The risk and severity of cyber-attacks have clearly grown over the past few years. A host of new and evolving cybersecurity threats has the information security industry on high alert. Ever-more sophisticated cyberattacks involving malware, phishing, machine learning and artificial intelligence, cryptocurrency and more have placed the data and assets of corporations, governments and individuals at constant risk.
The industry continues to suffer from a severe shortage of cybersecurity professionals and experts warn that the stakes are higher than ever, as the cybercrime epidemic even risks shaking public faith in such cherished ideals as democracy, capitalism and personal privacy.
Every other day we read news related to cybersecurity threats like ransomware, phishing, or IoT-based attacks. However, 2021 comes with a whole new level of cybersecurity threats that businesses need to be aware of. In fact, a report by Threat Horizon reveals that in the coming years, organizations will face cyber threats under different themes. SmartStateIndia discussed with eminent cybersecurity experts on this subjects.
Mr. Kartik Shahani, Country Manager, Tenable India
Securing India’s remote workforce from common cyberthreats
Organisations across the world have either temporarily or permanently adopted a remote-work model to minimise disruption to business over the last year. As part of this effort, technology and agility underpinned many quick pivots in strategy and services, leaving security as an after-thought. As employees merge personal technology with work devices, security teams continue to grapple with managing this expanded attack surface that is distributed beyond the confines of the enterprise network.
Cybercriminals recognise this challenge and are ready to pounce on any vulnerabilities to exploit them and the distributed remote-work model that the majority of us are operating in presents the perfect opportunity for increased cyberattacks and fraud. A commissioned study conducted by Forrester Consulting, on behalf of Tenable, showed that an incredible 97% of organisations in India have experienced one or more business-impacting cyberattacks in the last 12 months.
This makes it even more imperative for security teams to understand the more common threats in distributed remote-work environments to better secure their organisations. Analysis from Tenable’s 2020 Threat Landscape Retrospective reveals noteworthy vulnerabilities, trends in ransomware and breaches, brought on by the COVID-19 pandemic.
Ransomware attacks: Ransomware remains the most disruptive cyber threat globally. The same Forrester study also showed that 33% of Indian companies witnessed ransomware attacks in 2020. A new array of extortion tactics, such as operating leak websites to name and shame victims, are proving to be lucrative for attacker groups looking to secure ransom demands. This threat affects virtually every industry and stems from a variety of root causes all of which security teams must account for in their defender strategy.
Attacks on VPN: Virtual Private Networks (VPNs) typically provide remote employees with a way to send encrypted messages to corporate networks. However, cybercriminals have found a way to exploit vulnerabilities created by increased use of VPNs and the elimination of in-person verification to invade corporate networks. Unpatched vulnerabilities reinforced by easy access to publicly available Proof of Concepts and exploit scripts make it easier for attackers to breach organisations.
Attacks on Remote Desktop Protocol (RDP): The rush to remote work meant organisations had to lean heavily on RDP, a proprietary Windows protocol used to remotely access Windows servers and workstations to perform day-to-day tasks. According to Shodan, a search engine for internet-connected devices, there are over four and a half million internet-facing systems with the Remote Desktop TCP port 3389 open. RDP also remains one of the most popular attack vectors for ransomware groups such as Sodinokibi, Maze and Phobos according to a report from Coveware. For ransomware groups, there are a few different ways to breach RDP systems. The primary method is through brute-force where several different username and password combinations, including commonly used credentials, are used to gain access into the system.
Unpatched vulnerabilities remain attractive
As you can see from the above, unpatched vulnerabilities remain a problem for organisations. This low-hanging fruit is favoured by nation-state actors and run-of-the-mill cybercriminals alike. While zero-day vulnerabilities are often leveraged as part of targeted attacks, unpatched vulnerabilities are targeted en masse, posing a much greater threat. If the software solutions used by organisations are no longer receiving security updates, upgrading to one with an active support contract is vital. Organisations must identify assets within their environments that are vulnerable to months- and years-old flaws and apply relevant patches immediately because there’s more to be lost than gained after a cyberattack occurs.
Mr. Nishant Rathi, Founder & CEO, NeoSOFT Technologies
Understanding and overcoming cybersecurity threats
The one thing that 2020 made extremely clear to us is the necessity for technology solutions to be flexible. Experts and business leaders had previously been talking about migrating to the cloud and undergoing digital transformation. However, for most companies, the shift was abrupt and done practically overnight to facilitate remote working and collaboration in response to the global lockdown.
