A Snapshot of Today’s Most Prevalent Cyber Threats for the Non-Technical Executive, Part 2

Posted in: Commercial Insurance

In a recent blog post, we shared two prevalent cyber risks that your organization should be aware of — phishing and malware. Of course, those aren’t the only two threats you face when using technology or handling electronic data. This blog post provides an overview of two additional cyber threats to help you build a foundational awareness of some of the most common threats and make informed decisions about operating securely in today’s interconnected environment. 

Botnets and Distributed Denial of Service Attacks (DDOS)

A common technique of hackers is to create Botnets by infecting a network of computers or internet connected devices with a type of malware, which commands and controls infected Internet of Things (IoT) devices. Most internet-connected devices can become Botnets, including desktop computers, laptops, security cameras, DVRs, routers, refrigerators, video game systems and other networked technology.

Once a malicious actor builds a Botnet of a significant size, they direct massive amounts of internet traffic at target websites and servers, which can prevent customers, employees, businesses, or other groups from accessing those online resources. This can lead to harmful business interruption if the targeted service is integral to the operations of the organization. This technique is known as Distributed Denial of Service (DDoS).

In a recent DDoS, an attack on a Domain Name Service provider led to service interruption for secondary victims ­— popular sites including Amazon, Netflix, Pinterest, Twitter, and PayPal, just to name a few. This attack was far more effective than targeting each site individually.

What is most interesting and has the greatest implications for security is that this attack used malware that scanned the internet and automatically infected poorly secured devices to build a Botnet, without ever involving humans. Ultimately, the cybercriminals were able to build a network of over 100,000 IoT devices to carry out the attack. This virus is unique because it used machine learning to compromise devices that were not considered a priority to secure, such as DVRs, routers and security cameras.

This example shows that even businesses not directly targeted can be impacted by cyberattacks. If your organization uses third-party vendors to host data or a website, provide services to clients or any other number of applications, your organization is open to cyber risks — even when you are not the intended target of a cyberattack.

Why You Should Care: If you rely on websites, cloud services, or other web-based technology to run your operations, you could be impacted by a DDoS attack. If you choose to work with a vendor to host your site or rely on third party applications that you access through the web, make sure you ask what DDoS mitigation strategies they have in place. To minimize the risk of your technology becoming part of a Botnet, it is also important to use updated versions of software, implement security patches for the technology you use and keep your anti-virus and malware defenses up to date.

Insider Threat and the Human Factor

Another aspect of cybersecurity that is difficult to control is the interaction between humans and technology. In some cases, the technology is extremely secure from a digital perspective, but compromises or data breaches still occur due to the actions of a malicious insider or simple mistakes of well-meaning employees.

For instance, a disgruntled or financially motivated employee, with authorized access to your organization’s systems and data, can abuse their privileges in order to leak sensitive information, steal data or expose your organization to a cyberattack. One very common example of malicious insider activity is “Departing Employee Data Theft,” where a departing employee steals and passes information to their next employer. Another well-known example of an insider using privileged access is the former National Security Agency (NSA) contractor Edward Snowden that leaked thousands of classified NSA documents.

Well-meaning employees can also present a cyber threat by making simple mistakes, losing a device, sending confidential files to the wrong email address, or falling for a phishing email – all of which can expose your organization’s network.

Why You Should Care: If you have employees and use technology, this is a risk you must consider and address. Employees need access to technology, data, and confidential information to do their jobs. Yet, if passwords, data, privileged access, or other sensitive information falls into the wrong hands, it could be disastrous for your business. Success requires a holistic strategy driven by leadership that integrates people, process, and technology. In addition to strong defenses and early detection, organizations should also focus on strategies that help them respond and recover from a cyber incident caused by an insider.

Armed with information about the likely threats facing your organization and a good understanding of the possible vulnerabilities in your technology, workforce and processes, you can assess the impact of a cyber incident and determine how to secure your operation.

Make sure to read the upcoming posts of this series to learn how your organization can continue along the path of improving enterprise risk resiliency. If you have any questions or for more information contact acramer@psafinancial.com.