Cyber warfare is similar to cybercrime, but it typically involves nation-states (rather than rival corporations or independent hacker groups).
Cyber warfare is not currently subject to agreed-upon rules of engagement, which means that organizations in any vertical could potentially become targets.
Managed Security Services Providers can help you assess your current posture, identify potential weaknesses, and help you fortify your defenses.
Safeguarding your organization’s digital assets used to feel as simple as hiring a few security guards and making sure all your employees knew to lock up correctly at the end of the day. However, with the internet now crucial to many critical business functions, a robust cybersecurity posture is no longer a want but a need.
As the war in Ukraine has demonstrated, even the nature of war is changing: While fighting was once constrained to the physical world, conflicts are increasingly unfolding on a digital front as well.
Like cybercrime, cyber warfare involves a cyber attack or series of attacks launched by one party and targeting one or more other parties. However, unlike traditional cybercrime, cyber warfare typically involves nation-states (rather than rival corporations or independent hacker groups) targeting other nation-states or organizations within those rival states to sow confusion and destabilize their enemies.
Cyber warfare may involve:
Stealing state secrets (including classified research)
Many cybersecurity experts consider Stuxnet to be “the world’s first digital weapon“, and this attack prompted many serious discussions about the fact that, unlike traditional warfare, whose rules of engagement are laid out explicitly in the Geneva Conventions, cyber warfare is not currently governed by any similar constraints.
The War in Ukraine May Signal the Dawn of a New Era for Cyber Warfare
According to many experts, the ongoing war in Ukraine marks a turning point in the history of cyber warfare. Russia’s invasion of Ukraine relies on both traditional military tactics and cyber warfare, which involves using digital tools to sow confusion, disseminate propaganda, damage infrastructure, dismantle government software, and carry out destructive espionage and attacks.
Microsoft’s 2022 Digital Defense Report found that 90% of Russia’s attacks during 2022 targeted NATO member countries, and 48% of those attacks targeted private IT firms based in member countries. As the war continues, Russian state hackers and state-backed organizations will likely continue to use cyber warfare to target Ukraine’s energy, transport, and digital infrastructures, potentially signaling the dawn of a new era in which civil organizations and even private companies are specifically targeted during times of war.
What Makes Cyber Warfare Different From Hacking & Other Forms of Cybercrime?
In essence, it is what motivates each of these actions that define which category a cyber attack falls under. Cyber warfare is primarily motivated by a desire for military gains, while cyber terrorism is primarily motivated by political ideology, and cybercrime is primarily motivated by a desire for personal gain (either in the form of financial gains or fame). However, the definitions of each of these attacks are not cut and dry, and some types of attacks may fall under multiple categories. Examples include a country engaged in cyber warfare spreading political propaganda to improve their international image and demoralizing their enemies or cyber terrorists engaging in ransomware attacks to fund their operations.
Should My Organization be Concerned About Cyber Warfare?
When it comes to cybersecurity, it is always better to be over-prepared than underprepared. While organizations in some verticals, such as finance, manufacturing, utilities, and healthcare, should take extra precautions due to their increased chances of being targeted, the fact that cyber warfare is not currently subject to agreed-upon rules of engagement, which means that organizations in any vertical could potentially become targets.
Safeguarding Your Organization
This section will discuss what steps all organizations should take to best prepare themselves to face a potential cyber warfare attack.
The first thing any organization should do to strengthen their security posture is create an effective incident response plan (IRP). The purpose of an IRP is to provide instructions to your workers on how to identify, respond to, and recover from, a cyberattack.
Your IRP should be a living document that is updated regularly and include:
A mission statement
Clearly defined roles and responsibilities
A list of cybersecurity or cyber warfare incidents that your team is likely to encounter
Up-to-date emergency contact information for all relevant parties
Familiarize Yourself With Common Forms of Cyberattack
Cyberattacks come in a variety of forms, and what may be unheard of yesterday may become commonplace tomorrow. By keeping up with the latest news in the cybersecurity world, you can help ensure your organization is prepared when disaster strikes.