2020 was no doubt the year that propelled the IT sector to new heights. But it is equally true that this year was also the one that witnessed the highest number of security breaches and phishing attacks. According to cybersecurity experts, the rate of ransomware attacks rose to 800% during the pandemic. 80% of the surveyed experts observed that the attacks got more sophisticated and smarter. With the majority working from home, the in-house infrastructure not being patched or secured – makes them further vulnerable and prone to cyber-attacks.
One of the most rampant trends seen is pandemic-related phishing. Unassuming people are coaxed into clicking links or downloading attachments that promise information on the latest developments or news – pandemic-related updates, drug or vaccine announcements, etc. in this case – or into giving up sensitive information. Another worrisome trend is the ransomware attacks that gained notability in 2017, which experts speculate might make a comeback in 2021 given their high profitability to the attackers.
Another trend that is on the rise is the DDoS (Distributed Denial of Service) attacks where a high volume of traffic slows the server down bringing a business to halt. Some hackers utilize the trend of file-less attacks which are launched by clicking malicious links.
Zero-day exploits, which were first heard of in 2014, exploit loopholes in a software program to infect products and the devices those products get to run on. 5G-enabled swarm attacks, named such for its ability to attack multiple devices at the same time, and social media spoofing are also seen commonly deployed.
What we’ve seen so far is only a preview of the kind of malice that is yet to come. The nature of these attacks is such that there is no stopping them – which leaves only one way forward for most businesses and enterprises if they wish to remain untainted by such breaches – prevention.
The first step as an organization would be to identify and shortlist your cybersecurity requirements – especially so if you are someone that deals with sensitive and personal information of your clients. In which case, you are subjected to certain stringent and specific cybersecurity standards. All businesses, no matter their size, must have adequate corporate-grade firewalls in place as per the organization’s requirements. It is equally important that the organization educates and informs its employees of security best practices such as not opening suspicious emails and links, not installing unknown or fishy software and programs, staying alert against phishing attempts, and staying on guard against and fraudulent emails that they might have received.
The next step in cybersecurity is obviously harnessing AI and ML to systematically help in outsmarting the attackers. Measures that hold the most promise are next-generation identity/access management, smart messaging security and network security, automating security orchestration, and extending security to trusted third-parties/partners whose data breaches could affect your own security.
Mr. Brijesh Miglani, Team Lead – Sales Engineering at Forcepoint
As much of the world continues working from home, company data, networks and employees stay vulnerable to multiple pervasive and expanding threats. Sophisticated cyber criminals have shown they know their way in and out of almost every environment that exists and have devised complex schemes that keep CISOs and CIOs up at night. Business leaders must now look at cybersecurity from a fresh perspective. One that combines infrastructure security , data and behaviour level protection while ensuring users are able to be effective while protected.
Ransomware Attacks: Ransomware, or cyber exortion, is an ongoing and continuously evolving threat for organizations of any size or scale. This business model can only be successful if there are enough meaningful targets who are actually willing to pay the ransom. Unfortunately, recent history shows that to be the case. Paying the ransom does nothing but validate the investment into these attacks by cybercriminals. Even if online publication is avoided, there is no guarantee that stolen data won’t be silently offered to private buyers. By paying up, victims are continuing to feed the beast.
Rather than simply hoping for the best, or paying any ransom after the event, organizations need to plan and prepare for a future in which ransomware is a real and prevalent threat. Defenses can be put up against ransomware. A multi-layered, cloud-enabled SASE-based solution can protect data against these attacks. While improved solutions will mean increased investment into cybersecurity, it is far better to spend money on your own systems, rather than handing it straight to criminals.
Data Breaches: India is following an aggressive digitization agenda. How do you then protect data breaches from happening in a system that is accessed by hundreds of thousands of people? By 2022, 1.87 billion mobile workers around the globe will represent 42.5 percent of the global workforce. With company data being distributed across so many devices and touchpoints now, enforcing consistent data security policies no matter where people are working has never been more crucial.
