An unfortunate truth in business is that any worker, in any organisation, can be the target of a cyberattack.
There are a wide range of considerations that IT security managers must take into account so that they can identify what makes their organisation vulnerable to highly-sophisticated cybercriminals – including the employees, endpoints across the organization, and any lack of investment in protecting the entire network.
Here are the types of threats that could affect an organisation on a daily basis – and how potential cyberattacks can be prevented before disaster strikes.
Threats aimed at human error
John is a marketing executive at an online retailer. He receives hundreds of emails a day, most of which are spam, which he deletes straight away. But one Monday morning, something catches his eye – an invitation to a free training and networking event, where he can pick up some new skills that will help him do his job more productively and effectively. Intrigued, John clicks the attachment to find out more and to register his interest. However, instead of helping his career, the click of the mouse could have disastrous effects for him and the entire workplace.
If something looks too good to be true, it usually is. What our keen marketing exec hasn’t realised is that he has now fallen victim to a malware attack. One click could infect both John’s machine and the retailer’s entire network.
Over a period of weeks, or even months, criminals could also use malware to watch an organisation’s normal operations. Through watching, they can learn and then strategise as to how to hide their activities by making them look legitimate. Our marketing executive would have no idea that the email attachment they received – and opened – was dangerous.
There are simply no guarantees that staff will correctly identify and ignore a phishing email, or a suspicious attachment, and cybercriminals are becoming more experienced at grabbing their attention through social engineering – which they can use to then infiltrate an entire IT system.
Revenue at risk
All cyberattacks can potentially cause catastrophic financial consequences to an organisation. Whether an attack results in money being directly stolen from an account, or finance teams left unable to accept payments, staff members’ time is immediately dedicated to resolving or investigating the problem.
Going back to John, if he downloads an infected attachment, not only has he put himself, and the network, at risk, but he is then also wasting time communicating with IT to explain the issue and trying to get his system back up and running, instead of working on assigned projects.
Every hour trying to fix the problem becomes an hour’s worth of wasted resources and lost revenue.
Defending the path of least resistance
While there is always a threat that a network will become subject to a cyberattack, endpoints are much more susceptible to being targeted and, ultimately, infiltrated. This is because it’s often easier for attackers to prey on endpoints connected to vulnerable humans and take advantage of user error.
Many IT security professionals will go to great lengths to secure every endpoint, but they sometimes feel helpless if a member of staff – like John – does something to accidentally launch a malicious cyberattack on his organisation.
Our harmless marketing executive may decide to work from home on an external device and complete tasks on a privately-owned laptop instead of remaining secure, on their employer’s network. If staff use their own devices – like tablets, smartphones and USB memory drives – in the office environment, they are adding an unprotected endpoint and putting the entire network at risk.
Keeping the peace
The introduction of a gateway security solution can help protect an organisation from the threats of the outside world. With gateway-applicable threat protection blocking incoming threats, this approach can both reduce unnecessary downtime and stress and improve productivity and performance, to save both time and revenue. A gateway security solution should include an anti-phishing system, which will remove any potential risk of employees being manipulated into launching malware, as well as defend endpoints across a business to minimise the number of potential incidents. This ensures fewer panicked users and more focus on primary work tasks.
IT security specialists can also introduce access restrictions on online resources and sites for those users who do not need them to do their work, thereby ensuring they can concentrate on their responsibilities and avoid distraction.
With this protection in place, John – and other employees – can go about their responsibilities without having to worry that they could inadvertently open their employer to the risk of a cyberattack, and work safely in the knowledge that the organisation is defended against all potential threats, however they try to infiltrate the network.
David Emm is Principal Security Researcher at Kaspersky, a provider of security and threat management solutions.
David joined Kaspersky in 2004. He is a member of the company's Global Research & Analysis Team (GReAT) and has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon's Software, and Systems Engineer and Product Manager at McAfee.
In his current role, David regularly delivers presentations on malware and other IT security threats at exhibitions and events, highlighting what organisations and consumers can do to stay safe online. He also provides comment to broadcast and print media on the ever-changing cyber-security and threat landscape. David has a strong interest in malware, ID theft and the human aspects of security, and is a knowledgeable advisor on all aspects of online security.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.