Cybercrime’s Evolution Since the 80’s: Historical Facts and Figures

Cybercrime’s Evolution Since the 80’s: Historical Facts and Figures

Summary of Key Points

  • Experts agree that “cybercrime” as we understand it today originated in the 1980s.
  • Cybercrime has caused nearly $6 trillion in damages since the 1980s, and that figure is expected to reach $10.5 trillion by 2025
  • Just about every business today has been directly impacted by cybercrime of some type
  • Cybercrime has increased 300% since March 2020, with nearly 4.7 million instances reported in the USA in 2020 (compared with roughly 1.5 million in 2010).
  • Organizations in the healthcare, financial, military/government, education, and energy sectors of G20 nations are most heavily targeted by cybercriminals.

Cybercrime is a scary word—but what’s scarier is how little most people actually know about it. The way cybercrime is carried out, the wide variety of businesses it often targets, and the cost those organizations face are often unknown or ignored by the people who stand to lose the most. Learning about these details matters. Doing so can motivate you to implement an effective cybersecurity strategy for your company and protect your critical data.

As a managed security services provider, we have a unique perspective on cybercrime. Below, we’ve put together an overview of cybercrime throughout the past two decades—how it’s evolved, who it impacts, and what it can cost them. Read on to learn about key cybercrime milestones so you can take steps to give yourself a defense against present and future threats.

See also:

How Has Cybercrime Changed Over the Past 20 Years?

There’s plenty of debate about when exactly cybercrime started, but most experts agree that it caught on in the late 1980s when email became a commonly-used technology. Many early cyber crimes involved using emails to send viruses or perpetrate scams—a trend that continues today in the form of phishing.

The 1990s saw the rise of internet browsers for personal computers (remember Netscape, anyone?). With this came the ability for cybercriminals to surreptitiously direct victims to pages where they’d unwittingly reveal personal information or download viruses—often via a technique called domain spoofing.

But the dawning of the social media age in the New Millennium created a brand new world for cybercriminals to exploit. Suddenly, people all over the world were willingly placing their personal information online, and often making it visible to the public. This low-hanging fruit fed a veritable army of identity thieves, who often used their ill-gotten but poorly-protected gains to gain access to bank accounts, credit cards, and more.

Today, cybercriminals tend to think bigger—although lone-wolf “hackers” still exist, posing a real threat to individuals and small businesses. However, when cybercrime makes the news these days, stories typically focus on well-organized groups of threat actors co-ordinating large-scale attacks against major corporations or governments.

That doesn’t mean small businesses or individual entrepreneurs can afford to relax, though—as successful large-scale cyber attacks tend to have a ripple effect, impacting people and businesses along supply chains that can stretch around the world. To get a sense of how widespread these effects are, we need to look at how the number of affected businesses has grown over the years.

Cybercriminal targeting business on laptop
Via Pexels.

How Many Businesses Are Affected by Cybercrime?

The truth is, any organization (and indeed, practically any person on the planet) can be vulnerable to the effects of a cyber attack. Even if you live off the grid in a tiny home deep in the woods, the reality is that you still probably rely on food, clothing, or equipment provided by a company that uses the internet. Disruptions to that company’s operations could leave you without basic necessities.

But for our purposes, we’ll limit this investigation to the direct victims of cybercrime—the businesses that have experienced a cyberattack firsthand. While it’s impossible to obtain exact figures, we can put together a reasonable idea based on the attacks that have been discovered and reported during the past two decades.

In the Last 5 Years

According to the FBI, reported cybercrime has gone up by 300% since the start of the COVID-19 pandemic alone. While certain forms of cybercrime (like ransomware) have actually decreased during this period, total cybercrimes are very much on the rise as both easier and more advanced methods have become increasingly common.

In the Last 10 Years

The Consumer Sentinel Network releases annual findings that contain details on cybercrime reports in the US. The total number of reports in 2010 was 1,470,306, which jumped to 4,720,743 by 2020—over 3.2 times as many documented incidents of fraud, identity theft, and other cybercrimes.