To reduce the risk of data breaches, organizations should take measures and follow certain best practices to keep their data safe. Establish document security policy and guidelines for employees to follow. This makes it easier for people to identify sensitive data and handle it properly, so that accidents that can lead to leaks and data privacy compliance violations are less likely to happen. More often than not, it is the irregularities that cause data to get compromised as users may not immediately recognize the dangers that exist when accessing and sharing data remotely. Organizations should therefore establish a remote work security policy and regularly backup employee devices. Wherever possible, make sure all business data and documents are on company-controlled cloud storage. Use cloud-based collaboration systems to centralize communication. Last but not the least, use Data Loss Prevention (DLP) solutions to replace broad, sweeping rules with individualized, adaptive data security policies that don’t slow down the employees and drive productivity.
Insider Threats: Security breaches that emerge from inside the organization are everywhere. Over the past several years, organizations have experienced a startling increase in data exfiltration attempts made by insider users, compromised and malicious, rather than outsiders breaking into the organization. According to Gartner, nearly 75% of data breaches happen due to risky insider behavior or as a result of compromised access.
As a result of the pandemic leading to mass digital transformation around the world, today’s enterprise networks have evolved into highly distributed environments, with remote work complicating security challenges even further. Insider threat technologies therefore need input signals from user activity from all sources, network activity, application activity and endpoint activity, to understand the user’s baseline and build risk profiles.
Modern cybersecurity technologies to manage insider threats integrate new capabilities such as SASE, Zero Trust, and UAM (user activity monitoring), coupled with advanced analytic capabilities. Organisations need to understand the motive behind insider threat behaviors and come up with a strategic plan to detect employee/user activities. Employee-training programs will also help organisations defend against insider risk and strengthen controls used to protect critical assets.
Mr. Sonit Jain, CEO of GajShield Infotech
The 6 biggest cyber security threats and how to protect yourself from them
Data breaches have been on the rise. Even Indian companies were not immune to it. BigBasket had user data of more than 2 crore been breached. Last year was a tough year for security professionals. They were pushed to adopt WFH even when they were not prepared with a comprehensive data security policy.
Clearly there lies a gap between what is being done and what should be done. Though security tools and architectures have improved, yet they have not been able to keep pace with newer security threats, leaving enterprises, open to attacks by threat actors. While everyone is working towards improving their security poster, what is missing is contextual visibility and awareness of threat surface.
Here are the six biggest cyber security threats faced by enterprises and what could they do to better protect them against such threats.
Ransomwares are the biggest threat to enterprise data. Attackers have found ways to evade sandboxes and breach security walls of enterprises. The regular techniques of detecting such malwares are failing and requires a new and comprehensive way to identify them. Enterprises should keep a track of their data security threat posture and at ways to improve data security health. Not only it is important to identify vulnerable security points, but also users who are the weakest link in your defence. Threat visibility can give enterprise a deep insight into such data and arm them with intelligence to prevent vulnerable users from being attacked. Over and above, companies should also ensure that regular backups of critical data is taken and that all systems are patched against latest vulnerabilities. User training also will play a key role in prevention against such malware attacks. Security solutions which provide visibility and protection using multi-layered security framework will play an important step in securing against such attack.
2. Blind to data flows can lead to major data breaches
Visibility over data is of utmost importance for monitoring and governance. Complete data visibility allows you to get complete knowledge of what is being downloaded, uploaded, or transmitted over your organization network. You will have complete control over your data.
Contextual data leak prevention firewalls and complete visibility are often interconnected. A firewall backed up by a contextual intelligence engine generates deeper visibility by identifying context around data points. This combination of context-based data leak prevention and complete visibility allows users to create custom cybersecurity policies based on their needs. For instance, you can restrict specific keywords in ‘from,’ ’to,’ ‘subject,’ and ‘email content’ of an email. Monitoring all of these elements ensures that the leaders and employers know the state of their cybersecurity at all times. Network visibility ensures that cybersecurity personnel can identify abnormal behaviors that may indicate potential cyber threats, even if their firewall system fails to recognize them. This capability can be especially useful in mitigating the impact of zero-day attacks.
3. With growing networks come growing vulnerabilities
As businesses scale up, it naturally incorporates an increasing number of devices, people, and possibly even other smaller businesses into its core enterprise architecture. This means the addition of new points of entry for external threats in the form of unprotected devices, endpoints, and applications. For instance, a business based in Mumbai may expand and incorporate a manufacturing facility located in another city, say, Bangalore, which may not have full-time access to the enterprise’s cybersecurity personnel. Under such circumstances, if an external agent attacks the Bangalore-based manufacturing facility, the head office in Mumbai may not realize this even if they have a security system in place. Additionally, the sheer number of devices and applications, and the volume of information that needs to be monitored makes it a daunting task for even a team of multiple cybersecurity experts.