Securing your network and other digital assets may be daunting, but your MSSP (Managed Security Services Provider) can help you assess your current posture, identify potential weaknesses, and help you fortify your defenses. As part of this process, you should:
Secure Your Network
Something as simple as a well-designed firewall can help significantly improve your defense posture. However, while an ordinary, one-size-fits-all firewall is better than no firewall at all, a managed firewall can provide better protection and more information.
A managed firewall is designed to help you keep tabs on all network activities and send out an alert if it encounters anything suspicious. A managed firewall can also be tailored to meet your organization’s unique security needs and help ensure unauthorized users are kept off your network.
Keep Your Software Up to Date
Something as simple as a software update can mean the difference between a successful attack and a thwarted one. When software companies discover vulnerabilities or problems in their products, they develop and release patches, small snippets of code designed to address the situation.
However, your organization is only protected by security patches if they are installed. Cyber warfare actors and cybercriminals are also more likely to target recently patched software since they know that not all organizations are diligent enough to install the patches immediately.
Protect Your Endpoints
Even the strongest fence is useless if you leave the gate open. If they aren’t properly protected, endpoints such as laptops, tablets, and smartphones can allow unauthorized users to access your network. Safeguarding your endpoints is particularly important in BYOD (Bring Your Own Device) settings, where employers don’t have direct control over all network endpoints.
To improve your security posture, you should ensure that all endpoints that have access to your network use multi-factor or two-factor authentication, have appropriate security software installed, and that all software is kept up to date to ensure you can benefit from all new security patches.
Implement Secure Password Guidelines
Something as simple as implementing secure password guidelines can mean the difference between a secure network and a vulnerable one. To help ensure all team members are using robust passwords, you may want to develop a password policy based on section 5.1.1.1 (Memorized Secret Authenticators) of the NIST’s password guidelines.
Limit Permissions
Access to sensitive areas of your network, such as your security settings and financial records, should be granted on a need-only basis. By not granting more expansive permissions than an employee needs to do their job, you can limit the number of individuals within your organization who have access to sensitive data.
By curtailing access, you can help ensure that if a team member’s username and password become compromised (because, for example, they fell for a phishing scam), those credentials are statistically less likely to grant unauthorized users access to sensitive information. As part of this process, you should also ensure you have a clear offboarding procedure in place for revoking former team members’ credentials so that both former employees and potential cyberattackers can’t use inactive credentials to gain unauthorized access.
Back Up Your Data Regularly
If you are targeted by a ransomware or other type of malware attack, your data may become corrupted or lost. As such, having the ability to roll back to a recent backup can help you avoid service disruptions or other problems. However, any data generated after the last backup is unlikely to be recovered if an incident occurs, which is why it is important to back up all data regularly.
Invest in Regular, Ongoing Security Training
Defending your organization against cyber warfare is everyone’s responsibility. Even the best plan is only useful if everyone understands what it is, why it’s important, and how to implement it effectively. After all, even the most studious and diligent team member won’t be able to follow your cybersecurity and cyber warfare protocols if they don’t know what they are.
To help keep your team in fighting shape, all workers from the CEO downward should receive comprehensive cybersecurity training as part of your onboarding process and undergo regular refresher training. To help ensure your training is effective, all team members should:
Understand why cybersecurity and cyber warfare defense is important
Understand what steps they need to be taking to best safeguard your organization
You may wish to consider running tabletop exercises as part of your training. Like fire drills, tabletop exercises are designed to give employees a chance to test their cybersecurity and cyber warfare defense knowledge in a safe environment. Team members are presented with a hypothetical scenario, such as a ransomware attack, and then instructed to work as a team and, with the help of your incident response plan, respond to the attack.
Once the scenario is complete, your team can sit down with your Managed Security Services Provider or in-house security team and evaluate their performance while also identifying any deficiencies in your IRP so they can be addressed. Regularly scheduled tabletop exercises can help keep digital security top of mind and ensure all workers are familiar with any changes or updates to the plan.
Stress-Test Your Defenses
Just like the best way to find out if a boat is leaking is to put it in the water, the best way to find out if there are any holes in your security posture is to put it to the test. Pen (penetration) testing involves hiring an ethical hacker to stress-test your security posture by searching for vulnerabilities and then attempting to exploit them to gain access to your network. Once the test is complete, the hacker will sit down with your team and explain what they did, what vulnerabilities they were able to discover and exploit, and what steps they suggest you take to address these security deficiencies. This information can then be used to improve your security posture through actions such as improving your cybersecurity and cyber warfare training, addressing hardware or software deficiencies, or updating company security policies.
