According to the Verizon 2017 Data Breach Investigations Report, 51 percent of breaches included some form of malware. While malware in all of its forms is a pervasive threat, what most businesses should be focusing on is that there are numerous cyber threats that they need to guard against.
Types of IT Security Threats Facing Businesses
Achieving that goal starts with understanding the five most prevalent types of IT security threats your business is facing, how they gain access, and how you can remediate that risk. The threats that can compromise networks and systems are extensive and evolving but currently include:
#1: Malware and Ransomware
Malware and ransomware, which come in several forms, share the characteristic of self-installing on a computer and running in the background without the user’s knowledge. While malware hides and steals valuable information, ransomware locks the user’s machine or encrypts files and then notifies the user with a ransom demand in order to unlock the machine or decrypt the files. Spam—the junk email that clogs inboxes—and phishing emails that masquerade as being from trusted sources are a huge delivery mechanism for ransomware and malware.
A virus program works by replicating and inserting itself into other applications where it can slow computers, destroy data, disable software, and delete files. It can be introduced via an email or file download onto an infected computer or portable storage device and by visiting malicious websites.
Spyware gathers user information and transmits it to an unauthorized third party. Spyware works like other forms of malware in that it takes advantage of software and web browser vulnerabilities. Because it is embedded and undetectable, its host may convince the user that it is a legitimate program, email, or website in order to convince the user to click on a link or download a program to gain access. It can also be downloaded through physical devices, like USB keys.
Spyware is designed to avoid detection but can have symptoms of slowing computer performance, increased pop-ups when browsing, and frequent unexpected rerouting of browsing searches. It is a prevalent network threat that can infect the entire network via one computer and can communicate vital information back to the attacker covertly.
#4: Unpatched Server and Software Vulnerabilities
One of the common ways for many of the previously mentioned types of security threats to gain access is via unpatched server and software—in short, legacy hardware and software where security patches and updates are either missed or beyond end of life. This can manifest in Remote Desktop Protocol attacks or distributed denial-of-service attacks (DDoS) among others.
The biggest threat to businesses in terms of cybersecurity vulnerabilities is data loss, especially where regulatory compliance is concerned, including personal health or financial data loss, which can cripple a business if breached. HIPAA violations can result in fines of millions of dollars due to laptop loss or theft, poor server configuration, or contractor security lapses that expose patient data. The Payment Card Industry Data Security Standard (PCI DSS) governing financial data also brings equally heavy fines for violations of inadequately protecting customer financial data.
The Equifax breach, which has affected 143 million consumers as reported by TechCrunch, is just the latest high-profile unpatched server incident. This shows how a single person not deploying a patch can create untold damage. Security threats often require a human element such as careless or even malicious insiders when access is not carefully monitored and regulated.
#5: Cloud Stack, Shadow IT, and Mobility Vulnerabilities
Use of the cloud in its various forms has introduced new challenges such as the access vulnerabilities of “bring your own device” (BYOD) endpoint devices and operating systems.
In addition, the use of unauthorized software or cloud services by internal business employees (known as “shadow IT”) can introduce additional security vulnerabilities to the business.
Ways to Mitigate the Different Types of Security Threats
The only way for businesses to proactively adapt to constantly evolving threats is through implementation of security tools and utilities that facilitate comprehensive and integrated governance, risk management, and compliance. These tools and utilities include:
Implementing identity and access management (IAM) on all devices, computers, applications, and network access points, as well as web servers or email functionality based on a person’s role. These solutions should incorporate:
- Single sign-on (SSO)
- Multifactor authorization (MFA)
- Federated identity management (FIM)
Continuous monitoring tools, including:
- Asset management software that manages business devices and applications
- Configuration management software that enables system administrators to see what programs are installed and when upgrades might be necessary
- Incident response (IR) programs that automate the detection of breaches with endpoint alerts that enable evaluation of security anomalies across the network
Unified threat management (UTM) solutions can provide a holistic and integrated security and threat management approach via:
- Next-generation firewall features that enable application control across the network
- Intrusion prevention system (IPS) to identify the attacks coming from inside and outside the network
- Anti-spam technologies for threat detection using techniques such as blocking spammed IPs and spammed emails, conducting DNS lookups, IP comparison, etc.
- Anti-virus filter that screens all database files for virus signatures and infected file patterns to protect against malware attacks
- Data loss prevention System (DLP) for prevention of data leaks to and from the organization
- Web security gateway solutions protect web-surfing PCs from infection and enforce company and regulatory policy compliance
- Cloud access service broker (CASB) to secure data in the cloud by enabling centralized control and enforcement of security policies wherever the data is stored, shared, or accessed
Network Segmentation and VPNs
To provide the required infrastructure for supporting today’s applications and technologies on the network and in the cloud, businesses are implementing any-to-any connectivity through IP VPNs and network segmentation that enables better security.
In the age of the cloud, IoT, and workforce mobility, businesses must first assess their systems, develop policies, and implement security services and solution tools that work together. By constantly being vigilant and adapting, businesses can prevent the growing types of security threats that can cripple the business.