Security Awareness - Preventing a Cyber Attack | Optiv
October 04, 2013
FishNet Security is joining the National Cyber Security Alliance, the Department of Homeland Security and the Multi-State Information Sharing and Analysis Center for National Cyber Security Awareness Month. Now in its tenth year, NCSAM is a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.
Security Awareness is critical to protect an organization’s most important asset – its data. The White House has declared that the “cyberthreat is one of the most serious economic and national security challenges we face as a nation.”
It is vitally important that as a society, we learn to protect our personal and business information daily. This is not a suggestion but a necessary way of life.
Cyberattacks target computer information systems, computer networks and/or personal computer devices. An anonymous source steals, alters or destroys a target by hacking into a system. Cyberattacks can be as harmless as installing spyware on a PC or as grand as affecting the infrastructure of entire corporations.
As the modern world becomes more reliant on computer systems, cyberattacks have become more sophisticated and dangerous. They are a preferred method of attack to disrupt companies, organizations or entire service providers, such as AOL.
So, where will you find “cyberthreats”?
- Email – Attackers can “spoof” the sender shown in the "From" field to hide the origin of their emails, hoping you’ll trust the content and open attack software. Phishing schemes are an attempt to steal identities or information for monetary gain.
Pay attention to the email and its subject line. Poor grammar and formatting can be a sign of a phishing scam.
- Mobile Devices - Botnets infect PCs using a technique that results in the large-scale theft of private information from your desktop or email. Bot network operators are hackers that take over multiple systems in order to coordinate attacks to distribute phishing schemes, spam and malware attacks.
Only download apps from the main marketplaces and inspect app permissions before downloading. Are you comfortable with what they are requesting?
- Social Media – Most social media attacks manipulate people into performing actions or divulging confidential information using a trusted source. A type of con for the purpose of information gathering, fraud or system access, it is often one of many steps in a more complex fraud scheme.
Be wary of offers that are too shocking or too good to be true. If it looks suspicious, it probably is.
- Malware & GUI Intrusions – With large volumes of games, music and videos being downloaded, we open our systems to zero-day exploits that can be used to infect millions of devices. For example, a trojan can be embedded in an seemingly harmless game and programmed to launch on your device, and 10 million other users’ devices, on a specific day.
If you are suspicious about a program, website or download, use a search engine to research its credibility before you take any action.
While these attacks prey on individual users, they may be used to attack a larger network such as a corporation or a web/email server. Here are some of the most common attacks:
- Trojans – A trojan is a hacking program that gains privileged access to the operating system by appearing to perform a desirable function and instead dropping a malicious payload, often including a backdoor allowing unauthorized access to the target's server.
- Worms - Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
- Denial-of-Service Attacks - A Denial-of-Service attack (DoS) occurs when multiple systems flood the bandwidth or resources of a system, usually on one or more web servers. This floods the targeted system with traffic. When a server is overloaded with connections, performance grinds to a halt.
In the workplace, secure your work station and confidential information before leaving. Never give your password out, even to IT. Don’t divulge company or network information to anyone. Always report suspicious activity to Corporate Security.