The 5 Cyber Threats You Should Worry About For Your Business
Your best overall protection is a fully developed and implemented security program. Security isn't a product or something you buy, it's what you do every day.
September 10, 2018 at 08:00 AM
7 minute read
In today's increasingly digital world, the primary threats that aim to disrupt your business and the business of your client's can come from a variety of sources and malicious applications. Below are the five biggest cyber threats I've identified from my work on RelativityOne that could impact your business along with how you can protect yourself from each.
1. Phishing
Phishing is arguably the most important threat vector to worry about. Your people are already inside your perimeter, behind your firewall and have access to your resources and protected assets. This is why phishing attacks are the way most malware gets into organizations—download because an internal user clicked on a link or attachment in a phishing email. Wombat Security has said that 76 percent of businesses have been a victim of a phishing attack within the last year and SANS Institute reported that 95 percent of all attacks on enterprise networks are the result of successful spear phishing.
Training on how to detect a phishing email remains the best defense but it isn't a one-and-done approach, training needs to be repeated multiple times per year, and it is recommended that you phish your own people at regular intervals to spot check and provide constructive feedback. Verizon has reported that 30 percent of phishing messages get opened by targeted users and 12 percent of those users click the malicious attachment or link. Sophisticated phishing attacks are designed to look real—that's why people are fooled into clicking with devastating results.
2. Crypto Currency Mining
Crypto currency mining malware has become a hot topic in 2018. Criminals have found the way to immediately profit from criminal activity without having to sell information or extort the money—just use up your resources to mine it. The top three cryptocurrencies, by market capitalization, are Bitcoin (BTC) trading at over $7,000 USD each, Ethereum (ETH) trading at almost $300 USD each, and Ripple (XRP) trading at $0.34 USD each. Why Ripple? Because it's being used as a real-time gross settlement system enabling near instant and direct transfer of money between two parties.
One might think that one of these would be the most mined crypto currencies, but in fact it is number 11 on the list—Monero (XMR) trading at just over $100 USD each. The reason is the computation power required to mine for the coin and the value obtained vs. the work performed. A higher return on mining effort is available from Monero than other cryptocurrencies. Malware is the delivery tool, often through phishing, to drop the payload of a Monero miner on victim computers. Whether in the cloud or on-prem, once the miner software is loaded it begins to work on finding coins for the attacker and depositing them into their collection pools and wallets. The more of your computers they can infect, the bigger the payday. It's a direct payout for the attackers who have to do nothing further.
The concerns are that you are losing resources that you can't use for the reason you purchased them—serving web pages, developing software, etc.—enabling your business. Even more insidious is that you now have software under the control of attackers on your network. They can add additional malware, like ransomware, Trojans, RATs, or anything they like really, at any time. The solution is the same for any malware, a defense-in-depth strategy to find and eliminate threats at as many levels in your architecture as possible. Firewalls at the perimeter all the way down to host-based AV and EDR solution on the endpoint.
3. Ransomware
Ransomware is malicious software (malware) that infects your machine and begins by quietly encrypting files. Once it has done its work, it presents you with a ransom note that to see your files again, you're going to have to pay. The price is always in a cryptocurrency, usually Bitcoin (BTC) per machine to decrypt your files. The attackers are willing to decrypt a few files for free in most cases, to prove they can, and have even taken to negotiating with companies who try to lower the extortion payment.
Paying that ransom is the wrong move unless you have no other option available. You're directly funding the crime and the criminals if you pay, which will only encourage them to continue doing it. Further, you're now in the list of people who pay when extorted, so you can almost guarantee to pay again in the future. The solution to ransomware is a well-defined and executed disaster recovery/backup and restore program. You should be backing up your assets at regular intervals and frequently testing restore and recoverability. If you can restore your organization from backup, why pay a ransom?
4. Nation State/APT Actors
Nation state Actors, also known as advanced persistent threat (APT) actors, are a concern of larger organizations. Primarily the reasons a nation-state would target your organization are to steal intellectual property, influence political decisions, or to cause damage, physical or monetary. These are often the “unknown unknowns” of threats. There are things you know, things you know you don't know, and this other category: what you don't know that you don't know. These scare people more than anything else—and really they shouldn't be at the very top of your list if you're doing security the right way.
Honestly, a persistent actor who goes after something relentlessly will eventually get it. They're trying to do it quietly and covertly, but if that fails, a smash and grab will work just as well. Implementing a security program with a defense-in-depth strategy is your best defense. Hunting teams have uncovering unknown unknowns as part of their charter. No one can be the “abnormality” on your network and be completely silent. It is your diligence that will let you find these threats sooner, minimize losses, and may even help you avoid the loss altogether.
5. Insider Threat
The final category in the top five cyber threats list is the insider threat. These generically come in two flavors: the unintentional and the intentional. Most of your security policy and program focuses around prevention of unintentional losses from your employees. It's the intentional criminal you have to hunt down. Why do your employees become an intentional threat actor? Many do it to steal property or information for personal gain or to benefit another organization or country. Most of the reported cases of insider threat (>80%) to date have been done during working hours, with the activity planned beforehand, and financial gain as the motive. Revenge and having real financial difficulties have not shown to be a majority of the reasons in insider threat cases to date.
This is the hardest type of attacker to find. It requires forensic examination of your network and assets to uncover. There are many things you can do to lessen the impact of an insider threat. Physical security of employee devices can help mitigate losses in cases of insider threat; a well-implemented asset management solution can prevent lost or stolen devices from giving attackers valuable information. Connection to insecure networks, particularly unsecured wireless networks, is another preventative measure to help loss from unintentional insider threats. Your best overall protection is still a fully developed and implemented security program. Remember, security isn't a product or something you buy, it's what you do every day.
Darian Lewis is the Lead Threat Intelligence Analyst in Relativity's security group, Calder7. In his role, Darian leads a team in charge of assessing and responding to threats that could impact the security of Relativity's SaaS product, RelativityOne.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
- 1For Safer Traffic Stops, Replace Paper Documents With ‘Contactless’ Tech
- 2As Second Trump Administration Approaches, Businesses Brace for Sweeping Changes to Immigration Policy
- 3General Warrants and ESI
- 4GC Pleads Guilty to Embezzling $7.4 Million From 3 Banks
- 5Authenticating Electronic Signatures
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250