A Snapshot of Today’s Most Prevalent Cyber Threats for the Non-Technical Executive, Part 1
Keeping up with the ever-changing cyber threat landscape is essential for making smart decisions about cyber risk management. For many leaders, combing through the constant stream of information can be challenging and time consuming. A good approach to sort through the intimidating amount of information is to set a simple, achievable goal of dedicating time each week to read notable cybersecurity headlines. The goal is not to become a cybersecurity expert, but to build a general knowledge base and awareness of current issues that can inform decisions and help determine the cybersecurity strategy for the organization.
To help you start this process, I will review four of the most prevalent cyber threats all leaders should be aware of in today’s environment. The top two threats are discussed below, while the next two will be covered in my upcoming blog post. This is not exhaustive, but is a good start to help you develop a baseline level of awareness for continued reading and analysis.
Social Engineering and Phishing
Social engineering is a non-technical method designed to trick unsuspecting individuals into sharing or granting access to information that malicious actors can use to start or expand an attack.
Phishing and spear-phishing are social engineering attacks that use email as the delivery mechanism. You might be thinking, “these are not emerging exposures – they have been around for a while.” Yes, but the attacks are becoming highly sophisticated, and it is increasingly more difficult to tell a malicious and a legitimate email apart. These are among the most common attack techniques because they are easy to deploy against any organization that uses email. These attacks are designed to look like legitimate emails to trick a user into clicking on a link, downloading an attachment, or sharing personal or confidential information. Phishing emails are generally more generic and sent to a large pool of victims. Spear-phishing emails require more research by the attacker and are crafted for specific individuals or a smaller group of victims.
Some of the most prevalent low-tech phishing attacks today are wire funds transfer fraud and W-2 scams. Neither scam involves hacking, malicious code, or any other advanced technique. They are simply designed to prey on well-meaning but unsuspecting employees.
- Wire funds transfer fraud occurs when a cybercriminal sends an email impersonating an executive to a targeted group of employees requesting funds to be transferred into a specified account. The emails look legitimate and unsuspecting employees make the transfer because they want to be responsive to their leadership. Once the funds are transferred, they are often very difficult to recover and there are few options to pursue if the organization does not have the proper insurance in place.
- W-2 scams follow a similar pattern, where an attacker sends fraudulent emails impersonating an executive and asks employees to send W-2 information for tax purposes. The result is a data breach that can compromise personally identifiable information of every employee of the organization.
Why You Should Care: Cybersecurity technology today is very effective. However, these tools can’t change your employees’ behavior or guarantee they won’t be deceived by social engineering or phishing attacks. Instead, a holistic approach driven by leadership is required.
Malware is computer code written by cybercriminals to exploit known vulnerabilities in common software and computer applications. The purpose of malware is to enable an attacker to disrupt systems, destroy data, export information, and collect information about activities and users. Infections can occur when a user goes to a compromised website, downloads an infected attachment, or when a hacker gains access and installs code, as well as countless other possibilities.
- Crimeware is a type of malware. Its purpose is to facilitate an illegal activity, such as theft of money or data. Crimeware is becoming increasingly common as hackers are now selling exploits on the dark web to less sophisticated cybercriminals. This “Cyber-Crime-as-a-Service” model removes the difficult task of building an exploit from the cybercrime equation. With a pre-built exploit, cybercriminals can focus on developing distribution campaigns to increase the number of victims and return on their investment. A common type of crimeware that impacts businesses and consumers on a wide scale is ransomware.
- Ransomware has been in the headlines lately with the WannaCry outbreak that hit in May of 2017. Once installed, it locks computer files with sophisticated encryption that cannot easily be broken. WannaCry was especially dangerous as it also exploited a known vulnerability in Windows server to spread from one infected host to the entire network. Ransomware encrypts a victim’s electronic files, then the cybercriminal asks for ransom to be paid in exchange for unlocking the files. If the encrypted data is essential to the company’s operations, this can cripple the organization. Even more, without a professional cyber forensic investigation, it is difficult to know the scope of the compromise or the scale of access obtained by the attacker.
Why You Should Care: No organization is too small or insignificant to fall victim to crimeware or ransomware, especially because they can be distributed on a mass scale to maximize the number of possible victims. It’s like the common cold virus – it spreads through normal daily interaction, and if you are vulnerable, you can catch it. Unfortunately, completely eliminating vulnerabilities in technology is not yet possible, and stopping people from using email and the internet (attachments and links) is unrealistic. Keeping up to date with software patches and security updates, and regularly backing up data are some steps businesses can take to become more resilient. But taking it beyond – by training employees, and having an incident response team, execution plan, and external resources available to respond – should be a critical part of your holistic cybersecurity strategy.
Stay tuned for our next blog post, where you will learn about two additional common cyber threats you should have on your radar to help you continue along the path of improving enterprise risk resiliency. In the meantime, tapping into a trusted cyber news aggregator (such as the CyberWire) is a great way to scan headlines, monitor important topics, and stay updated on new and emerging issues.
For more information contact me at firstname.lastname@example.org.