A commodities trading company, ED&F Man Holdings, recognized it needed to boost its cybersecurity protections. To improve its systems, ED&F went for Cognito, an AI-based threat prevention tool made by cybersecurity company Vectra.
Cognito takes metadata about how a network runs and then uses it to derive security insights. Combined with a machine learning system, the metadata helps identify and prioritize threats. As a result, ED&F was able to:
- Prevent man-in-the-middle attacks
- Stop a crypto mining scheme from taking advantage of its system
- Find command-and-control malware that had been hidden in the company’s network for years
Why It’s Important to Take Action: Cybercriminals Are on the Attack
Cybercriminals go after big targets—and often without fear. A telephone and internet service provider, Ukraine’s Ukrtelecom suffered operational disruptions because of a surgical attack in late March 2022. It was part of a much larger campaign apparently launched by Russian attackers. According to the New York Times, the attack rendered the company’s telecommunications services inoperable for “several hours,” resulting in “an ongoing and intensifying nation-scale disruption to service.”
Ukrainian officials said the incursion was an attempt by Russians to cut off communications between Ukraine’s armed forces. The goal, according to them, was so they couldn’t get in touch with their troops and mount defensive maneuvers against the Russian attackers.
These kinds of attacks are often designed to impact a large number of people, particularly by taking down key elements of a country’s infrastructure. In this way, hackers have a far-reaching impact on both conflicts and general geopolitical tensions.
What Are Cyber Threats?
According to the National Institute of Standards and Technology (NIST), a cyber threat is any event or circumstance that can potentially impact organizational operations and assets, individuals, and a country through unauthorized access of a computer system, “destruction, disclosure, modification of information, and/or denial of service.” In contrast, a cyberattack is an attempt by a malicious actor to infiltrate a network.
Typically, cyber threats refer to dangers that confront a system through the internet, but they also include a mixture of malicious software, attackers, and attack methods.
An organization’s threat level largely depends on the vulnerabilities of its systems. In the vast majority of cases, a company’s assets determine the kinds of threats it is likely to face. These can range from proprietary data to user credentials and payment information. To minimize an organization’s vulnerability to cyber threats, a common first step is to assess the assets that may interest attackers and the systems they are likely to leverage to paralyze operations.
Different Types of Cyber Threats
While there are many different types of cyber threats, some of the most common include:
- Malware: Malicious software meant to damage a system or reveal information to a hacker
- Ransomware: A type of malware used to take over a system and then demand a ransom payment to give control back to the victim
- Spam and phishing: Spam refers to unwanted emails, which often include malware, while phishing involves attempts to trick people into disclosing sensitive information
- Distributed denial-of-service (DDoS) attacks: A type of attack designed to overwhelm a system with many illegitimate requests over a short period of time, rendering it unable to serve legitimate customers
- Corporate account takeover (CATO): With CATO, the attacker uses stolen login credentials to access accounts, change settings, or steal money or information
5 Steps to Safeguard Your Company Against Cyber Threats
Every company, regardless of the industry in which they operate, must follow these five steps to protect their infrastructure, data, and users:
- Encrypt and back up your data
- Implement hardware security
- Encourage a security-centered work culture
- Use firewalls and anti-malware software
- Get cyber insurance
Encrypt and Back Up Your Data
Data encryption can be a powerful way to dissuade attackers from going after your information. When data is encrypted, an attacker isn’t able to read it without the decryption key, which is kept safe within the overall encryption system. Even if a hacker successfully intercepts data, it would be useless to them if they’re unable to decrypt it.
By backing up data, you give yourself a redundant data system that you can use in case your primary system gets infiltrated. This is especially helpful during a ransomware attack. If you have mission-critical data backed up, you can simply spin these up during a ransomware attack to avoid having to pay attackers.
Also, with your data backed up, you have the freedom to erase hard drives that may contain malware. Although this may take a little bit of time, it’s often quicker than trying to systematically locate and remove malicious software.
Implement Hardware Security
Hardware security differs from software security in that it lives on a physical device. A single physical unit typically comes with several security functions, such as firewall and antivirus protection. You also have the option to position hardware security to protect some of your network or your entire environment.
For example, you can use a single next-generation firewall (NGFW) to monitor all internet communications going in and out of your network. You can also install hardware security in a way that protects a specific segment, such as a single building on a hospital’s campus.
Encourage a Security-Centered Work Culture
Although employees can elevate the risk of cyber threats because of human error, they can also be a powerful weapon against attackers, especially if they’re security-aware. By educating employees on the kinds of threats your organization may face as well as what to do in the event of an attack, you are cultivating in each one the knowledge they need to join the fight against digital terrorists.
Specifically, each employee should know:
- What a phishing email looks like
- What to do if they get a phishing email and which department to contact for help
- How to recognize malware both within websites and emails
- What a fake website looks like, particularly one designed to steal sensitive information
- Whom to talk to if they have a question or if they’ve made a mistake
Use Firewalls and Anti-Malware Software
With firewalls and anti-malware software, an organization can block a wide variety of common cyber attack vectors. A firewall can filter traffic coming into and exiting your network, as well as detect unnecessary traffic that can be used in an attack. A firewall can also prevent employees from visiting dangerous websites by limiting their internet usage to select whitelisted sites.
Anti-malware software automatically identifies and mitigates viruses, worms, and other malware before they damage your system. It’s often best to use a combination of firewall and anti-malware solutions, as well as making sure that you have people engaging in things like proactive threat hunting, for the most comprehensive protection.
Get Cyber Insurance
Regardless of the effectiveness of your cybersecurity tools, there’s always a chance that an attacker will get through. This is why it’s necessary to have cyber insurance. With the right insurance policy, you can get the financial support you need to recover from an attack.
What You Should Know About Ransomware and Settlements
According to a report by FortiGuard Labs, ransomware is “one of the most concerning” attack methods on the landscape right now because it’s been steadily on the rise. Ransomware takes control of your system and then demands payment, promising to allow you access again.
Attackers are often looking for a quick payout so they can make a profit and move on to the next target. To avoid falling prey to these types of attacks, ensure your employees know how prevalent ransomware is and the hefty cyberattack settlements criminals often demand.
In addition to keeping employees informed, use resources like Cisco Umbrella to protect your organization’s systems. These block requests from malicious sites, making it harder for ransomware to get into your network.
It’s also important to know how ransomware works. For instance, even if a cybercriminal promises to give you control of your system again after you’ve made a payment, there’s no guarantee they’ll do so. Once they receive the payment, they can simply disappear with your money.
Another way to get the upper hand on ransomware is to understand the different types. As outlined by cybersecurity company Forcepoint, there are three main ransomware attack vectors:
- Scareware: This threatens users by making them think something bad will happen in the future if they don’t comply with a request
- Lockers: This lock or block off your screen, telling you it won’t be unblocked until you pay a ransom
- Crypto-ransomware: This encrypts your files, enabling attackers to force you to pay to get a key to unlock your system
Defend Against Cyber Threats and Attacks Today
By encrypting and backing up your data, using hardware security, installing firewalls and anti-malware, encouraging a security-centered work culture, and getting cyber insurance, you can more effectively protect your organization from cyber threats. In this way, instead of constantly mitigating cyberattacks, you can focus on growing your business.