Cyber warfare has become a serious threat, and that threat is only predicted to grow. Investing in a robust cybersecurity posture can help safeguard your digital assets and hinder the efforts of cyber warfare attackers targeting your country. Please contact our team today to learn more about which steps your organization should be taking to improve your security.
Experts agree that “cybercrime” as we understand it today originated in the 1980s.
Cybercrime has caused nearly $6 trillion in damages since the 1980s, and that figure is expected to reach $10.5 trillion by 2025
Just about every business today has been directly impacted by cybercrime of some type
Cybercrime has increased 300% since March 2020, with nearly 4.7 million instances reported in the USA in 2020 (compared with roughly 1.5 million in 2010).
Organizations in the healthcare, financial, military/government, education, and energy sectors of G20 nations are most heavily targeted by cybercriminals.
Cybercrime is a scary word—but what’s scarier is how little most people actually know about it. The way cybercrime is carried out, the wide variety of businesses it often targets, and the cost those organizations face are often unknown or ignored by the people who stand to lose the most. Learning about these details matters. Doing so can motivate you to implement an effective cybersecurity strategy for your company and protect your critical data.
As a managed security services provider, we have a unique perspective on cybercrime. Below, we’ve put together an overview of cybercrime throughout the past two decades—how it’s evolved, who it impacts, and what it can cost them. Read on to learn about key cybercrime milestones so you can take steps to give yourself a defense against present and future threats.
How Has Cybercrime Changed Over the Past 20 Years?
There’s plenty of debate about when exactly cybercrime started, but most experts agree that it caught on in the late 1980s when email became a commonly-used technology. Many early cyber crimes involved using emails to send viruses or perpetrate scams—a trend that continues today in the form of phishing.
The 1990s saw the rise of internet browsers for personal computers (remember Netscape, anyone?). With this came the ability for cybercriminals to surreptitiously direct victims to pages where they’d unwittingly reveal personal information or download viruses—often via a technique called domain spoofing.
But the dawning of the social media age in the New Millennium created a brand new world for cybercriminals to exploit. Suddenly, people all over the world were willingly placing their personal information online, and often making it visible to the public. This low-hanging fruit fed a veritable army of identity thieves, who often used their ill-gotten but poorly-protected gains to gain access to bank accounts, credit cards, and more.
Today, cybercriminals tend to think bigger—although lone-wolf “hackers” still exist, posing a real threat to individuals and small businesses. However, when cybercrime makes the news these days, stories typically focus on well-organized groups of threat actors co-ordinating large-scale attacks against major corporations or governments.
That doesn’t mean small businesses or individual entrepreneurs can afford to relax, though—as successful large-scale cyber attacks tend to have a ripple effect, impacting people and businesses along supply chains that can stretch around the world. To get a sense of how widespread these effects are, we need to look at how the number of affected businesses has grown over the years.
How Many Businesses Are Affected by Cybercrime?
The truth is, any organization (and indeed, practically any person on the planet) can be vulnerable to the effects of a cyber attack. Even if you live off the grid in a tiny home deep in the woods, the reality is that you still probably rely on food, clothing, or equipment provided by a company that uses the internet. Disruptions to that company’s operations could leave you without basic necessities.
But for our purposes, we’ll limit this investigation to the direct victims of cybercrime—the businesses that have experienced a cyberattack firsthand. While it’s impossible to obtain exact figures, we can put together a reasonable idea based on the attacks that have been discovered and reported during the past two decades.
In the Last 5 Years
According to the FBI, reported cybercrime has gone up by 300% since the start of the COVID-19 pandemic alone. While certain forms of cybercrime (like ransomware) have actually decreased during this period, total cybercrimes are very much on the rise as both easier and more advanced methods have become increasingly common.
