At the end of the year, it is customary to sum up, so today we will tell you about the mistakes that companies make when countering cyber threats.
Our report describes the five most common errors encountered by our forensic specialists this year when investigating cyber incidents.
Not taking a serious attitude toward cyber threats
Most companies are still not serious about their cyber security. Everyone has heard about hackers, that they steal personal data and money, but very few realize that the theft of money and intellectual property likely will affect the very company where a person works or which he owns.
Crimes such as murder and armed robbery prompt strong cause emotions in us, but few people know that for every single crime in “real life” there are several thousand crimes in the virtual world. The criminals (not only hackers, but also fraudsters, people with an unstable psyches, etc.) have entered a virtual world in which it is easier for them to preserve anonymity and in which it is easier to commit various types of cybercrime.
Lack of knowledge
In order to build protection against cyber threats properly, you need to understand what types of attacks are used by hackers, what programs they use, what points are the weakest in your virtual security system. There are many consultants who are able to sound clever when talking about cybersecurity, but who cannot answer when asked how a particular attack is implemented.
Many banks still use e-tokens to identify users and DPL systems for data leak protection. However, as practice has shown, these are completely inadequate measures. As a rule, the price paid for such a cybersecurity policy is millions of dollars stolen by hackers. Large companies should use Threat Intelligence teams in order to defend themselves not only from existing cyber threats, but also from those that are still being developed by hackers.
Wrong risk assessment
Business owners often say: “We are protected from cyber threats. Our computers have not been compromised for many years.” However, this is an illusion. Investigating cyber incidents, forensic specialists often note that companies’ computers were compromised by several hacker groups operating independently. How often does this happen? Practically always.
Until May 2017, it was believed that ransomware attacks were used only to compromise computers of individual citizens. However, this attack vector changed when the world was attacked by WannaCry. Everyone understood that company computers could also be compromised by this type of virus. In 2018, ransomware attacks on company computers became one of the main vectors of hacker attacks.
As we know, companies spend a lot of money on protection against cyberattacks. But, people who are engaged in building a “protective perimeter” do not always have information about current types of cyberattacks. Money is being wasted. While investigating another incident, we may often hear: “We didn’t even think that hackers could use such an attack vector.”
Wrong technology
Most company owners are hoping for antivirus protection. However, our practical experience shows that the protection of computers of companies with antivirus does not prevent the commission of hacker attacks. As a rule, when investigating another incident, we see anti-viruses installed on computers with up-to-date databases. However, hackers manage to overcome this protection and steal money and intellectual property.
Hackers become faster and less noticeable – they use ready-made software modules that are collected to construct a specific attack, automated processes, fileless malware that leaves almost no artifacts in the compromised computer. Protection technology has to evolve quickly, too.
Human factor
The weak point of cyber security is people, as usual. Someone does work remotely from home, someone hires freelancers. One of the vectors of attacks in 2018 was the penetration into computers of companies and banks through computers of people who interact with computer networks remotely. As a rule, such computers are the least protected, and it is easier to get into the company’s computer network through them.
Insufficient staff training
Hackers use social engineering methods to force an employee of a company (even one trained in information security) to open an infected attachment in an email or to go to the site from which the malicious code will be downloaded. As a rule, the consequences of these actions are compromised computers, disrupted business processes, money stolen from the company (or losses incurred by the company as a result of downtime until the system administrators fix the problems) and loss of reputation.
If you protect your company from cyber threats, we advise you to start by examining the cyber threats relevant to your business, pay attention to staff training constantly, and conduct regular compromise assessments with the aim of early detection of compromised computers and other devices on the company’s network.