Hackers are becoming more and more intelligent in how they carry out cyber-attacks and utilising sophisticated tools to gain access to your data, and protecting yourself is no easy task.
Organisations can be targeted through several channels, but why are hackers targeting your organisation and what can you do to prevent these attacks in the future?
Speaking at DIGIT’s Scot-Secure Virtual Summit 2021, Javvad Malik, Security Awareness Advocate at KnowBe4, outlines some common reasons why you may be targeted and explores network security and building your cyber defences.
Why do hackers hack?
Speaking about why hackers may carry out an attack on your organisation, Malik says there are generally two basic categories.
There are opportunistic hackers; lower-level criminals looking to make money quickly, tending to use phishing emails and ransomware sent to tens of thousands of organisations hoping to snare potential victims.
Malik then describes targeted attackers; higher-end cybercriminals or nation-states that are after specific data or intellectual property for many reasons including financial gain, extortion, and theft of user data.
Threat actors carry out attacks for a variety of reasons. During the coronavirus pandemic, for example, vaccine data has been a particular target to help nation-states get ahead in the development of vaccines.
Nation-state actors, Malik says, also look to steal money and information that will benefit their country or to sabotage another country’s military or civilian infrastructure.
On top of this, you have corporate espionage, which sees firms attempting to ‘take down’ competitors through resource theft.
How do hackers hack?
Malik says there are only around a dozen attack vectors that cyber-attackers use to target an organisation.
Hackers tend to follow a pattern or methodology, and if this can be understood, it is possible to follow the same steps to help combat the threats.
The first step that threat actors can carry out, Malik says, is pre-click activities. These involve ‘scoping out’ an organisation’s cyber-defences and what systems a firm is using. Hackers can then use this information to weaponize a phishing email to target you.
Once a hacker has carried out this stage, then what Malik calls the delivery, exploitation, and installation phases can occur, which all happen in the background. These are followed by post-click activities which command a virus or piece of malware to carry out malicious activities.
- Reusing Passwords | 60% of people could be putting their data at risk
- Hackers use fake Clubhouse app to steal credentials
- Scot-Secure 2021 | Traversing the changing cybersecurity landscape
Another less well known but still very effective form of cyber-attack is credential stuffing, where a previously exposed password is used across various different websites to gain access. This is caused by bad password management and the reuse of the same passwords.
Research by cybersecurity company SpyCloud, in March, warned that around 60% of people may be putting themselves at risk by reusing passwords.
How can we defend our organisations?
Defending yourself from attacks is not easy, but Malik suggests three steps that a business can take to prepare itself.
Malik says that a firm must discover your attack surface, simulate how those attacks would occur, and then work to understand its impact.
One of the first things to do, Malik suggests, is to carry out a root cause analysis. You can then do a forensic analysis of how the cyber-attack has occurred. You can then plug cybersecurity holes to prevent further attacks from happening in the future.
It is also important to focus on your incident response processes. Understanding where potential bottlenecks are in your systems and carrying out correct practices like have the correct contacts in place.
However, Malik says these potential failings really become visible after an attack, so ensuring you refine your practices now will help protect you in the future.