While hackers attack, IT departments defend themselves. A constant struggle to keep information secure; attacking and defending, who wins?
Companies have been constantly evolving; calling for adaptation to new digital media to ensure their competence. In previous times companies had preventive measures for attacks by hackers. However with the advance of technology these cyber criminals have reinvented their way of attacking and these attacks are increasing in difficulty. So come with me to discover what are the attacks; what are the most frequent types of attacks, and how we can defend our company from these attacks… attacking and defending, a constant struggle.
Attacking and defending: Attacking.
A cyber attack is a computer-initiated break-in against a website; computer system or individual computer, which threatens both the confidentiality; integrity or availability of the computer and the information stored on it. They are crimes in which the computer system is the target. Cyber attacks consist of computer viruses, denial of service attacks; and vandalism or electronic sabotage. Cyber attacks take many forms; including:
- Obtaining, or attempting to obtain, illegal access to a computer system or its data.
- Installing a virus or malicious code (malware) on a computer system.
- The unauthorized use of a computer system to process or store harmful data.
- Unwanted disruption or denial of service attacks.
- Changes in the characteristics of computer hardware, firmware or software systems without the owner’s knowledge, instruction or consent.
- Inappropriate use of computer systems by employees or former employees.
There are also two forms of attacks which are:
- Passive: consists of a non-invasive attack; but monitors the user’s actions as to what the user can store and transfer, as well as monitoring information that is openly public. Basically its purpose is to obtain enough information to be used in active attacks, therefore; the early detection of this attack can be a warning about upcoming attack.
- Active: this consists of direct attacks that compromise the system’s infrastructure. Their objective is usually sabotage, information theft, espionage; or equipment overtaking.
The most frequent attacks in companies:
- Malware: Malware refers to various forms of malicious software; such as viruses and ransomware. Once it is successfully implanted in the computer; it can cause many problems from “hijacking” the computer, spying on the user’s actions; to silently sharing confidential data with the attacker. This method is one of the most common can be contracted by clicking on an attachment in a malicious email; as it requires the user to perform an action to install the malware. It usually has high success rates among cybercriminals.
- Phishing: Also known as identity theft; this is a form of Internet scam in which attackers try to trick consumers into divulging sensitive personal information. The techniques often involve the use of fraudulent e-mails and websites masquerading as legitimate e-mails and websites. Fraudulent emails can be considered a malicious form of unsolicited bulk email; generally known as “spam”.
- Spam: Consists of repeated sending of emails for advertising or commercial purposes. The problem with these spam emails is that they affect the productivity of companies, and it takes a long time to verify which emails are spam and which ones are not. Spam often contain malware, and they are also used to spread spyware which monitors the actions of company computers.
- Viruses and worms: This types of computer code is released is spread by themselves, and cause havoc to computers. Computer viruses and worms cause billions of dollars in lost business every year.
Attacking and defending: defending and minimizing risks
We’ve seen what the attacks are and what the most frequent ones are, but what can we do to defend ourselves from these attacks? Well, there are many ways to prevent and defend our systems and we will now examine some techniques for both attack prevention and defense:
- Ongoing risk assessment: No two companies are alike. Therefore, each company, depending on its size, its geographical location, its sector of activity, etc. has its own risk profile. Each company must carry out a series of steps required as prerequisites to implement security controls, which include the identification of threats, vulnerability, risks and the design and implementation of security controls that address these risks.
- The health of the IT environment: Companies must ensure that all equipment (hardware and software), including protection software such as antivirus is always updated. In addition, it is essential for companies to ensure that an agreement exists for software supplied by third parties, covering maintenance and update services.
- Authentication: Use multifactor authentication systems. Passwords alone are a little risky, because there are a lot of data breaches that have millions upon millions of usernames and passwords. Many times people use the same password everywhere and attackers are constantly trying to login into accounts online.
- Internal commitment and responsibility: Corporate awareness is essential, considering that vulnerabilities and risks are more frequent than expected, caused by security breaches created (even unintentionally) by the company’s own staff. Therefore, the documentation of processes and controls in effectiveness in a formalized set of policies and procedures, ensuring a clear and concise way of presenting the information, as well as enforcing the awareness and commitment of staff can be useful to improve and maintain information security.
- Antivirus: Antiviruses are essentially programs that detect malware, that is, they scan files and programs before they are executed to prevent damage. It is possible that these are the main source of defense and the most common against attacks and there are all kinds of antivirus, one more common and efficient than others, but it is an indispensable resource.
- Firewall software: These have the objective of carrying out two limitations, first to prevent unwanted connections from the outside to the computer (since they can be attacks) and second to prevent outgoing connections from the computers (they could be computer leaks resulting from malware).
- Data encryption: It is a procedure by which files, or any type of document, are made completely unreadable thanks to an algorithm that scrambles its components. Therefore, anyone who does not have the correct keys will not be able to access the information it contains. This is the encryption of data with which it is guaranteed that nobody reads the information on the way, the sender is who he says he is and the content of the message is not modified.
So, hacking is a constant fight of attacks and defenses against companies, this fight is very constant and it is necessary to win most of the times to avoid losses and damages, that’s why, through this article I could teach you against what you should protect, defend your company and how to do it, to guarantee the victory in these fights against cyber terrorism. Hacker has to find just one exploitable vulnerability, but defender has to find and fix all the vulnerabilities.