According to the Verizon 2017 Data Breach Investigations Report, 51 percent of breaches included some form of malware. While malware in all of its forms is a pervasive threat, what most businesses should be focusing on is that there are numerous cyber threats that they need to guard against.
Achieving that goal starts with understanding the five most prevalent types of IT security threats your business is facing, how they gain access, and how you can remediate that risk. The threats that can compromise networks and systems are extensive and evolving but currently include:
Malware and ransomware, which come in several forms, share the characteristic of self-installing on a computer and running in the background without the user’s knowledge. While malware hides and steals valuable information, ransomware locks the user’s machine or encrypts files and then notifies the user with a ransom demand in order to unlock the machine or decrypt the files. Spam—the junk email that clogs inboxes—and phishing emails that masquerade as being from trusted sources are a huge delivery mechanism for ransomware and malware.
A virus program works by replicating and inserting itself into other applications where it can slow computers, destroy data, disable software, and delete files. It can be introduced via an email or file download onto an infected computer or portable storage device and by visiting malicious websites.
Spyware gathers user information and transmits it to an unauthorized third party. Spyware works like other forms of malware in that it takes advantage of software and web browser vulnerabilities. Because it is embedded and undetectable, its host may convince the user that it is a legitimate program, email, or website in order to convince the user to click on a link or download a program to gain access. It can also be downloaded through physical devices, like USB keys.
Spyware is designed to avoid detection but can have symptoms of slowing computer performance, increased pop-ups when browsing, and frequent unexpected rerouting of browsing searches. It is a prevalent network threat that can infect the entire network via one computer and can communicate vital information back to the attacker covertly.
One of the common ways for many of the previously mentioned types of security threats to gain access is via unpatched server and software—in short, legacy hardware and software where security patches and updates are either missed or beyond end of life. This can manifest in Remote Desktop Protocol attacks or distributed denial-of-service attacks (DDoS) among others.
The biggest threat to businesses in terms of cybersecurity vulnerabilities is data loss, especially where regulatory compliance is concerned, including personal health or financial data loss, which can cripple a business if breached. HIPAA violations can result in fines of millions of dollars due to laptop loss or theft, poor server configuration, or contractor security lapses that expose patient data. The Payment Card Industry Data Security Standard (PCI DSS) governing financial data also brings equally heavy fines for violations of inadequately protecting customer financial data.
The Equifax breach, which has affected 143 million consumers as reported by TechCrunch, is just the latest high-profile unpatched server incident. This shows how a single person not deploying a patch can create untold damage. Security threats often require a human element such as careless or even malicious insiders when access is not carefully monitored and regulated.
Use of the cloud in its various forms has introduced new challenges such as the access vulnerabilities of “bring your own device” (BYOD) endpoint devices and operating systems.
In addition, the use of unauthorized software or cloud services by internal business employees (known as “shadow IT”) can introduce additional security vulnerabilities to the business.
The only way for businesses to proactively adapt to constantly evolving threats is through implementation of security tools and utilities that facilitate comprehensive and integrated governance, risk management, and compliance. These tools and utilities include:
Implementing identity and access management (IAM) on all devices, computers, applications, and network access points, as well as web servers or email functionality based on a person’s role. These solutions should incorporate:
Continuous monitoring tools, including:
Unified threat management (UTM) solutions can provide a holistic and integrated security and threat management approach via:
To provide the required infrastructure for supporting today’s applications and technologies on the network and in the cloud, businesses are implementing any-to-any connectivity through IP VPNs and network segmentation that enables better security.
In the age of the cloud, IoT, and workforce mobility, businesses must first assess their systems, develop policies, and implement security services and solution tools that work together. By constantly being vigilant and adapting, businesses can prevent the growing types of security threats that can cripple the business.