In order to run and maintain a company safely, a comprehensive cyber defense strategy is a must-have these days. Its goal is to stave off industrial espionage, data-leaks and reputational loss, protecting customers, employees and the company itself. In light of the ever changing and evolving attack strategies, it seems impossible to be prepared on every angle and for all potential attacks. In order to make your IT-systems resilient to attacks from hackers, a conjunction of preventive and reactive measures is in order, complete with constant surveillance and mitigation of vulnerabilities.
While attackers often require little more than a couple of weaknesses, defenders need to find and seal off all vulnerabilities in their system in order to stay safe. Cyber security can be understood as the essential and continuous process of preventing the emergence of weaknesses, coverage of existing vulnerabilities and mitigation of threats posed by successful attacks. This sets the foundation for safety and entrepreneurial growth in the information age.
Cyber defense starts at the level of training employees to avoid spam- and phishing-mails, which are often used by attackers to build in backdoors to your IT-systems, and ideally spans the entire company structure to ensure security at every level. To achieve company-wide cyber defense security, it is vital to align workflows and operation cycles with cyber security practices. More on IT-security here.
There are lots of starting points for cyber defense security. Arguably the most important one is recognizing humans as an inherent weakness in every system. After all, phishing is one of the most prominent vectors for attack used by cyber criminals. Educating and sensitizing employees and leadership alike and putting down clear guidelines goes a long way. Additional common setscrews for cyber defense security include:
- Data encryption (VPN)
- Implementing multi-factor authentication
- Dynamic detection and sealing of vulnerabilities
- Pursuit and deception of registered attackers (honeypots)
- Alignment of business structures and cyber-security architecture
and, of course, vulnerability & compliance management. This means operating as a moving target to dodge attacks preemptively, continuously running penetration- and vulnerability-tests and using the knowledge gained to update and harden your systems; the so called vulnerability management cycle.
Seems logical? Greenbone has conducted a study revealing that barely a third of all businesses in the sector of critical infrastructure abide by best practices in cyber-resilience. You can find the core takeaways of our study in this executive summary.
In defense cyber security threats are lingering around every corner. Here is a short summary of the most important threats you need to keep your eyes peeled for:
Employees without decent IT-expertise – experientially the majority – are prone to fall for fake e-mails from the elusive system administrators, giving away login-data or unknowingly installing malware from harmless looking links.
Malware (Spyware, Ransomware, Viruses)
Inexperienced users permanently run the risk of infecting their systems infected with malware when browsing the web. Seemingly innocuous links or websites are often the source of lingering threats. There are also known cases of infectious software being loaded off of peer-to-peer-services or free software-download-bundles.
Infected devices can sometimes be puppeteered by nefarious actors to run code in the background without the owner ever noticing. Banding together, infected machines turn into so called bot nets with immense cumulative which can, for example, be used for DdoS-attacks. To identify the source of such an attack is almost impossible due to the distributed nature of the attack across many attacking systems.
(Distributed) Denial of Service (DoS/DdoS)
In a so called Denial of Service attack a system is flooded with queries until it slows down and eventually crashes. Attackers often use DoS attacks in order to launch the real attack during the system downtime in order to go unnoticed. DdoS attacks indicate a distributed origin of the attack, for example by having a bot-net flood the attacked system.
Arbitrary Code Execution (SQL/JNDI)
Security flaws in data base structures like SQL lend themselves to hackers by unintentionally allowing the execution of code injected into the database from, for example, a search-query. A recent and well known example of this is “logj4”.
Man in the Middle (MITM)
Man in the middle is the interception of confidential data by infiltrating a private electronic communication of two or more parties. In many cases, the attacker will disguise as one or even all of the other parties involved. This way they gain access to confidential information and can sometimes even manipulate data without being noticed.
Only large companies fall victim to cyber attacks? A common misconception. We put together a list of the most juicy targets for cyber criminals:
No one is safe from cyber attacks. As we have learned, a botnet grows stronger the more infected assets lend their computational strength to it, putting a target on the machines of careless civilians. The tricky thing: Usually the malware is very small in size and buries itself deep down in the system’s source code, never to be noticed by the owner.
Depending on the source, 40-70% of all cyber attacks target small and medium-sized businesses (SMB), which often – because of their relatively small size – do not see themselves as a potential target. From an attackers point of view though, SMBs are easy targets rich with sensible client data. About 50% of all SMBs become targets of cyber attacks at some point, with 60% of successful attacks leading to the downfall of the victim.
It goes without saying that no one is too big to become a target: Government, military and critical infrastructure regularly get attacked for political and ideological reasons, while finance firms promise profits to cyber criminals. Health organizations are interesting because of the hoards of sensible data they hold and large corporations combine it all: Money, data, and due to their social prominence, special allure for hacktivists.
The importance of defense cyber security can not be understated, as every user could be a potential target. Cyber security comprises measures of IT-security, information security and data security in the entire cyber-space. It protects government- and industry data, personal data, health data and intellectual property.
Since the start of the digitization, a large range of processes has become reliant on data processing and can therefore be incapacitated by hackers. Additionally, the increasing interconnectedness of our systems increases the potency of “infectious” viruses. And on top of it all many service providers are transitioning to cloud computing – and negligently implemented cloud-solutions increase the risk substantially. Yearly global damages due to cyber attacks are in the quadrillions.
The fallout of cyber attacks can be devastating. Not only for the individual, but for entire societies. Attacks on critical infrastructure can cause outages in the supply of water and power, breakdowns of supply chains and financial transactions and – in case of attacks on e.g. hospitals – even deaths.
In 2021, cyber crime has caused damages north of 6% of the global GDP and rising – currently at a staggering growth rate of 15% per year. Personal data is misused for identity theft and to open bank accounts, botnets impair the computing power of personal machines and potentially implicate unwitting users in criminal attacks.
New threats, new cyber security measures – this interplay has already accelerated enormously in recent years. Where do we go from here? What does the future hold for cyber security?
With daily new threats on the horizon, speedy data analysis is essential – to an extent that can no longer be covered by humans alone. The inevitable solution: Automation – enabling faster and more efficient sequencing of vast amounts of threat data and snappy, more precise reactions to attacks. In fact, assuming that automation will be the norm is not a daring prognosis at all.
Bigger focus on cloud computing
Cloud computing is the future – with more and more enterprises adapting their IT-structure to run off the cloud. Despite all of its advantages, cloud solutions also introduce new attack vectors in the cyber security landscape, opening new doors to hackers. But the means of cyber security providers are also expanding to cover these new attack surfaces as swiftly as possible.
Better cyber security for remote work
It is becoming clear that the corona pandemic has mage a lasting impact on the way we work. While in 2020 most businesses still stood in opposition to home office and remote work both models have established themselves as the norm these days – with some sectors relying entirely on these solutions. Convenient for employers and employees, reducing the need for dedicated workplaces and dropping commute substantially, but less advantageous in terms of cyber security. While cyber security incidents can be detected and dealt with swiftly on prem, handling incidents in home offices or even abroad proves slower and more difficult. Cyber security providers are likely to devise dedicated strategies for this in the future.
- Cyber Defense Security
- What is Defense Cyber Security?
- Means of Defense Cyber Security
- What types of cyber-threats are out there?
- Defense Cyber Security with Greenbone
- Who should be concerned about Cyber Attacks?
- Why is Defense Cyber Security important?
- What damages are caused by Cyber Attacks?
- What does the future of Cyber Security look like?