However, a security solution that offers network visibility can ensure that the cybersecurity personnel located in the head office, no matter how far away, can monitor the network in real time and spot anomalies. It constantly can monitor the enterprise network, regardless of how large and complex it might be. The network visibility tool can provide the cybersecurity team with a dashboard that points out any abnormal activity and provides detailed reports regarding the same. This enables the cybersecurity team to take appropriate responsive actions and keep their IT assets safe from external cyber attacks.
4. Not all threats come from the outside
While it is important to protect your data and your organizational network from external attacks, it is equally important to realize that enterprises can face threats from the inside as well. Among the biggest threats to businesses is a data breach. Loss of critical business data can lead to many negative consequences for enterprises. For instance, losing financial data or data pertaining to plans and predictions can lead to an enterprise potentially losing its competitive edge in the market. Losing personal information, such as employee or customer data, can land enterprises in legal trouble. To add to it, data breaches also throw a business’s trustworthiness and reliability into question, leading to reputational loss. And the most dangerous data leaks often happen due to internal employees rather than external attackers. This may be in the form of unintentional negligence or intentional plans. For instance, disgruntled employees may leak sensitive information in a bid to lead the organization into chaos. Or well-meaning employees can accidentally share critical information outside the organization. And most enterprises don’t have the means to detect such cases, let alone stop them.
It is crucial to deploy a next-generation security solution having built-in contextual data visibility to ensure comprehensive data and network security. These solutions, while preventing internally-initiated data leaks as well as external cyber attacks, also give businesses unprecedented levels of insight into and control over their networks and data. And as enterprises attempt to navigate the modern business landscape in the face of toughening competition as well as tightening regulations, such solutions are no longer an option but an absolute necessity.
5. New technology landscape (WFH) lead to newer security challenges
With the recent COVID-19 Pandemic, most employees are working remotely. They are using individual network connections and handle business data for business operation continuity. These home networks may be highly unsecured and are susceptible to hacking. Employees might also take this WFH opportunity for accessing unauthorized sites or files as they might feel that they can’t be monitored outside the enterprise’s network allowing threats to enter the enterprise via this route.
Enterprise should implement security solutions which are independent of the perimeter security and applies security to the data itself. Enterprises should be able to monitor their data threat plane, which can monitor every activity of the employee and be inform of all the threats coming from this vector. They can see the applications used, files transferred, and other activities of these WFH employees. Such solution can also allow to implement enterprise’s data security initiatives on these remote users, mitigating the risk of data threats to enterprises by restricting unwanted access malicious applications and websites and monitoring their activities while protecting them from external threats.
6. Increasing threats when enterprise adopt multi cloud platforms
Applications deployed across multi-cloud platforms increases the number of vulnerability points. Hence, it is important for businesses to enhance multi-cloud data security.
Visibility of data is a must to embrace optimal security in multi-cloud environments. A multi-cloud environment requires transmission of data packets across the organizational and cloud network. A contextual data leak prevention solution helps you monitor and secure data that is in motion on your network by creating a context around the data packet and analyse it. Applications deployed across multiple cloud platforms makes it challenging for cybersecurity team to monitor every application simultaneously. A central management system can help in this place. A central management system allows cybersecurity team to control and manage all applications across all the cloud deployments.
Mr. Agnidipta Sarkar- Director Cybersecurity at CMS IT Services
Identity is the new Perimeter-Cyber Security Redefined in 2020
“ We live in a world that is infested with uncertainties. We have just gone over the Coronavirus peak and vaccines are beginning to be available and now we have mutations that some of the vaccines cannot protect against. Similar is the world of cybersecurity.
Cyberinfrastructure today is no longer the castled enterprise of pre-2020, where a firewall and some other technologies protected the enterprise from the constant barrage of attacks happening in the big bad world called the internet.
More and more enterprise users are connecting from outside the castle, seeking to access applications that are inside, while more and more internal users are seeking access to applications hosted outside. Scarier than that, enterprises are being forced to allow unsupervised access to unverified and uncontrolled devices simply to ensure that businesses survive the onslaught of the coronavirus. 2020 was a year that kept cybersecurity practitioners busy across the world. Here are the top 3 reasons why.