In the Last 20 Years

It’s impossible to say exactly how many cybercrimes took place in the 1980s and 1990s, since many took place before systems were in place to monitor them properly. But going back to the Consumer Sentinel Network report for 2006 shows just 670,000 reported incidents of fraud and identity theft—a clear sign that the number has ballooned over time.

Map made of coins to symbolize cybercrime costs around the world
Via Pexels.

What Are the Costs of Cybercrime?

The quantity of cybercrimes alone isn’t enough—it’s vital to know how much they can cost you as well. Let’s take a look at the available data.

In the Last 5 Years

Cybercrime caused a total of $6 trillion in damages around the world by the end of last year—and that number is expected to jump to $10.5 trillion by 2025.

In the Last 10 Years

The previous decade saw much lower costs associated with cybercrime. For example, in 2011, the Norton Cybercrime Report estimated the total costs—including the value of lost time—to be no more than $388 billion.

In the Last 20 Years

Hard data estimating global losses from cybercrime in the early days of the internet is difficult to come by—but archived news reports from those years often list figures in the tens of millions. The fact that these (relatively) small numbers were so notable in the 1980s and 1990s is a testament to how aggressively the costs of cybercrime have grown in the years since.

What Types of Businesses Are Most Vulnerable to Cybercrime?

As noted earlier, every organization and individual can be a victim of cybercrime—but some are more likely to be attacked than others. The rule of thumb here is: the more you have to lose and the easier it is to steal, the more overall risk you face.

Remember: the goal of most cybercriminals is to steal as much as they can with the lowest possible cost. There are exceptions—such as when cybercrime is used by terrorists, state-sponsored hackers, or other politically-motivated parties. However, the majority of targets are selected for the potential payoff they represent and the ease with which they can be breached.

Organizations in G20 countries face the highest amount of risk. The industries most often attacked include the healthcare, financial, military/government, education, and energy sectors.

Cybercrime vs. Traditional Crime: Finding the True Cost

One easy way to see the impact of cybercrime is to weigh the numbers we have against the costs of traditional crimes like tax or welfare fraud. One study estimates that these traditional methods of theft cost the average citizen a couple hundred dollars per year.

As for the cost of cybercrime? Well, let’s take our number from earlier—$6 trillion in damages around the world by 2022. Divide that by the roughly 7.5 billion people who live on earth, and you get $800. That’s assuming the burden is shared equally, which we know it isn’t. If you live in a G20 country, you’re probably paying a lot more.

Knowing that, it’s vital to ensure you and your organization are as well-protected from cybercrime as possible. Get help establishing and maintaining a cybersecurity posture you can count on when you contact us and speak with an IT expert who can help you find peace of mind.

The Complete Healthcare Industry Cybersecurity Checklist

The Complete Healthcare Industry Cybersecurity Checklist

Summary of Key Points

  • The healthcare industry is a prime target by cybercriminals due to the sensitive nature, and value, of the data
  • Creating a cybersecurity checklist and reviewing it regularly will help prevent many common breaches and ensure you stay up to date on changes in the threat environment
  • Our cybersecurity checklist for 2022 has 16 items for your organization to review

The healthcare industry continues to lag behind on cybersecurity, even as it is increasingly targeted by cybercriminals. Why is that, and what can you do to better protect your organization as we enter into 2023?

This article outlines the risks that the healthcare industry faces, alongside a 16-point checklist that will help keep your organization secure. If you need assistance, ask us about our managed cybersecurity services.

An employee confirming their computer is secure

The True Cost of Healthcare Cybersecurity Breaches

When most of us think of organizations being hacked or breached, we think of sensitive data being leaked, causing profits to plummet, or vital documents being held hostage until a ransom is paid. However, when it comes to the healthcare industry, often the true cost of an attack is much more than just money.