In the Last 10 Years
The Consumer Sentinel Network releases annual findings that contain details on cybercrime reports in the US. The total number of reports in 2010 was 1,470,306, which jumped to 4,720,743 by 2020—over 3.2 times as many documented incidents of fraud, identity theft, and other cybercrimes.
In the Last 20 Years
It’s impossible to say exactly how many cybercrimes took place in the 1980s and 1990s, since many took place before systems were in place to monitor them properly. But going back to the Consumer Sentinel Network report for 2006 shows just 670,000 reported incidents of fraud and identity theft—a clear sign that the number has ballooned over time.
What Are the Costs of Cybercrime?
The quantity of cybercrimes alone isn’t enough—it’s vital to know how much they can cost you as well. Let’s take a look at the available data.
In the Last 5 Years
Cybercrime caused a total of $6 trillion in damages around the world by the end of last year—and that number is expected to jump to $10.5 trillion by 2025.
In the Last 10 Years
The previous decade saw much lower costs associated with cybercrime. For example, in 2011, the Norton Cybercrime Report estimated the total costs—including the value of lost time—to be no more than $388 billion.
In the Last 20 Years
Hard data estimating global losses from cybercrime in the early days of the internet is difficult to come by—but archived news reports from those years often list figures in the tens of millions. The fact that these (relatively) small numbers were so notable in the 1980s and 1990s is a testament to how aggressively the costs of cybercrime have grown in the years since.
What Types of Businesses Are Most Vulnerable to Cybercrime?
As noted earlier, every organization and individual can be a victim of cybercrime—but some are more likely to be attacked than others. The rule of thumb here is: the more you have to lose and the easier it is to steal, the more overall risk you face.
Remember: the goal of most cybercriminals is to steal as much as they can with the lowest possible cost. There are exceptions—such as when cybercrime is used by terrorists, state-sponsored hackers, or other politically-motivated parties. However, the majority of targets are selected for the potential payoff they represent and the ease with which they can be breached.
Organizations in G20 countries face the highest amount of risk. The industries most often attacked include the healthcare, financial, military/government, education, and energy sectors.
Cybercrime vs. Traditional Crime: Finding the True Cost
As for the cost of cybercrime? Well, let’s take our number from earlier—$6 trillion in damages around the world by 2022. Divide that by the roughly 7.5 billion people who live on earth, and you get $800. That’s assuming the burden is shared equally, which we know it isn’t. If you live in a G20 country, you’re probably paying a lot more.
Knowing that, it’s vital to ensure you and your organization are as well-protected from cybercrime as possible. Get help establishing and maintaining a cybersecurity posture you can count on when you contact us and speak with an IT expert who can help you find peace of mind.
Nearly half of all data breach incidents target retailers, and nearly 20% of customers say they’ll stop shopping at companies that let themselves get hacked—which makes cybersecurity a vital priority for these types of businesses.
Common cyberattacks targeting retail businesses include phishing, credential stuffing, attacking IoT endpoints, supply chain attacks, and APTs.
By investing in cybersecurity services like endpoint detection & response and vulnerability scanning, retail businesses can better protect themselves and their customers.
When it comes to cyber attacks, retail businesses face a different kind of risk than companies in other high-vulnerability sectors like healthcare and financial services. That’s not just because 45% of all data breach incidents target retailers, according to some sources—major retail businesses are also more public-facing than other kinds of companies, which means successful cyberattacks that target them can easily become front-page news.
It’s common knowledge that cybersecurity breaches erode public trust in retail businesses. According to one study, nearly 20% of consumers say they’ll stop shopping at a company entirely if they find out a breach has taken place there. With numbers like that, learning about common cybersecurity threats to retail companies and how to prevent them is vital to the health of your business. Below, we’ve outlined 5 of the most common and provided examples.
Phishing Scams
We write about phishing scams a lot, because they’re incredibly common and they target businesses in every industry. However, the retail sector is the top target of phishing attacks worldwide. These scams often appear as messages in the form of emails or texts—trying to get someone at the business to reveal sensitive information unsuspectingly.
Phishing emails often appear to come from an organization’s vendors, partners, investors—or even customers. Typically, they either ask for the information in question or encourage the recipient to click on a link (which is called HTTPs phishing), which leads to a page that downloads malware onto their devices or lets hackers access their data.