2020 was the year of the endpoints. As COVID19 pushed people to work remotely, attackers shifted focus and attacked the systems that end-users and endpoints would use to connect to the enterprise from the outside, using VPN and other mechanisms. Much of these attacks happened through malware using phishing as a transport vehicle, and many succeeded. 2020 proved that Identity will now be the new perimeter, as attackers forged newer methods to bypass enterprise defenses to gain access.
2020 also saw increased Ransomware attacks, with newer and more dangerous players entering the market, which not only focus upon the encryption and the ransom demand but steal information before they “lock it up”. 2021 will continue to see a growth in such attacks and in the evolution of ransomware too.
Supply Chain attacks came to the fore in 2020. The uniqueness of the attacks was that once the attackers are in, the breach starts to look very traditional in the sense that they settle in, sit there for a while, scan the network, move laterally in that environment, and hunt for privileged access. For instance, an attack on these lines involved hackers compromising the infrastructure of SolarWinds, a company that produces a network and applications monitoring platform called Orion, and then using that access to produce and distribute infected updates to the software’s users. This kind of attack is new and is not going away. Enterprises are slowly discovering this over time. We believe there is more here, and more are coming.
Beating perpetrators require cybersecurity practitioners to put their heads down and be very diligent when it comes to managing business changes. And then there is AI. Perpetrators are using malicious AI and machine learning to supercharge their weaponry, creating stealthier, faster, and more effective attacks. The world is not ready for AI yet. We are still struggling with automation. And this means that the cyber defense programs we use must be able to detect and respond quickly, with or without AI, and be able to deter, delay, deceive and defend against sophisticated attacks whenever we face change. The Defensible Cybersecurity Model is one such framework that helps enterprises to practice the best practices that come out of international standards like the NIST Cybersecurity Framework, ISO27001, and the Cyber-Kill-Chain while remaining agile to the requirements of the business. The ability of the Defensible Cybersecurity Model to detect and respond to newer threats faster is due to the following best practices
Focus upon lateral movement. Almost all of today’s attacks focus on the success of lateral movement after the initial access. While it is absolutely imperative to follow the cyber kill chain model to put in tactics and techniques to detect and defeat lateral movement, we believe deception technology is evolving to help enterprises address this. The future belongs to Managed Deception as a Service.
Now that everyone is shoring up anti-phishing capabilities on corporate email, the attacks are moving to free email. It is not uncommon that someone gets phished on their personal email and the impact happens on the corporate IT environment. The world will now move to build Zero Trust into their enterprise access. The future belongs to Identity Aware Edge, whether the Edge is SASE or CASB or a Next-Gen Firewall.
Concentrate on automated response. The world is slowly waking up to XDR or eXtended Detection and Response. According to analyst firm Gartner, XDR is “a SaaS-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.” A natural extension to EDR, XDR natively evaluates changes in behaviour across endpoints, network, and servers, looks up global threat intelligence and identifies “indicators of attack” and “indicators of compromise” to take corrective response automatically.
Defensible Cybersecurity helps enterprises with technology optimization, improved protection, detection, and response capabilities, and thus improved productivity of security teams along with a lower total cost of ownership for effective detection and response of security threats.
Mr. Shibu Paul, Vice President-International Sales, Array Networks
“Indian tech industry is stepping into a new decade and looks forward to an unprecedented change in the IT world. The primary topic and concern of 2021 is cybersecurity, the evidence of this statement is IDC expecting security spending to reach $174.7bn in 2024 with a compound annual growth rate (CAGR) of 8.1% over the 2020-2024 forecast period. 2020 taught every company in every sector how far behind they were in terms of cybersecurity measure. Threat actors became more active in targeting companies, the C-suite and even individuals during the pandemic, thanks to remote working being initiated without retooling the operations. In 2021, the attacks are only going to be more sophisticated than before. Denial of service (DoS), IP hijacking and phishing have been the main three attack categories used by the threat actors in 2020. Web attacks and phishing according to me are the biggest cyber threats. Many people fall prey to phishing attacks. According to the estimate of Phish 2020 report, 90% of the organizations surveyed faced spear-phishing attacks in 2019 and the 86% of the same set of respondents reported dealing with business email compromise (BEC) attacks. It’s said that threat actors nowadays more commonly use spear phishing, CEO fraud and impersonation tactics instead of sending malware-laden messages.
