What Threats are Masquerading in Your Environment this Halloween?
Halloween is almost here – while this weekend will be full of ghosts and ghouls, the threats that may already exist in your IT environment can be even scarier. Here are the top threats that could be lurking in your environment and how to defend against them.
1. Insider Threats
Insider threats can haunt security teams due to their difficulty to detect combined with the damage they can cause. Whether they be disgruntled employees trying to cause harm or well-intentioned employees that simply fell for the latest phishing email, insiders’ access and trusted status make them prime facilitators of data loss incidents, malware infections, and other compromises. Between miscellaneous errors, insider misuse, and physical theft or loss of devices, the 2015 Verizon Data Breach Investigations Report attributes 65.3% of data loss incidents to insiders. When successful, attacks by malicious insiders are highly costly as well. The 2015 Ponemon Cost of Cyber Crime report named attacks by malicious insiders as the most expensive cyber incidents, costing companies an average of $144,542 per year. Protecting against insider threats requires close monitoring of and control over your IT environment and the sensitive data it holds.
2. Trojans and malware
They’re not trick or treating - Trojans and malware remain in disguise constantly, masquerading as legitimate applications or processes to avoid detection while compromising your systems. But while they may appear innocent at a glance, malware behavior is anything but normal. In the age of sophisticated attacks, endless malware variants, and zero-day exploits, simple antivirus and firewalls are no longer enough. Combatting these threats requires a combination of the right tools for both detection of inbound malware as well as behavioral analysis to flag activity from malware that has made it into the corporate IT environment.
3. Phishing emails and other social engineering attacks
Like malware, social engineers are masters of deception. Their choices of costume make them especially tricky, often pretending to be coworkers, bosses, friends, or family members in order to fool victims into sharing sensitive information, installing malware, or granting unauthorized access. Attackers will use social engineering to exploit people, using commonplace tools like email or phones to manipulate unsuspecting victims. Because they target people rather than systems, these attacks are difficult to defend against with software or hardware tools and have high success rates. The best protection against phishing and other social engineering attacks is an educated and security-aware user base, a defense that can only be achieved by instilling a culture of security in the workplace.
4. Unauthorized applications, devices, and cloud usage
Trends like BYOD and rogue cloud usage by employees have turned many corporate networks into Frankensteinian creations of their own. By using unsanctioned devices, applications, or storage repositories, employees can far too easily open additional channels for infection or data exfiltration. However, locking down these channels has proven challenging for security teams. Preventing these kinds of unauthorized activities requires tight control from top to bottom in you IT environment: strict network access controls to lock down use of unapproved mobile devices, whitelisting to block unauthorized application usage, and granular controls over data access and movement to ensure that sensitive data can only be moved to intended, authorized repositories – whether local or cloud-based.
5. Software vulnerabilities and outdated software
Bugs abound when unpatched or legacy software is running in your IT environment – and they’re eating away at your security perimeter. Often ridden with exploitable vulnerabilities, running outdated software only exposes your environment and sensitive data to additional vectors of attack. Patch all software that is used in your organization and enact patch management policies to ensure that it stays current. If end of life is announced for software that you use, develop a plan to retire that software securely. When it comes to vulnerability testing, focus on the OWASP 10 or a similar set of the most critical software vulnerabilities. Finally, implement application control to ensure that only approved software can run in your environment.