Cost: the average large organization loses nearly $15 million to phishing scams each year.
Collateral damage: in addition to costing a company money, phishing can lead to a loss of proprietary information and disrupt business activities. High profile cases can also be incredibly damaging to a company’s reputation.
How can it be prevented? Investing in your endpoint security is one of the best ways to strengthen your network against phishing attacks, since many aim to infect access points to your network with malware. Our endpoint detection and response protection allows you to isolate compromised devices and prevent any malware on them from spreading.
Stolen Customer Information
Many phishing emails are easily identifiable because they come from email addresses or phone numbers that are obviously suspect—mispelled or unintelligible domain names or offshore area codes are common giveaways. But sometimes, hackers who have successfully stolen a customer’s identity can use it to wreak havoc on a business.
One of the most common ways hackers do this is to contact a business with a customer’s personal information, posing as the person in question, before requesting financial details—such as payment card data. Once they have successfully obtained this information, they can sell it to other bad actors, making more money and increasing the customer’s vulnerability.
Using customer information in ways that impact a business doesn’t always rely on human error. In many cases, hackers use large amounts of stolen customer information to access the networks of retail targets directly (called credential stuffing)—which makes threat detection and response all the more important.
Cost: Retail businesses often face multimillion dollar class-action lawsuits when customer data has been hacked on a large scale. In one particularly famous example, T-Mobile lost $350 million settling investigations resulting from a breach that affected the personal data of nearly 80 million customers across the United States.
Collateral damage: The reputational damage a widespread leak of customer information can cause is devastating. Even companies that beat class-action lawsuits related to stolen data face scrutiny in major media outlets, which can haunt them and taint their relationships with customers for years to come.
How can it be prevented? Cybersecurity training for all employees with access to customer information is a vital part of minimizing the risk that it will be shared with bad actors. Meanwhile, investing in routine vulnerability scanning for your business can alert you to security gaps that could be exploited when hackers are going for your network directly.
Attacks on IoT Technologies
The use of wireless and contactless technology to process retail transactions has increased exponentially since the COVID-19 pandemic. While contactless payment via Square Terminals and similar technology improves human health and increases short-term convenience, these devices can also be vulnerable to cyberattacks.
In 2020, for example, it was found that malware could easily be written onto Point of Sale devices made by Verifone and Ingenico, allowing them to be used to steal payment card information from anyone who used them. Worse yet, this process could be completed in less than 10 minutes.
Cost: The potential cost of a widespread cyberattack on the IoT devices retail companies use to process payments is incalculable. The annual value of transactions made with mobile PoS systems is expected to reach $2.88 trillion in 2022.
Collateral damage: When PoS systems are compromised, so are business operations. Not only do these hacks cause widespread erosion of public trust; they halt sales as well.
How can it be prevented? Endpoint protection services can make your IoT devices, including PoS systems, considerably less vulnerable to malware. It’s also a good idea to consider SOC as a service, which allows you to support your in-house cybersecurity team with help from dedicated and heavily-vetted third party experts.
Supply Chain Attacks
Increasingly, hackers aren’t going after major retailers directly. Instead, they’ll attack vendors elsewhere in a retail company’s supply chain, counting on these organizations to have more vulnerable networks and then using their access to get inside the real target.
But attacks on a given business can affect retailers in its supply chain unintentionally, too—take the example of this Toronto Cannabis store that lost thousands after the logistics company it depended on for product delivery was incapacitated by a cyberattack in August 2022. In this case, even though the retailer wasn’t the target, its operations were severely disrupted.
Cost: Global supply chain issues cost companies $184 million every year, according to recent research—much of which is related to cybersecurity breaches.
Collateral damage: Not only can supply chain attacks have significant up-front costs; they can easily damage your business’ relationships with partners and suppliers.
How can it be prevented? Having a robust and consistent incident response process can help you respond to supply chain attacks quickly and mitigate the damage they’re able to do.
Advanced Persistent Threats (APTs)
Unlike other attacks mentioned in this article, which typically operate according to a “get in and get out” philosophy, APTs rely on sustained and undetected access to a company’s network. Usually conducted by well-coordinated groups with extensive resources (like state-sponsored hackers), these types of attacks are intended to steal information from a target over long periods of time.