A breach may:

  • Impact access to patient data, including medical records
  • Negatively influence productivity
  • Cause immediate and lasting reputational harm
  • Result in sensitive information, including patient data, becoming accessible to bad actors
  • Have a tangible impact on the health and wellbeing of patients
  • Have direct financial costs, including the cost to remediate the breach and any fines that may have been incurred

One famous healthcare-focused cyberattack, the 2019 ransomware attack on the Grey’s Harbor Community Hospital and Harbor Medical Group, forced the hospital and the medical group’s clinics to revert to paper medical records. Though most records were recovered, it still isn’t clear if some medical records were permanently lost.

A breach can also damage the relationship between the patient and their healthcare team, as many patients may avoid seeking medical help if they are worried cybercriminals or other unauthorized users may access their private medical information.

Taking Action to Protect Your Systems

Whether you already have a cybersecurity plan in place or you are looking to implement one for the first time, it is important to get it right. This checklist will provide you with an important starting point that will help to ensure your healthcare facility’s network and data are protected.

Remember, cybersecurity is not something that you do once you are “done”. It requires constant vigilance. Going through this checklist regularly will help to ensure that your data is protected today and long into the future.

A computer displaying health data

1. Separate IT Strategy from Cybersecurity Strategy

Companies generally set up a cybersecurity department to be within the overall IT department. While this may seem to make sense at first, it can actually lead to a variety of different vulnerabilities. When cybersecurity is part of IT, the cybersecurity concerns become just one consideration of many when making decisions.

Setting up a cybersecurity department that is completely separate from the rest of the IT department makes it easier to create and enforce standards that will keep systems protected.

2. Transition Away from Centralized Security Policies

While centralized security policies are much easier to create and manage, they are generally not as secure because they often use a ‘one size fits all’ approach to many security threats.

Transitioning to a strategy that creates cybersecurity policies and manages permissions based on the specific needs of individuals or departments is more effective.

3. Harness Encrypted Email and Messaging Tools

All of your communication tools should be fully encrypted from end to end, including emails, text, and instant messaging. This is important in all industries, but especially so in a healthcare setting given the sensitive nature of patient information.

See also: managed endpoint protection services.

4. Restrict Access to the Network to Approved Devices

Modern healthcare facilities typically have doctors, nurses, and administrators creating and accessing digital records. Choosing specific devices from trusted vendors is an important step toward ensuring that only devices that meet your security requirements are able to connect to the network. This can make it much easier for your security team to monitor for vulnerabilities, implement patches, and maintain a secure environment.

See also: staying secure in a BYOD world.

5. Provide Cybersecurity Training to All Employees

While a cybersecurity team is going to be primarily responsible for keeping your network and data safe, everyone who is able to connect to your network has a role to play in keeping your data safe.

Providing all employees with cybersecurity training that is appropriate for their role will help them to make informed decisions that can help to keep your systems safe.

6. Employ a Zero Trust Strategy

Using a zero-trust strategy for your network communication can help to reduce vulnerability points significantly. There are a variety of different steps that can be involved in a zero trust policy. Some examples include requiring network authentication to take place with all communication, preventing employees from saving passwords, and using proper certificates on all network environments.

7. Backup Data to Secured Locations

Backing up your data is essential. At a minimum, you should make sure that the backed-up data is fully encrypted to prevent unauthorized access. For highly sensitive or critical data, using cold storage or offline drives is often recommended.

Keeping the backup devices physically separated from the rest of the network will prevent them from getting infected by ransomware or other issues should the rest of the systems be breached.

A person updating their device to confirm it is secure

8. Keep Devices Updated

Your IT team should have a strategy in place for making sure that all devices that connect to the network have been updated to the latest approved versions. This includes keeping the operating systems updated as well as all applications that are being used.

Outdated software represents a significant security risk.

9. Enable Auto-Lock Features on All Devices

Implement a policy that will enable the auto-lock feature on all devices that connect to the network. Set the amount of time before a device locks to the lowest level that will still allow employees to work efficiently.

This is an important policy in healthcare facilities because there are non-employees who are regularly in the area and you want to make sure that they cannot simply pick up a device and access your network.

