It seems you can barely turn on the news or read headlines from your favorite news site without seeing yet another major corporation falling prey to cyber attacks. Whether they are caused by phishing, data infiltration or even brute force, the barrage of assaults seems never-ending. However, for every organization that is victimized, hundreds if not thousands of others are able to protect themselves and their sensitive data from penetration. Here are tips to prevent some of the most common types of cyber attacks by proactively managing your risk profile.
Spear Phishing and Whaling Attacks
As organizations become more global and attacks become more sophisticated, what used to be relatively simple to spot has now become a nightmare even for savvy internet users. As recently as the last five years, phishing attacks began morphing from poorly-spelled email pleas to send money to a prince overseas to become highly detailed and realistic-looking asks that appear to be from executives within your organization. Email address masking and other tools that are often utilized by marketers to create a more pleasing customer experience are being leveraged in nefarious ways by individuals who are attempting to defraud your organization. Information gathered from social media and public profiles are leveraged to define a picture of a specific executive or group, and then that information is used in “whaling” attacks — so named because they are truly going after the big fish in the sea.
How to prevent spear phishing and whaling attacks:
- Encourage staff members to make their social media profiles private, and be wary of accepting friend requests from individuals they do not know
- Create an educational series to show how these attacks differ from valid communication
- Use up-to-date email filters, anti-phishing tools and utilize active protection at the system network level
- Teach caution as employees click on links embedded in emails
Cross-site scripting (XSS) attacks are some of the wiliest because a user is unlikely to realize that they have even been hacked. Instead of going after the host website, these snippets of code are built to run when the page loads via a comment or other auto-loading section of the site. The dangerous snippet then attacks the user’s login and password information and other personal details, exfiltrating them for later use.
How to prevent cross-site scripting:
- Limit the amount of user-provided data on your websites and web apps to only what is absolutely necessary
- Regularly scan your website using a vulnerability scanning tool to look for XSS
Poor Compliance Behavior
Perhaps one of the easiest ways to maintain cybersecurity within your organization is through continual compliance monitoring and behavioral review. Users tend to reuse the same password on multiple platforms, increasing the chance that there could be a major security breach within your organization. Passwords are often simplistic or easily guessed, especially when cyber attackers leverage social engineering to enhance their knowledge of their prey. According to the Harvard Business Review, vulnerabilities were caused by insiders in more than 60% of the attacks in 2016. This is especially true for industries such as healthcare, financial services, and manufacturing where there are large quantities of valuable intellectual property, personal information and financial assets available for the taking.
How to prevent poor compliance behavior:
- Regularly audit access to key systems, ensuring that access is restricted to individuals who actively need it
- Review compliance guidelines with supervisors and staff on a regular basis
- Require strict password guidelines on a rigorous reset schedule
- Implement log management and active system monitoring to detect intrusions as they’re happening
While no systems are infallible, there are ways to protect your organization from the dangers that are associated with doing business today. Protect your business and your staff with the dedicated support structure of CoreArmor from Coretelligent. Our behavioral monitoring, asset discovery and reporting provide 360 degrees of protection with our Defense-in-Depth (DiD) strategy. Contact us today at 855-841-5888 for the office nearest you, or fill out our online contact form for assistance.