Thought Leadership from Florida’s Top IT & Cybersecurity Minds

Understanding the 4 Common Types of Cyber Attacks

Types of Cyber Attacks

As a business owner, you likely already know what a cyber attack is and how risky it can be for your business. The unfortunate reality is that cyberattacks are becoming increasingly threatening for businesses of all sizes, regardless of their IT budget, because all it takes is one weakness to compromise your entire business.

The Reality of Cyber Attacks

Just consider the Colonial Pipeline ransomware attack that occurred in May 2021. The attack compromised the company’s computer systems and gave the attackers access to much of the company’s data. Eventually, the attackers were paid over $4 million in ransom to remove the damage the ransomware had caused and restore their computer systems. One small weakness in their systems, led to a disruption that cost them millions of dollars and led to a fuel shortage across a large portion of the United States.

Common Types of Cybersecurity Attacks

With cybersecurity attacks having become so frequent, it’s important that we study the main techniques these criminals are using so that we can better protect our businesses.

At Antisyn, we have spent a great deal of time analyzing cyber-attacks and have put together a list of 4 of the most common ways cyber-attacks happen. Our hope is that by educating businesses on the main ways criminals execute their crimes, companies will be better informed about how to help reduce the chances of becoming a victim to these types of cyber-attacks.

1. Poor Hygiene of User Accounts

User accounts and passwords control the majority of access to IT systems, so it’s no surprise that poorly managing these accounts leaves your business exposed to a cybercriminal taking advantage of you.

  • Are you regularly auditing user accounts?
    • Every business should periodically audit and review the user accounts in their systems to make sure that only legitimate and necessary accounts exist. If you find any unnecessary or unauthorized accounts, you should quickly take steps to disable them.
    • A very common situation is for a former employee’s accounts to accidentally not be disabled, leaving their account open and exposed without anyone realizing it still exists.
    • You should also pay special attention to accounts that have become inactive or not used in quite some time. Any account that isn’t being used should be evaluated to be disabled so that criminals don’t take advantage of it.

  • Are your users limited to only the permissions they need?
    • Every business should follow the “Principle of least privilege”, which essentially means that users/systems should not be given more security access than is necessary to complete their tasks. Simply put: If someone doesn’t NEED a certain level of access, they shouldn’t have it.
    • If your users don’t need remote access? Don’t enable it for them!
    • If your user doesn’t need administrative access, don’t give it to them!
      • Furthermore, VERY FEW users should require administrative level access (usually limited to your IT department) and it’s typically recommended that admin accounts are completely separate from day-to-day user accounts. Even IT professionals or your best administrators can fall victim to a cyber-attack.
    • Just like with user accounts, you should periodically audit and double-check permissions for all user accounts as well to ensure that everyone has the proper permissions. It’s incredibly common for someone to “temporarily” give someone extra permissions and forget to revoke them later. Additionally, what a user needed previously, might not be what they need today.

  • Do your user accounts require strong passwords?
    • Criminals have automated systems that can try thousands of passwords to break into an account. If your passwords are simple or short in length, it becomes very easy for criminals to guess it. The best passwords are long and complex but still something easy for the user to remember.

  • Do your user accounts require MFA (Multi-Factor Authentication)?
    • Passwords are no longer enough to secure accounts. Wherever possible, you should also implement MFA (Multi-Factor Authentication) which requires users to enter a code from their mobile phone when logging into systems.

  • Are you monitoring user accounts for suspicious activity?
    • Accounts get regularly compromised, so its important that you detect a compromised account as quickly as possible. Monitoring accounts for suspicious activity (such as logging in from a different part of the world or at a different time of day than normal) can help you to catch an intrusion and act before they cause damage.

  • Are You Monitoring the Dark Web for Compromised Accounts?
    • Cyber criminals typically post on the dark web lists of compromised accounts so that they can share them with other criminals. Every business should have a cybersecurity professional regularly scan the dark web to see if they detect any accounts for your business.

2. Exposed External Access to IT Systems

Most cyber criminals aren’t physically inside your office, they’re somewhere else in the world trying to find ways to break into your business from the outside. This means that for proper security, you need to regularly look at which of your IT systems are “exposed to the world” and how well they’re protected.

  • E-mail Systems & Cloud Based Systems
    • Most people assume that if something is in the cloud, it’s already secure. Isn’t Microsoft, or Google or Amazon protecting that for them? The reality is that while these big cloud companies take responsibility for SOME pieces of security, there is still a LOT Of responsibility on the customer when it comes to security. Especially, when it comes to compromised accounts.
    • Businesses should not assume that their cloud provider is responsible for security and instead should be proactive on regularly trying to keep their information in the cloud safe.
  • To help mitigate these risks, businesses should periodically evaluate the following:
    • Are your cloud systems protected by MFA (Multi-Factor Authentication)?
    • Are your cloud systems regularly monitored for suspicious activity?
    • Is access to your cloud systems restricted to just specific users who have a legitimate need for it?
    • Is access to your cloud systems restricted to just specific geographical areas? (such as just the United States, or just the states you work in or even potentially just your office)