10. Perform Regular Updates to Antivirus and Anti-Malware Software

All antivirus and anti-malware programs should be kept up to date with the latest information so that they can detect issues as early as possible.

11. Ensure Data is Properly Wiped or Destroyed When Devices Reach End of Life

Any device that is broken or reaches its end of life should go through a full data elimination process that not just deletes the information, but fully overwrites it so that it cannot be recovered. For even greater security, have the storage drives on these devices physically destroyed before the equipment can be sold, donated, or recycled.

12. Perform Annual Cybersecurity Assessments

This will ensure your team is up to date on environmental or technological changes that may influence your cybersecurity posture.

13. Conduct Third Party Security Testing

Hiring third-party cybersecurity companies to audit your system can give you an outside perspective and help you to discover vulnerabilities. These companies can also perform penetration testing to attempt to reveal any risks to your systems.

14. Require Secure Connections from Outside Your Network

If you have any employees who need to connect to your systems from outside your network, make sure that a trusted connection is established first. This can be done through an approved VPN that will properly encrypt all the data that is transmitted and received.

15. Use a Strong Authentication Strategy

A good authentication strategy starts with an effective username and password policy. Require that your users employ an effective password that follows industry best practices. In addition, implementing a one-time passcode or other two-factor authentication requirement will reduce the risk of people gaining unauthorized access to your network.

16. Use Permissions to Limit Access to Sensitive Data

The healthcare industry relies on highly sensitive data to help patients get the care that they need. This data is also very valuable to hackers and other bad actors. Segmenting data effectively and limiting access to each piece of data to only those who have a need for it will help to keep information safe. If you have any other questions about cybersecurity in the healthcare industry, contact us.

Top 5 Cyber Attacks on Retail Businesses

Top 5 Cyber Attacks on Retail Businesses

Summary of Key Points

  • Nearly half of all data breach incidents target retailers, and nearly 20% of customers say they’ll stop shopping at companies that let themselves get hacked—which makes cybersecurity a vital priority for these types of businesses.
  • Common cyberattacks targeting retail businesses include phishing, credential stuffing, attacking IoT endpoints, supply chain attacks, and APTs.
  • By investing in cybersecurity services like endpoint detection & response and vulnerability scanning, retail businesses can better protect themselves and their customers.

When it comes to cyber attacks, retail businesses face a different kind of risk than companies in other high-vulnerability sectors like healthcare and financial services. That’s not just because 45% of all data breach incidents target retailers, according to some sources—major retail businesses are also more public-facing than other kinds of companies, which means successful cyberattacks that target them can easily become front-page news.

It’s common knowledge that cybersecurity breaches erode public trust in retail businesses. According to one study, nearly 20% of consumers say they’ll stop shopping at a company entirely if they find out a breach has taken place there. With numbers like that, learning about common cybersecurity threats to retail companies and how to prevent them is vital to the health of your business. Below, we’ve outlined 5 of the most common and provided examples.

Man at computer desk being utterly fooled by phishing scam
Via Pexels.

Phishing Scams

We write about phishing scams a lot, because they’re incredibly common and they target businesses in every industry. However, the retail sector is the top target of phishing attacks worldwide. These scams often appear as messages in the form of emails or texts—trying to get someone at the business to reveal sensitive information unsuspectingly.

Phishing emails often appear to come from an organization’s vendors, partners, investors—or even customers. Typically, they either ask for the information in question or encourage the recipient to click on a link (which is called HTTPs phishing), which leads to a page that downloads malware onto their devices or lets hackers access their data.

  • Cost: the average large organization loses nearly $15 million to phishing scams each year.
  • Collateral damage: in addition to costing a company money, phishing can lead to a loss of proprietary information and disrupt business activities. High profile cases can also be incredibly damaging to a company’s reputation.
  • How can it be prevented? Investing in your endpoint security is one of the best ways to strengthen your network against phishing attacks, since many aim to infect access points to your network with malware. Our endpoint detection and response protection allows you to isolate compromised devices and prevent any malware on them from spreading.

