Cybersecurity is about protecting resources/devices connected to the internet from digital attacks, data breaches, and identity theft. The cybersecurity landscape has been evolving over the past years, due to the exponential increase in the number of connected devices (Internet of things and mobile workers). Attacks are evolving, with application layer attacks on the rise, and network attacks declining. Some of the current threats include Ransomware (extorting money from users), Malware (gain unauthorized access or cause damage to a computer), Social Engineering, and Phishing.
When Cyber-attacks happen, they always seem so distant, enticing defenders to dismiss these threats as being elsewhere in the world, and their organization is not a target. They fail to recognize the speed and scale at which adversaries are amassing and refining their cyber weaponry. Also, most common vulnerabilities are low severity, which are often left unremedied for years hence are significant security gaps that exist and provide adversaries with pathways into the system.
Over the years, the prevalence of “the mobile worker” has fostered the evolution of VPN and encryption protocols making it possible for data to be transmitted in a manner that cannot be understood by a third party trying to eavesdrop. Nowadays, these encryption protocols are also being used by attackers, making it trickier to detect when malicious information is being transmitted. This becomes a powerful tool to carryout command and control attacks. More so, with the wide adoption of BYOD, and shadow IT there are many legitimate services that can now be used to lunch attacks
Despite the advances in the attack landscape, malicious e-mails and spam remain vital tools for adversaries to distribute malware, because they take threats straight to the endpoint.
For an organization to become more alert and responsive to threats, having an idea of the cost of an attack would be a good starting point. Security breaches cost real economic damage to organizations, which can take months or even sometimes years to resolve. The business functions most commonly affected by breaches are operations, finance, intellectual property, trade secrets and brand reputation. Leaders must clearly define what they are protecting, prioritize the threats they face and proceed to develop a three-phased cyber attack contingency plan as follows;
- How the organization will respond when it detects an attack.
- A technical response with its purpose to repair damaged systems and data, fix the vulnerability that led to the attack and bring systems back online.
- Flush out the causes of the attack and prevent a similar one from recurring.
Industry leaders like John Chambers even state that; “there are two types of companies, those that have been hacked and those who don’t know they have been hacked”. It’s logical that an attack will happen if an attacker has both the ability and incentive to strike at vulnerabilities in a target’s asset.