Cybersecurity: five mistakes, which help hackers, compromise companies.
At the end of the year, it is customary to sum up, so today we will tell you about the mistakes that companies make when countering cyber threats.
In total, our report contains a description of the five most common errors encountered by our forensic specialists this year when investigating cyber incidents.
Not a serious attitude to cyber threats
Most companies are still not serious about their cyber security. Everyone has heard about hackers, that they steal personal data and money, but very few realize that the theft of money and intellectual property will affect the very company where a person works or which he owns. In the ranking of the most dangerous technological threats, cyber threads are in the sixth place out of ten, which also does not allow business owners to assess threats from cyber threads adequately.
Offenses in off-line murder, robbery, etc., cause violent emotions in us. But few people know that a single crime in real life accounts for several thousand crimes in the virtual world. The criminals (not only hackers, but also fraudsters, people with an unstable psyche, etc.) have entered a virtual world in which it is easier for them to preserve anonymity and in which it is easier to commit various types of cybercrime.
Lack of knowledge
In order to build protection against cyber threads properly, you need to understand what types of attacks are used by hackers, what programs they use, what places are the weakest in the company’s virtual security system. There are many consultants who are able to say clever words about cybersecurity, but cannot answer when asked how a particular attack is implemented by hackers.
Many banks still use e-tokens to identify users and DPL systems for data leaks protection. However, as practice has shown, these are completely inadequate measures. As a rule, the price paid for such a cybersecurity policy is millions of dollars stolen by hackers. Large companies should use the Threat Intelligence teams in order to defend themselves not only from those cyber threads that exist, but also from those that are still being developed by hackers.
Wrong risk assessment
Business owners often say: “We are protected from cyber threads. Our computers have not been compromised for many years. ” However, this is an illusion. Investigating cyber incidents, forensic specialists note that companies’ computers were compromised by several hacker groups operating independently. How often does this happen? Practically always.
Until May 2017, it was believed that ransomware attacks were used only to compromise computers of individual citizens. However, this attack vector changed when the world was attacked by WannaCry. Everyone understood that company computers could also be compromised by this type of virus. In 2018, ransomware attacks on computers of companies became one of the main vectors of hacker attacks.
As we know, companies spend a lot of money on protection against cyber-attacks. But, people who are engaged in building a “protective perimeter” do not always have information about current types of cyber-attacks. Money is being wasted. While investigating another incident, we may often hear: “We didn’t even think that hackers could use such an attack vector.”
Most company owners are hoping for antivirus protection. However, our practical experience shows that the protection of computers of companies with antivirus does not prevent the commission of hacker attacks. As a rule, when investigating another incident, we see anti-viruses installed on computers with up-to-date databases. However, hackers manage to overcome this protection and steal money and intellectual property.
Hackers become faster and less noticeable – they use ready-made software modules that, are collected as a constructor for the specific attack, automate processes, use fileless malware, which practically do not leave artefacts in the file system compromised computer.
The weak point of cyber security is people as usual. Someone does work remotely from home, someone hires freelancers. One of the vectors of attacks in 2018 was the penetration into computers of companies and banks through computers of people who interact with computer networks of companies remotely. As a rule, such computers are least protected and it is easier to get into the company’s computer network through them.
Insufficient staff training
Hackers use social engineering methods to force a user, an employee of a company (even trained in information security), to open an infected attachment in an email or to go to the site from which the malicious code will be downloaded. As a rule, the consequences of these actions are compromised computers of the company, disrupted business processes, money stolen from the company (or losses incurred by the company as a result of downtime until the system administrators eliminate the effects of cyber-attacks), reputational losses.
If you protect your company from cyber threats, we advise you to start by examining the cyber threats relevant to your business, pay attention to staff training constantly, conduct a compromise assessment with the aim of early detection of compromised computers and other devices on the company’s network regularly.