Stolen Customer Information

Many phishing emails are easily identifiable because they come from email addresses or phone numbers that are obviously suspect—mispelled or unintelligible domain names or offshore area codes are common giveaways. But sometimes, hackers who have successfully stolen a customer’s identity can use it to wreak havoc on a business.

One of the most common ways hackers do this is to contact a business with a customer’s personal information, posing as the person in question, before requesting financial details—such as payment card data. Once they have successfully obtained this information, they can sell it to other bad actors, making more money and increasing the customer’s vulnerability.

Using customer information in ways that impact a business doesn’t always rely on human error. In many cases, hackers use large amounts of stolen customer information to access the networks of retail targets directly (called credential stuffing)—which makes threat detection and response all the more important.

  • Cost: Retail businesses often face multimillion dollar class-action lawsuits when customer data has been hacked on a large scale. In one particularly famous example, T-Mobile lost $350 million settling investigations resulting from a breach that affected the personal data of nearly 80 million customers across the United States.
  • Collateral damage: The reputational damage a widespread leak of customer information can cause is devastating. Even companies that beat class-action lawsuits related to stolen data face scrutiny in major media outlets, which can haunt them and taint their relationships with customers for years to come.
  • How can it be prevented? Cybersecurity training for all employees with access to customer information is a vital part of minimizing the risk that it will be shared with bad actors. Meanwhile, investing in routine vulnerability scanning for your business can alert you to security gaps that could be exploited when hackers are going for your network directly.
Person using smartphone for contactless payment
Via Pexels.

Attacks on IoT Technologies

The use of wireless and contactless technology to process retail transactions has increased exponentially since the COVID-19 pandemic. While contactless payment via Square Terminals and similar technology improves human health and increases short-term convenience, these devices can also be vulnerable to cyberattacks.

In 2020, for example, it was found that malware could easily be written onto Point of Sale devices made by Verifone and Ingenico, allowing them to be used to steal payment card information from anyone who used them. Worse yet, this process could be completed in less than 10 minutes.

  • Cost: The potential cost of a widespread cyberattack on the IoT devices retail companies use to process payments is incalculable. The annual value of transactions made with mobile PoS systems is expected to reach $2.88 trillion in 2022.
  • Collateral damage: When PoS systems are compromised, so are business operations. Not only do these hacks cause widespread erosion of public trust; they halt sales as well.
  • How can it be prevented? Endpoint protection services can make your IoT devices, including PoS systems, considerably less vulnerable to malware. It’s also a good idea to consider SOC as a service, which allows you to support your in-house cybersecurity team with help from dedicated and heavily-vetted third party experts.

Supply Chain Attacks

Increasingly, hackers aren’t going after major retailers directly. Instead, they’ll attack vendors elsewhere in a retail company’s supply chain, counting on these organizations to have more vulnerable networks and then using their access to get inside the real target.

But attacks on a given business can affect retailers in its supply chain unintentionally, too—take the example of this Toronto Cannabis store that lost thousands after the logistics company it depended on for product delivery was incapacitated by a cyberattack in August 2022. In this case, even though the retailer wasn’t the target, its operations were severely disrupted.

  • Cost: Global supply chain issues cost companies $184 million every year, according to recent research—much of which is related to cybersecurity breaches.
  • Collateral damage: Not only can supply chain attacks have significant up-front costs; they can easily damage your business’ relationships with partners and suppliers.
  • How can it be prevented? Having a robust and consistent incident response process can help you respond to supply chain attacks quickly and mitigate the damage they’re able to do.

Advanced Persistent Threats (APTs)

Unlike other attacks mentioned in this article, which typically operate according to a “get in and get out” philosophy, APTs rely on sustained and undetected access to a company’s network. Usually conducted by well-coordinated groups with extensive resources (like state-sponsored hackers), these types of attacks are intended to steal information from a target over long periods of time.

