Common Cyber Security Threats for Businesses
There have been many other threats, mitigation techniques and awareness mechanisms available when it comes to Information Security of an organization but this attempt is to discuss about most likely cyber security threats that affect organization’s businesses monetarily or reputation and any business owner or management body should be aware of to take appropriate measures.
1. Web App Attacks
Web App attacks are the most common type of data breach. In these type of attacks, attacker exploit weaknesses in the Web application. Application vulnerabilities could provide the means for malicious end users to breach a system’s protection mechanisms typically to take advantage or gain access to private information or system resources.
Information gathered can include Intellectual Properties of organizations, Personal Identifiable Information (PII) of their employees or customers. Another popular target for attackers is credit card data which left unprotected and unencrypted can be used to cause significant damage to organizations most valued assets and their customers.
Common type of these attacks include:
SQL Injections – an attacker can craft a string using specific Structured Query Language (SQL) commands which can open up the database.
Cross Site Scripting (XSS) – XSS is a style of attack where the front of the website acts as a launching point for attacks on other users visiting the website.
URL Interpretation – By manipulating certain parts of a URL, a hacker can get a web server to deliver web pages he is not supposed to have access to
Buffer Overflow – A buffer overflow attack can occur when a user inputs more data in a buffer than it can handle
Zero day vulnerability – Most vulnerabilities found in the proprietary code of Web applications are unknown to security defense systems; these are called zero-day vulnerabilities. This is because these vulnerabilities are specific to each application and have never been known before.
The best defense against these attacks is to develop secure applications, Keep the patches up to date, and securely configure applications and servers on which application is hosted. Keep patches up to date on third party components if used any.
2. Denial of Service Attacks
It is an attack that lead to organization’s “consumer-facing” websites to be effectively shut down.
DoS attacks are a class of attacks initiated by individual or group of individuals exploiting aspects of the Internet Protocol to deny other users from legitimate access to systems and information.
Motive is achieved by attacker through following aspects:
Destruction – Attacks which destroy the ability of the device to function, such as deleting or changing configuration information or power interruptions.
Resource consumption – Attacks which degrade the ability of the device to function, such as opening many simultaneous connections to the single device.
Bandwidth consumption – Attacks which attempt to overwhelm the bandwidth capacity of the network device.
Distributed Denial of Services (DDoS)- Another variant of DoS attack. It is a combination of DoS attacks staged or carried out in concert from various hosts to penalize the target host from further serving its function.
Typical type of these attacks include:
SMURF attack – is an attack in which a system is flooded with spoofed ping messages. This creates high computer network traffic on the victim’s network, which often renders it unresponsive.
SYN flood attack – an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
Ping of Death – caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol.
Teardrop attacks – involves sending fragmented packets to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.
Deploy High redundancy and high availability network design.
Perimeter Defense – is one level of defending your network from attacks and it works wonderfully to protect as a firewall from external attacks
Hardening configurations of intermediate network devices and hosts
Defense In-depth – Deploy several layers of security to protect your network and its data
3. Company Employees and Assets
Insider and Privilege Misuse –Malicious misuse of company resources by individuals working inside company is a very real and ongoing threat. Such breaches can be very difficult to prevent, since the majority of insider misuse happens while performing their normal duties. Employees guilty of such acts involving insider and privilege misuse are motivated by financial or personal gain and could be anyone from lower designate employee or end users to C-suite execs.
Physical Theft and Loss – The theft of physical devices that store, process, or transmit information remains a very high risk for businesses. This is especially true in light of corporate assets such as smartphones and laptops that are stolen from corporate offices, personal vehicles or residences. Employee carelessness and human nature as the root causes of device loss.
Companies should back up their data at regular intervals
Encrypt data on all movable devices
Improve IT monitoring capabilities to identify insider precursors and behavior;
Raising awareness in employee communities about insider threats
Design IT and policies to deter staff from committing insider acts
4. Point-of-Sale (POS) Intrusions
There have been large-scale thefts of payment card information as the result of intrusions against point-of-sale systems (smart cash registers). Point-of-sale attacks present a growing threat for Small and Medium businesses like restaurants, hotels, grocery stores etc.
Steps involved in this type of attack is compromise the POS device, install malware on POS node to collect magnetic strip data in process, retrieve the data and use it for financial gain.
Skimmers are physical devices that are attached to the POS system. Malicious software collects cardholder data in its raw form from the back end rather than using physical means.
Secure remote access capabilities – Avoid remote-access products and services such as PCAnywhere, GoToMyPC, Microsoft RDP etc. for managing POS nodes
Use an effective anti-virus product – Anti-virus products are still effective in identifying popular keystroke logging tools, such as Perfect Keylogger. Configure it to receive automatic updates, and run automatic scans.
Restrict point-of-sale nodes to specific business use – Point-of-sale system operators should forbid employees from using point-of-sale system terminals and back-of-house servers for other Internet activities such as visiting Web sites, checking e-mail, etc.
Operate point-of-sale system nodes with least privileges – Operations of point-of-sale terminals and back-of-house servers should use minimal privileges, i.e. non-administrative accounts.
Harden the operating system of point-of-sale system nodes.
- Measuring SOC effectiveness – An Integrated SOC
- Organizations need to get ready with Digital Forensic: Part 2
- Organizations need to get ready with Digital Forensic : Part 1
- Digital Incidents Paradigm: Beyond Conventional Cyber Crimes
- Digital India – Early Adoption of Cyber Security Framework is Necessary