To Defend Against Cybercriminals, You Need to Think Like Them. Here is What You Need to Know
January 15, 2021
The global pandemic has seen a massive change in how people work, live, shop and communicate. We have seen businesses completely change how they interact with their customers. Business to consumer organizations have seen the biggest changes, but it has also impacted business to business organizations. Traditional approaches to basic business functions such as sales, marketing, supply chains and customer service need to be reimagined and focused. Many new developments and technologies that have come out of the COVID-19 era will forever change how we do things. These changes have also created a new set of vulnerabilities for cybercriminals to exploit.
Amidst the pandemic, we have seen a dramatic rise in the number of cyberattacks over the last nine months. Based on recent statistics, cyberattacks tripled in the second quarter of 2020 over the first quarter. Losses from cybercrime have increased by 50% over the last 12 months. Cybercriminals have taken this opportunity to become more efficient at their craft by incorporating new technologies such as AI and Analytics and working together.
With cybercrime growing fast, as is the number of businesses experiencing a critical cyber event, I more often hear folks asking, “Are we are losing the war on cybercrime?” This is a good question, and the answer is complex. As an industry, we have made incredible advances in security detection and monitoring technologies, and businesses are purchasing these technologies at a record rate. Unfortunately, people look at security as a technology issue. It is not. Security and the privacy of your critical digital assets are business issues.
Sun Tzu, in his writings, The Art of War, states that in order to be successful, you must (1) Know Yourself; (2) Know Your Enemy and (3) Know the Battlefield.
Knowing Yourself is fairly straightforward – you need to understand your current security program and what threats and vulnerabilities exist.
Knowing Your Battlefield means understanding what you are protecting and the flow of sensitive data as well as access to data, including third-party organizations that share your data.
Knowing Your Enemy is about understanding the cybercriminal, what they are after, how they think, what motivates them and their strategy and approach to attacking your business. This is where most organizations are blind. They do not really understand how these groups think and fail to adjust their strategies to account for this.
If you apply traditional military strategy concepts to information security, most companies have a defensive strategy when it comes to their security infrastructure, building walls around the critical assets. If an overwhelming force is trying to breach the walls, it will eventually overcome the defenses. Suppose this opposing force utilizes additional strategies, such as flanking or feigning (deception). In that case, it can attack known weaknesses in the defenses or even from the inside and will be successful. I will get more into defensive strategies later. Understanding how these groups think is critical in building an effective security strategy.
Type of Cybercriminals
Understanding the enemy is the first tool when defending and fighting against them. Cybercriminals are continually exploring new ways of intrusion, looking for new vulnerabilities to exploit without being detected. In many cases, the organizations being attacked do not notice the intrusion for months or even years. These criminal individuals and groups have more expertise as well as advanced tools and technologies at their disposal.
To start, we must understand the different types of “hackers” and their motivations.
Methods and Targets
Now that we have an understanding of the various types of criminal groups, we need to know what they target and what methods they use to gain access and obtain the targeted information.
Brute Force Hacking – the most common attacks are probing and identifying a vulnerability in external facing systems such as websites or portals. Typically, hackers look for a known vulnerability that hasn’t been addressed or an open port that has not been shut down. Actions resulting from these types of attacks are Malware Injection, SQL Injection Attacks, Cross-site Scripting (XSS), Session Hacking, Man-in-the-Middle Attacks and Credential Reuse. These types of attacks usually happen over months or years, since it may take time to get into the system and then perform detailed reconnaissance to find valuable information without being detected.
Denial of Service Attacks – the main purpose of these attacks is to disrupt operations by overwhelming your external facing infrastructure to a point where one or more of those systems fail and the systems are no longer available. All four of the cybercriminal profiles utilize this type of attack. Typically, we see it happen to e-commerce and business to consumer as well as hosting and telecom businesses, but any business with an outside facing website or portal can be attacked this way. These also include the big social media companies, traditional media companies, banks, federal and state government sites and nonprofits/charities.
Social Engineering and Phishing Attacks are the most common attacks since humans are the weakest link in a security program. It is much easier to compromise a user by having them hand over their credentials than trying to use brute force on a mature security infrastructure. Credentials can easily be obtained simply with a phone conversation or through an email. Email phishing is the most common form of exploitation since users are typically not well-trained and naïvely assume that if the email says it is coming from a legitimate organization or person, then the email is legitimate. Once the person opens an attachment or clicks on a link, a number of things can happen.
Social engineering is the main vehicle used for fraud activity on businesses by compromising emails systems and supply chains. These criminals take on the identity of a key executive or a supply chain partner to redirect payments to secure foreign bank account. According to contacts in the FBI and Secret Service, these activities increased significantly after the majority of business activities moved to remote operations due to the pandemic.
Steps to Protect Yourself and Your Company
How do you protect yourself and your company from these attacks? Here is a set of key steps that can help mitigate or prevent attacks from cybercriminals, if implemented:
Organizations need to make security part of the company culture and every employee should understand their role in protecting the organization’s digital assets.
If you have questions about these steps or anything else covered in this article, please contact the author, Jeff Brown.
If you have any questions and would like to connect with a team member please call 404-874-6244 or contact an advisor below.CONTACT AN ADVISOR
Subscribe to our newsletters to get inside access to timely news, trends and insights from Smith + Howard.