While many APTs are aimed at governments, large retail corporations are also prime targets. As retail businesses widen their potential attack surface by relying more on cloud-based services and complex IT stacks, it becomes harder to identify and respond effectively to these attacks.

  • Cost: A group like APT38 (which specializes in these types of attacks) creates damages worth over $41 million on average when an attack is successful.
  • Collateral damage: An APT is like a disease that slowly spreads throughout an organization’s network. Because APT attacks often take place over months (or even years), the damage they can do within organizations they infiltrate can be extremely widespread.
  • How can it be prevented? Managed SIEM solutions can provide swift and ongoing identification, detection, and resolution of your security alerts. This makes it more likely that APTs will be flagged and dealt with before the threat actors behind them have a chance to complete their work.

Keeping Your Retail Business Safe from Cyber Threats

Whether your retail business is large or small doesn’t matter—you owe it to yourself, your customers, and your stakeholders to make cyberattacks as difficult as possible for the people who might want to carry them out. Find out how Virtual Armor’s services can improve your cybersecurity posture when you contact us for more information.

Top 5 Financial Industry Cyber Attacks

Top 5 Financial Industry Cyber Attacks

Summary of Key Points

  • The financial services industry faces significant pressure from a cybersecurity perspective
  • The top cyber attacks in the financial industry include phishing, ransomware, DDoS attacks, local file inclusion, and insider threats (users or employees)
  • Being proactive to prevent these types of attacks from taking place is critical

The financial industry suffers from more cyber attacks than any other, and that should come as no surprise. After all, cyber attacks are normally motivated by one of two factors: gaining maximum profits or inflicting maximum damage. Targeting a financial institution responsible for massive quantities of private, corporate, or even public funds—like a bank or an insurance company—is an effective way to do both. No wonder the industry now experiences an average of one cyber attack every 10 seconds.

The costs of these attacks are often severe, too. The average cost of a data breach in the financial industry is $5.72 million, according to info from IBM. That means it’s vital for financial institutions to take precautionary measures against likely cyber threats—and to help you, we’ve compiled a list of the most common cyber attacks financial organizations face. Read the list below to learn more about how much these attacks can cost you and how you can prevent them.

Employee at financial services company after receiving phishing email
Via Pexels.

Phishing

Phishing attacks rely on fraudulent communications, usually disguised to appear as messages from key partners, clients, or other stakeholders in the organization. In the financial sector, these could appear at first glance to be emails from investors, regulators, or vendors.

Email phishing is the most common kind, where a hacker simply sends a legit-looking email to an employee at a company in an attempt to make them volunteer-sensitive information or download malicious software. But it’s also not uncommon for hackers to use fake links (HTTPS phishing) to direct victims to pages that download malware to their devices and let hackers steal data from them.

  • Cost: phishing scams cost the average large organization nearly $15 million each year.
  • Collateral damage: phishing doesn’t just cost a company money—it can also result in a loss of intellectual property, disrupt operational activities, and damage the institution’s reputation. Phishing attacks that target company leadership (called whaling attacks) can have particularly devastating consequences.
  • How can it be prevented? Improve your endpoint security. When a device on your network is compromised with malware from a phishing attack, you likely only have 10-30 minutes before it spreads to others. Our endpoint detection and response services can isolate your devices as soon as they are compromised and contain the threat until it can be dealt with.
Cartoon hands exchanging money for key over computer to represent ransomware concept

Ransomware

Ransomware is a type of malware that makes a device unusable until the victim pays a given amount of money to the hackers who control it. In a recent poll of financial organizations affected by cyber attacks, nearly 75% reported being affected by ransomware hacks.

  • Cost: in a six-month period during the previous year, the US Treasury Department’s financial crimes unit reported more than $5.2 billion in bitcoin payments related to ransomware attacks.
  • Collateral damage: ransomware can do more than make an endpoint unusable—it can also give hackers control over the data that endpoint can access. Often, the hackers will threaten to release this data unless the ransom is paid, so ransomware often creates a “Sophie’s Choice” situation where a business is forced to choose between its profits and its reputation.
  • How can it be prevented? Hackers often use phishing emails to get ransomware onto your devices, so endpoint protection is important here, too. But adding in frequent vulnerability scanning (which identifies weaknesses in your network security so they can be resolved) and an up-to-date firewall (which blocks unauthorized traffic to and from your network) also play key roles in stopping this common type of threat.
Hacker's hand on keyboard during DDoS attack
Via Pexels.