But it’s not just the security solutions implemented that is helpful in preventing cybersecurity attacks. Best practices from individuals are also important to keep their data, systems and their organization’s data safe from threat actors. So what are the best practices?
1. Use strong password and authentication
2. Avoid pop-ups, unknown emails and links
3. Avoid entering sensitive information in the pop-ups
4. Don’t click on hyperlinks in emails
5. Connect only to secure WiFi
6. Verify HTTPS
7. Use strong anti-virus, anti-spam and anti-spy software
8. Use a strong and reliable firewall
9. Educate users and train them on right cyber uses
10. Update security measures regularly
I believe Artificial intelligence and machine learning will help in creating robust cybersecurity. IoT and topics such as data science will help in aiding the cybersecurity technologies to overcome any new threats posed by threat actors. Risk-based and predictive vulnerability management will gain popularity in the enterprise segment. Enterprises are looking to embrace hyper-converged infrastructures as a go-to technology platform to address security and productivity concerns. We believe that hyper-converged systems will help enterprises achieve digital transformation all the while addressing the concerns of operational costs and enhanced customer experience to stay ahead of the competition.”
Mr. Gurpreet Singh, Managing Director, Arrow PC Network (Dell Technologies Titanium Partners)
“Threat actors across the world have had a cakewalk in targeting organizations especially since the pandemic threw the world off-guard. Companies that have been struggling to keep their operations running and embracing the new reality of WFH have become sitting ducks for the threat actors. In the name of the pandemic, email attacks alone have increased by 667% since February 2020 says a new report. Such attacks have not just let to the compromise of personal data but also sensitive office data. This has led to the strengthening of cybersecurity systems to safeguard sensitive data and protect assets from malicious data breaches. Per recent estimates, cybercrime will probably cost the world a whopping $6 trillion in 2021, making it the third-largest economy. Some of the cyber threats organizations need to be prepared for in 2021 are:
- CAAS: Cybercrime-as-a-Service
- Malware, Ransomware attacks and more
- Threats to cloud data and IoT
- Attack on Simple Network Management Protocol (SNMP)
- Misuse of Artificial Intelligence
As new types of cybersecurity threats emerge so does the technology to counter it. But I believe that the new age of cybersecurity has started its process for some time now and only after the increased threat in the Covid-19 era has it been given more focus. Garter predicts that by 2025, 3/4th of enterprise data i.e. 75 percent of the data will be created and processed at the edge and this number was just 10 percent in 2018. A solution is required to take care of the security from core to edge to the cloud. Yes, there is a lot of innovation happening in the security domain but data no longer resides only in the data center. OEMs are surely redefining security and Data Science, IoT, ML, cloud security, edge-security, zero trust, multi-cloud security, responsible AI and location agnostic seem to be the best way to keep the data safe. To avoid attacks customers need to be educated and informed about the latest threats and the security trends. Biometric security for mobile and personal devices should be considered. Hierarchical cybersecurity policy needs to be implemented. Ensure that the data in the devices are backed-up. Multifactor authentication is a good choice. A few other measures such as these will take the organizations a long way in terms of cybersecurity.”
Mr. Harikrishna Prabhu, COO at TechnoBind
Everything is going to become more reliant than ever on their digital strategy. The world now firmly in the digital age, from the basic needs to the utmost luxuries, our lifestyle is now impacted by the internet. Terminologies including digitization, automation, AI, cloud, social media, blockchain, IoT, and other such disruptive technologies are progressing at an enormous pace, totally exposing the data and other critical resources. New technologies have made a common life simpler and on the other hand these tech developments are like a double-edged sword and come with cyber risks.
We have seen in the past that most of the cyber-attacks are due to human error. With errors such as clicking on malicious links, opening an attachment, typing credentials in the fraudulent page, and using weak passwords. With the growing use of the internet and adopting high end technologies, protecting our important data has become a necessity in our day-to-day life as the hacking community has become more sophisticated, complicated, and complex than ever. As hacking becomes more advanced, the only way to stop it is for Cybersecurity to become superior.
Cybersecurity is an important arena, when the country is moving forward towards a cashless society and digitization. It is equally important for the local, state, and central governments because the use of AI/ML in governance are going to maintain a large volume of confidential data and records related to the country and its citizens.
