Home > Technology > Security > Protecting Your Business from the Most Common Methods of Cyber Attack

Protecting Your Business from the Most Common Methods of Cyber Attack

By: SmallBizClub

 

30af13a51cac937c28d30b84e498213a
It’s not a comforting thought—as more and more information is stored online, the camp of individuals looking to steal that information is growing more and more sophisticated. That isn’t terribly surprising, given how much money there is to be made with stolen data. With the arms race between security researchers and cyber-criminals growing more and more pronounced, it falls to IT professionals to proactively protect themselves.

Here are a few cyber-attack methods your organization is likely to face, and how you can defend yourself against them. Make sure you do. Otherwise, you might well be the next target.

DDOS Attacks

A distributed-denial-of-service attack is one of the oldest tricks in the book, and one of the most common attack methods on the web today. It’s incredibly simple to pull off, too—all you need is a sufficiently-large botnet, and you’re good to go.

For this reason, the DDOS is the weapon of choice for angry script kiddies the world over—though it’s also quite often used to cover up a more serious crime, giving the criminals time to break into a server and make off with sensitive data.

How it works is simple: a criminal orders their botnet to flood a particular server or website with requests. Eventually, the server receives more traffic than it can handle, and grinds to a halt. Some particularly sophisticated botnets use uncorrupted computers to perpetrate the attack—often, participants in an assault such as this won’t even realize they’re part of it.

How to Defend Yourself:
Assuming your host doesn’t provide automatic DDOS protection…

  • Keep an eye on your website traffic. Any sudden—and unusual—spikes could signal the beginning of a DDOS attack.
  • Once an attack begins, it’s time to perform a quick packet capture. Look for commonalities in the URI, user agent, or referrer. Once you’ve done that, block all packets that share a fingerprint with the attacker.
  • Finally, contact your carrier and the authorities.
Brute Force Attacks

If there’s an attack method even less sophisticated than DDOSing, it’s the brute force hack. This one’s exactly what it sounds like—the attacker repeatedly tries to break into a system by trying a list of different passwords, words, or letters. Thankfully, brute force attacks are fairly easy to defend against, and the threat they represent is (with adequate preparation) usually quite minimal.

How to Defend Yourself:

  • Make sure every single user who has access to your systems has set up a secure, difficult-to-guess password.
  • Implement a system which locks a user out after a certain number of attempts.
Malicious Mobile Apps

With the prominence of the BYOD craze, it’s no surprise that criminals have begun targeting mobile devices. Since mobile security is still in its infancy (far too many users still believe mobile devices to be more secure than desktops) this makes smartphones and tablets easy targets for criminals, who gain access to them either through malicious apps on the store (generally only on Android) or when a user connects to an infected network.

How to Defend Yourself:

  • Ensure you’ve set up a secure connection for any staff wishing to access company resources through their mobile devices.
  • Require any employee who wishes to use their mobile device at work to install security software.
  • Consider sandboxing
  • Make sure your employees know to avoid connecting to any unsecured WiFi connections.
Exploitation of Unpatched Vulnerabilities

I’m always a little bemused when I hear about the latest data breach—because in about 50% of cases, it’s usually the result of someone in the compromised organization failing to keep up with their patching. The vast majority of cyber-attacks aren’t going to use some hyper-complicated virus or some ridiculous social engineering campaign…they’re simply going to probe your network for vulnerabilities, and use whatever holes they can to siphon out information.

How to Defend Yourself:
Monitor your software, and make sure you always keep everything up to date. There’s really nothing else to be said here.

Worms

The age of the computer virus has ended—we’re living in the age of the worm. Malicious programs such as Conficker and Zeus travel through networks, automatically seeking out vulnerabilities—and attacking when they find any. Usually, these vulnerabilities take the form of wonky sharing options, misconfigured security, or bad passwords.

How to Defend Yourself:

  • Disable executables in emails.
  • Disable autorun capabilities
  • Set up better password policies.
  • Patch.
Spear Phishing/Social Engineering

Perhaps the most effective method of cyber-attack on this list—and the most difficult to defend against—is social engineering. This method of attack doesn’t exploit an organization’s computer systems—it exploits the weaknesses in the people running them. Of the myriad social engineering attacks floating around on the web, the most common is known as Spear Phishing.

In a Spear Phishing attack, a criminal will attempt to trick a user into opening an email attachment with the belief that it contains some urgent information. A user browsing their email at work sees the message and opens it, accessing the attachment. Once they do, their system is infected—the criminal can use whatever malware was attached to the email to exploit the systems of the targeted organization.

How to Defend Yourself

  • Train your staff to recognize the most common Spear Phishing techniques; they often use shipping or finance-related terms.
  • Forbid employees from accessing personal email accounts during office hours.
  • Avoid sending any files via email (and make it known that this is company policy). Instead, consider using Dropbox or a cloud service to share all internal work.
Author: Rachel Gillevet is the technical writer for WiredTree, a leader in fully managed dedicated and vps hosting. Follow Rachel and WiredTree on Twitter, @wiredtree, Like them on Facebook and check out more of their articles on their web hosting blog, http://www.wiredtree.com/blog.

Published: August 6, 2014
2650 Views

Trending Articles

Stay up to date with
small biz club logo

SmallBizClub

SmallBizClub.com is dedicated to providing small businesses and entrepreneurs the information and resources they need to start, run, and grow their businesses. The publication was founded by successful entrepreneur and NFL Hall of Fame QB Fran Tarkenton. We bring you the most insightful thinking from industry leaders, veteran business owners, and fellow entrepreneurs. Follow us on Facebook, Twitter, and LinkedIn.

Related Articles