DDoS Attacks

A Distributed Denial of Service (DDoS) attack occurs when a threat actor purposefully overloads your organization’s network with traffic to disrupt normal business operations and potentially divert cybersecurity resources so that other hacks can be attempted with a greater chance of success. More than 50% of reported DDoS attacks are against financial institutions such as commercial banks and payment card processing companies.

  • Cost: most credit card companies process thousands of transactions per second, so a successful DDoS attack can cost millions of dollars in lost revenue every minute.
  • Collateral damage: during a DDoS attack, an organization’s internal cybersecurity resources are often diverted to fix the disruption in services. During this time, detection time for other threats can increase, making them more likely to succeed.
  • How can it be prevented? Knowing how to configure your firewall to block unwanted traffic can reduce the possible areas a DDoS attack can target. Virtual Armor’s managed firewall services can be configured by our experts to make these attacks as ineffective as possible against your network.
Infographic showing how LFI attacks work
Via Spanning.com.

Local File Inclusion

These attacks are among the most common kinds of web application attacks in the financial sector, making up nearly 50% of web application attacks on financial organizations in recent years. LFI attacks work by targeting web applications used by financial institutions and attempting to make them display or run files on a server—revealing sensitive data.

  • Cost: LFI attacks are often used to make other cyber crimes possible, so the exact costs involved with them can be difficult to pinpoint. However, given that they are commonly used to create data breaches and that the average cost of a data breach in the financial sector this year is $5.72 million, it’s easy to see why they represent a major threat.
  • Collateral damage: LFI attacks can open up an organization’s clients who use their web applications to Denial of Service attacks, data theft, and website defacement. LFI attacks can also lead to cross-site scripting (XSS) attacks, where malicious code is attached to a web-based application and affects every person who uses it.
  • How can it be prevented? Regular vulnerability scanning plays a vital role in identifying areas where your organization’s web applications can be compromised. Virtual Armor offers vulnerability scanning as an independent service and as part of our SOCaaS option.
Infographic showing difference between malicious insiders and inadvertent insider threats
Via Ekran.

Insider Threats

Insider threats occur when someone within your organization is responsible for a cybersecurity threat. This can happen deliberately (malicious insiders), but that’s not always the case—sometimes, employees just make mistakes or don’t have the resources to adequately protect your organization from a potential breach (inadvertent insiders).

  • Cost: the average cost of these incidents is upwards of $15 million in 2022.
  • Collateral damage: the average financial sector employee has access to over 11 million records on their first day of work. That makes the extent of the damage an internal threat can cause potentially limitless.
  • How can it be prevented? Hiring Virtual Armor to provide SOCaaS takes pressure off your existing cybersecurity team and puts the most sensitive parts of your cybersecurity infrastructure in the hands of our trained professionals. Simply put: the more of your cybersecurity we handle, the less of a risk you face from your own employees.

Protect Your Organization from Cyber Attacks

Strong cybersecurity isn’t optional for financial institutions—there’s simply too much to lose. To learn more about how Virtual Armor’s solutions can bolster your cybersecurity capabilities, contact us immediately and speak with a member of our team.

7 Common Types of Security Scans (& What They Tell You)

7 Common Types of Security Scans (& What They Tell You)

Summary of Key Points

  • The most common types of cybersecurity scans today are virus/malware scans, network port scans, penetration tests, rogue access point scans, program bug scans, vulnerability scans, and user permission-level scans.
  • These scans provide important insight and information into the state of your cybersecurity posture but do not tell the whole story on their own (solutions such as XDR are needed to tie all this data together).