Cyberattacks have grown at a very high pace as businesses continue to adopt more innovative technologies to streamline operations, their risk of being exposed to a cyberattack is spiralling upward as well. There are a lot of cyber threats happened recently like, Cloud-Based Threats, Phishing Attacks, Deepfake, Malvertising, Ransomware Attack, Social Media-Based Attacks and many more but good cyber hygiene is a general practice that can help us to keep safe and secure online. Practices like installing reputable antivirus and malware software, using network firewalls, updating software regularly, setting up with strong password and multi-factor authentication, etc can keep us from cyber-attack.
Mr. Shomiron Dasgupta, Founder and CEO, DNIF
Cyber-attacks have become very rampant today. While the pandemic exposed the frailty of human existence, it has also unmasked the chinks in enterprise security’s armour. According to a research report by Purplesec, cybercrime is up 600% compared to the pre-pandemic year. Research also pointed out that most companies have unprotected data and poor cybersecurity practices in place, making them vulnerable to data loss. Additionally, the pandemic made popular the remote workforce culture that kept people hooked to their internet-connected devices for far too long with little or no security. Cybercriminals saw this as an opportunity, resulting in a deluge of ransomware attacks, data breaches, and even very sophisticated nation-state sponsored attacks.
To successfully fight against malicious intent, it’s imperative that companies make cybersecurity awareness, prevention, and security best practices a part of their culture.
Different kinds of cyberthreat
Today, cybercriminals use various tools and methods to infiltrate a system and launch an attack, let us explore the most common type of attacks.
Malware is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software and depending on the objective of the attacker, blocks access to key components of the network, installs damaging software obtains information, disrupts certain components, and sometimes renders the system inoperable.
Ransomware is malicious software that encrypts data on a target system and demands a ransom in exchange for restoring access to the encrypted data. The demand depending on the sensitivity of the data, can range from a few 100,000 USD to millions. These attacks range from low-level nuisances to serious incidents such as data lockdown.
Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or install malware on the victim’s machine. They often appear to be every day emails from known and trusted sources and trick users into installing malware on their devices, giving hackers access to their victim’s machine.
Man-in-the-middle attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party information flow. Once the attackers interrupt the traffic, they can filter and steal data. The most common entry point for attackers is through unsecured public Wi-Fi.
Spoofing attack occurs when a malicious party impersonates another device or user on a network to launch attacks against network hosts, steal data, spread malware or bypass access controls.
Endpoint attacks target user systems rather than their servers. These user systems are entry points to the network and include smartphones, computers, laptops and fixed-function devices. Endpoint attacks also affect the shared folders, network-attached storage, and server systems.
Denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfil legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.
SQL injection occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it usually would not. An attacker could carry out a SQL injection by submitting malicious code into a vulnerable website’s search box.
A Replay Attack occurs when a cybercriminal eavesdrops on secure network communication, intercepts it, and then fraudulently delays or resends it to misdirect the receiver into doing what the hacker wants.
Zero-day exploit hits after a network vulnerability is announced, but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time.
Watering hole attack is a targeted attack. It is designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site. The end goal is to infect the user’s computer and gain access to their organization’s network.
DNS poisoning and tunnelling (also known as DNS cache poisoning or DNS spoofing) is a type of attack that uses security gaps in the Domain Name System (DNS) protocol to redirect internet traffic malicious websites.
While cyberwar is an ongoing fight, they can be prevented by being aware of the various protocols, exploits, tools, and resources used by attackers. In addition, knowing where and how to expect attacks ensure you are creating preventative measures to protect your systems. From an organizational standpoint, some of the most common ways to prevent cyberattacks are:
- Developing a robust cybersecurity policy
- Implementing security awareness training for all employees
- Installing spam filters and anti-malware software
- Deploying firewalls and endpoint detection and response system
- Creating an inside team of security analysts to monitor data traffic
- Performing vulnerability assessments and penetration testing of systems regularly
- Implementing a robust SIEM
- Creating a data loss prevention framework
The increasing amount of large-scale, well-publicized cyberattacks only suggests that the number of attacks is increasing, but they are also increasing in severity. Stephane Nappo, of Société Générale International, put it rightly, “The five most efficient cyber defenders are Anticipation, Education, Detection, Reaction, and Resilience. Do remember: “Cybersecurity is much more than an IT topic.”