  • Remote Access Systems
    • Remote access systems (like VPN or Remote Desktop) are extremely convenient to allow users to be able to access key programs, systems or data even when outside of the office. However, if not secured properly, they can also be an easy for criminals to break in.
    • To help mitigate this risk, businesses should periodically evaluate the following:
      • Are your remote access systems protected by MFA (Multi-Factor Authentication)?
      • Are your remote access systems regularly monitored for suspicious activity?
      • Is access to your remote access systems restricted to just specific users who have a legitimate need for it?
      • Is access to your remote access systems restricted to just specific geographical areas? (such as just the United States, or just the states you work in or even potentially just your office)

  • Open Ports in Your Firewall
    • Your company’s firewall typically acts as a shield that prevents the outside world from directly accessing your company’s servers or computer network. However, occasionally IT professionals must open ports in your firewall (basically small holes in your shield) to allow communication for programs or systems your business requires.
    • These open ports, can be a vulnerability cyber criminals can take advantage of.
    • To help mitigate this risk, businesses should periodically evaluate the following:
      • Are all the “open ports” still necessary?
      • Do the programs that use the open ports have proper security, such as MFA (Multi-Factor Authentication)?
      • Can the open ports be restricted to just specific locations/geographical areas? (such as just for the office of a specific contractor, or your branch offices, or just the cities your team works in)

3. Unpatched Systems or Vulnerabilities

New security issues are found every day, so it’s important that someone is regularly reviewing and installing security updates on your systems. Cyber criminals take advantage of the fact that sometimes it may take businesses weeks or months to install security updates, giving them a large window to take advantage of the situation and execute a cyber-attack. In fact, a common way that cyber criminals find potential victims is by regularly “scanning” the internet looking for businesses that appear to be running a vulnerable version of a system.

What makes it even more difficult, is you have to make sure that ALL your systems are fully updated, because if even one system doesn’t get a security update, that leaves a proverbial door wide open for cyber criminals to break into the rest of your systems.

To make sure you’re staying on top of this, ask yourself the following….

  • Are you regularly making sure that all your computers and network equipment are updated with the latest security updates?
    • An IT or cybersecurity professional needs to regularly install updates to all your computers and network equipment as well as regularly run reports to make sure no system “slipped through the cracks”.

  • Are you regularly scanning your systems for vulnerabilities?
    • A cybersecurity professional should periodically scan your systems looking for vulnerabilities, so that you can work on a plan to fix them before a cybercriminal finds them.

4. User Exploitation and Deception

Businesses are based around people. No matter how much automation or computer systems we have, we all still depend on people as our number one asset in our businesses. Unfortunately, people also make mistakes and can be deceived, which is exactly what cybercriminals count on.

“Phishing” attacks are scam e-mails where a cyber-criminal tries to trick your employees, such as:

  • Pretending to be a customer asking them to click a link
  • Pretending to be a vendor asking for payment to a specific bank account
  • Pretending to be a co-worker asking them to open an attachment
  • Pretending to be the IT department asking for their password
  • Or even pretending to be YOU asking them to buy something on your behalf

To combat this, ask yourself the following….

  • Do you have good protection in place to block phishing attacks?
    • An IT or Cybersecurity professional should be able to implement systems that help automatically block most of the phishing e-mails that your company receives.

  • Are you performing security awareness training?
    • Your best cybersecurity protection is if you can periodically educate your employees on the types of threats and scams they should look for so that you can keep them “security aware”. Usually this is in the form of ongoing training content as part of your company’s “Cyber Safety Program”. However, this will only be effective if you make sure your entire company is actively participating and completing the required training as it comes out.

  • Do you periodically test your employees?
    • Beyond providing your employees training, you need to regularly assess if it’s effective and if the employees are improving based on it. One of the best ways to do this is to have a cybersecurity professional conduct “simulated phishing attacks” against your employees where they’ll send scam e-mails just like a cybercriminal would, but without actually causing any harm. Then, you can get a report as to which employees are still most likely to fall victim to a scam so that you can help them with some different training.

  • Do you have good controls in place (especially financial)?
    • Ultimately, some people are going to make mistakes no matter how good the training is. One of the final lines of defense is good controls and processes to reduce the chances of human error leading to a significant business loss.
    • For example: If an employee receives an e-mail from a vendor to update ACH/wire instructions, requiring that all employees (no matter how legitimate the e-mail may seem) MUST do an offline verification where they’d call the vendor (using a phone number they already had on file for the vendor, not the one in the e-mail) to make sure its legitimate. Then even potentially having a supervisor also double check everything before authorizing an updated ACH or wire payment to be performed.
    • No one wants to be caught up in a ton of red tape to get their job done, but every business should assess what damage could be done if an employee fell victim to a scam and try to put in extra controls to mitigate those risks.

Being Proactive and Consistent to Mitigate Different Types of Cyber Attacks

While this article doesn’t describe all the ways cyber criminals execute attacks, it should’ve given you insight into some of the most common methods of cyber-attacks and what you can do to help reduce the likelihood of being victim to these types of attacks. Nothing you can do is 100% bulletproof, but if your business consistently takes cybersecurity seriously and is continually proactive at managing it, you can dramatically reduce your risks and exposure.

Worried About The Potential Cyber Attacks? Antisyn Can Help!

If you’re a small-to-medium business needing help implementing some of the things in this article or if your business is in search of an IT & Cybersecurity company to help you get better results, reach out to us.

We’ve helped countless other businesses better leverage technology and reduce cybersecurity risks.

We are experienced IT professionals-true partners who care about your future and understand IT services.
Services

©2024, Antisyn. All Rights Reserved | Privacy Policy | Remote Assistance