In every organization with internet-facing connections – computers, tablets, smartphones, and IoT devices – it is important to monitor for vulnerabilities and sources for bad-actors to exploit.

Security scans are commonly deployed to identify vulnerabilities in an IT environment. Below you can read about seven of the most common and effective types of security scans used by industry professionals today.

If you would prefer to leave your cybersecurity efforts to the experts, as part of an ongoing managed services engagement, we run effective security and network vulnerability scans and take action to protect your systems. See all of our managed cybersecurity services.

Standard Virus & Malware Scan

Antivirus and malware scanning software is an essential component of every computer system. Virus and malware scanners represent the “cat and mouse” dynamic at play in cybersecurity most obviously: as viruses are released and infect machines, antivirus companies release updates that help their software identify and remove viruses.

Viruses and malware leave behind evidence of their presence, though what this looks like varies for each. Antivirus and antimalware software look for known signs of infection and then quarantine and clean the infected files.

Antivirus and antimalware software for business and enterprise applications offer more advanced functionality and remote management tools – critical inclusions for protecting networks and endpoints at scale.

Network Port Scanning

A network port scanner will send messages to all the ports on your system attempting to discover any open ports that could be exploited. Open ports are a major vulnerability that bad actors can use to infect systems, steal data, and much more.

Making sure that all your ports are closed and properly secured is a critical step in your data security strategy.

Penetration Scanning (Testing)

Penetration scanning, which is often called ‘pen testing’, is one of the most advanced types of security scans because it does not look at just one potential area of vulnerability.

Unlike most other security scans that run programs to simulate some type of attack, penetration testing actually has real hackers attempting to attack your system.

You (or your managed security provider) either hires a team of ethical hackers directly, or puts out a general bounty to groups of ethical hackers, to target your systems. If they are able to find any vulnerabilities, they will notify your security team of the risk so that it can be addressed.

Rogue Access Point Identification

Most systems today are going to have some type of wireless connectivity that allows laptops, smartphones, and other devices to access it.

Correctly configured private wireless networks can be quite secure (whereas public wifi networks are very much the opposite). When someone sets up a wireless access point improperly, however, it will result in an opening for attackers.

Rogue access point scans an area for any access points and confirms that they are supposed to be there while also looking at your network to see if any remote access points were set up without authorization.

Program Bug Scanning

Software is an essential component of any computer system. Even if you only purchase software from legitimate sources, it will likely contain bugs and other vulnerabilities.

Since software is regularly updated (both to add new features and address identified bugs), new bugs are often created over time. This is why scanning your software for known bugs is important.

Advanced bug scanning can even help to identify new bugs that are not yet known. If a bug in the software you use is discovered, the software can be disabled until it can be fixed.

Common Vulnerability Scanning

Common vulnerability scanning is often called brute force scanning. There are thousands of different types of known system vulnerabilities that hackers attempt to take advantage of. This type of security scan will go through and run tests against each of these known risks to see if your computer systems are at risk for any of them.

Running this type of scan on a regular basis will ensure your systems are checked for emerging threats as they become known.

User Permission Level Scanning

User permission level scanning looks for risks related to the biggest security threat all computer systems have: the end users and their devices. The most important thing any company can do to secure their network is to make sure that each user only has access to the systems they need, and only has the permissions to do the things that are required for their job.

User permission level scanning will identify all user accounts that have things like administrator level permissions to systems, or access to sensitive files or other information. The goal is to ensure that only those who actually need this type of permission have it. For highly sensitive data or systems, you can even identify the accounts that need it and require dual authentication so that no individual user can perform actions that could put the systems at risk.

Conduct a Proper Security Posture Assessment

All of the above-mentioned security scans are great tools on their own but should not be relied upon exclusively.

To ensure your systems are safe, you need to have a proper security posture assessment performed. This looks at your overall digital security strategy to ensure that it is effective against today’s ever evolving threats.

Our team at VirtualArmour can work with you to perform a comprehensive security posture assessment to help discover what you can do better to keep your environment secured.