Davey Winder looks at the three biggest enterprise cyber threats and how to protect against them...
The cyber threatscape is a dynamic and rapid environment where individual threats hit the victim, the headlines and the waste-bin of history in quick succession. Some threats, however, are the hardy perennials of the security world. So how do you deal with those?
Malware is short for malicious software, and long on threat durability. Last year enterprise organisations downloaded a piece of known malware every 81 seconds. Malware itself is constantly mutating, with some reports suggesting as many as 12 million new variants were produced every month last year.
To frame that rate of growth in some contextual perspective, more 'new' malware was seen across the last two years than the entire previous decade in total. Luckily, malware (which includes the ransomware epidemic) is amongst the easier of threats to mitigate as it almost invariably requires action to install.
Phishing, or some form of social engineering, remains the primary attack vector with payload by way of an infected attachment or malicious link. User education by way of awareness training and phishing simulation exercises should be a threat mitigating priority, along with application whitelisting, patch management strategy and a behavioural exploit prevention solution.
Distributed Denial of Service (DDoS)
Although malware remains at the top of hacker tools to disrupt network traffic and take websites down, enterprise-targeted DDoS attacks are hot on the heels of such strikes. In fact, the two often run side-by-side to cause as much disruption as possible to an organisation.
The problem with DDoS attacks is that they cause a huge amount of damage to a business and can bring an entire website down, even if the organisation thinks it has the capacity to deal with a digital battering ram. Consumers are largely kept out of the loop, only experiencing the results of the attack – essentially, not being able to use a website rather than finding themselves directly targeted.
The motivation behind such attacks varies. Sometimes the attacker wants to take a political stand against the business in question, while other criminals might want to cripple the company financially. There's also the possibility of holding the firm to ransom, although it's less common than the other reasons behind DDoS attacks.
Whatever the reason hackers decide to launch a DDoS attack on a company, the overall motivation is to cause business disruption, affect customer churn and increase the cost of operating. Added to that, criminals sometimes use DDoS attacks to take the focus away from another attack on the network, so the onslaught could end up costing more than it originally appeared.
Business can protect against DDoS attacks using layered defences including 'scrubbing' networks, which entails passing it through high-capacity networks using scrubbing filters that clean the traffic, or by using web application firewalls that stop attacks from infiltrating the network.
At number three on our list of cyber threats to the enterprise is something way too many people don't properly understand: shadow IT.
Although the term itself is becoming more commonplace, it tends to be wrongly dismissed as being synonymous with the Bring Your Own Device (BYOD) mobile technology phenomena. The real threat, however, comes to the organisation through rogue services that employees (and management up to and including the C-suite are often amongst them) use to increase productivity but which are completely unauthorised.
By flying under the organisational radar these services, which can range from cloud storage provision through to social media tools, are also off the security map. Securing endpoints that aren't visible to you isn't easy. In fact, it's pretty much impossible to stop all shadow IT use, but you can control and secure it through a mix of education, policy and technology.
Educated staff who are aware of the risks associated with unauthorised service use are more likely to ask for help, especially if policy encourages this rather than brandishing an executioner's axe. The final piece of the puzzle is technology, which can help bring visibility and control back to the organisation. Small steps such as monitoring expenses and implementing authentication through a centralised billing system can have a big visibility reach.