial of Service (DDoS) – A DDoS is a form of attack whereby a target network, server or website is overloaded due to a number of devices (usually malware infected) being made to hit those areas.
- Ransomware – Is a type of malware that encrypts files and blocks elements of your PC or network with a threat to pay money, complete surveys, or perform other actions those capabilities are released.
- Advanced Persistent Threat (APT) – Are covert attacks used with the purpose of stealing data from a network or organisation. APTs are an attack to the network which give an unauthorized person access to the network where they can stay undetected for a long period of time.
How to Protect yourself from Cyber Security Threats
Now that you have an understanding of what cyber security attacks are and the types of tactics that are used to exploit people and organisations, the key question is how do you protect yourself? What is evidenced from the growing trend of attacks is that businesses can no longer take a back foot or take the stance that it won’t be them to be affected, they must invest in proper protection and processes to keep their confidential data and assets secure.
We will explore the basic measures that you should implement to secure your business but if you are suffering from more sophisticated and targeted attacks, consulting with a data security specialist is advised.
- Establish Network Perimeter Defences – This is your first line of defence for protecting your business from external threats. Our recommended solution includes the implementation of Firewalls and Internet Gateways.
- Purchase Malware Protection – This should include client anti-virus. Client anti-virus and malware is in some ways the last line of defence for your business against a cyber security breach.
- Ensure Continuous and Rigorous Patch Management- this should be for all devices not just windows or client devices, but also all network devices.
- Secure Configuration – networks and devices that use the default standard configuration are often easy prey for hackers. Ensure that you change default passwords, remove unnecessary user accounts and disable unapproved default connections on desktop PCs and laptops as a starting point. Limiting data permissions is also a good tactic that will limit the extent of damage meaning that only a subset of data is affected.
- Undertake User Training & Education – As mentioned previously in the guide, user error is one of the key reasons why networks are breached. As a result, User education needs to be top of the list and implementing internal (HR) policies and procedures is one of the best defences.
- Security Monitoring
- Undertake a Security Risk Assessment
- Have a Breach response policy in place and use penetration testing with 3rd party testing to verify your secure configuration
- Physical building security and visitor protocols – This one may not seem a key means of protecting yourself but cyber security attackers can use social engineering tactics to manipulate staff and get around secure network access.
- Move scanning to the cloud (email in particular) – if it is scanned on premise, it’s already in your network.