While many APTs are aimed at governments, large retail corporations are also prime targets. As retail businesses widen their potential attack surface by relying more on cloud-based services and complex IT stacks, it becomes harder to identify and respond effectively to these attacks.
Cost: A group like APT38 (which specializes in these types of attacks) creates damages worth over $41 million on average when an attack is successful.
Collateral damage: An APT is like a disease that slowly spreads throughout an organization’s network. Because APT attacks often take place over months (or even years), the damage they can do within organizations they infiltrate can be extremely widespread.
How can it be prevented? Managed SIEM solutions can provide swift and ongoing identification, detection, and resolution of your security alerts. This makes it more likely that APTs will be flagged and dealt with before the threat actors behind them have a chance to complete their work.
Keeping Your Retail Business Safe from Cyber Threats
Whether your retail business is large or small doesn’t matter—you owe it to yourself, your customers, and your stakeholders to make cyberattacks as difficult as possible for the people who might want to carry them out. Find out how Virtual Armor’s services can improve your cybersecurity posture when you contact us for more information.
The financial services industry faces significant pressure from a cybersecurity perspective
The top cyber attacks in the financial industry include phishing, ransomware, DDoS attacks, local file inclusion, and insider threats (users or employees)
Being proactive to prevent these types of attacks from taking place is critical
The financial industry suffers from more cyber attacks than any other, and that should come as no surprise. After all, cyber attacks are normally motivated by one of two factors: gaining maximum profits or inflicting maximum damage. Targeting a financial institution responsible for massive quantities of private, corporate, or even public funds—like a bank or an insurance company—is an effective way to do both. No wonder the industry now experiences an average of one cyber attack every 10 seconds.
The costs of these attacks are often severe, too. The average cost of a data breach in the financial industry is $5.72 million, according to info from IBM. That means it’s vital for financial institutions to take precautionary measures against likely cyber threats—and to help you, we’ve compiled a list of the most common cyber attacks financial organizations face. Read the list below to learn more about how much these attacks can cost you and how you can prevent them.
Phishing
Phishing attacks rely on fraudulent communications, usually disguised to appear as messages from key partners, clients, or other stakeholders in the organization. In the financial sector, these could appear at first glance to be emails from investors, regulators, or vendors.
Email phishing is the most common kind, where a hacker simply sends a legit-looking email to an employee at a company in an attempt to make them volunteer-sensitive information or download malicious software. But it’s also not uncommon for hackers to use fake links (HTTPS phishing) to direct victims to pages that download malware to their devices and let hackers steal data from them.
Cost: phishing scams cost the average large organization nearly $15 million each year.
Collateral damage: phishing doesn’t just cost a company money—it can also result in a loss of intellectual property, disrupt operational activities, and damage the institution’s reputation. Phishing attacks that target company leadership (called whaling attacks) can have particularly devastating consequences.
How can it be prevented? Improve your endpoint security. When a device on your network is compromised with malware from a phishing attack, you likely only have 10-30 minutes before it spreads to others. Our endpoint detection and response services can isolate your devices as soon as they are compromised and contain the threat until it can be dealt with.
Ransomware
Ransomware is a type of malware that makes a device unusable until the victim pays a given amount of money to the hackers who control it. In a recent poll of financial organizations affected by cyber attacks, nearly 75% reported being affected by ransomware hacks.
Cost: in a six-month period during the previous year, the US Treasury Department’s financial crimes unit reported more than $5.2 billion in bitcoin payments related to ransomware attacks.
Collateral damage: ransomware can do more than make an endpoint unusable—it can also give hackers control over the data that endpoint can access. Often, the hackers will threaten to release this data unless the ransom is paid, so ransomware often creates a “Sophie’s Choice” situation where a business is forced to choose between its profits and its reputation.
How can it be prevented? Hackers often use phishing emails to get ransomware onto your devices, so endpoint protection is important here, too. But adding in frequent vulnerability scanning (which identifies weaknesses in your network security so they can be resolved) and an up-to-date firewall (which blocks unauthorized traffic to and from your network) also play key roles in stopping this common type of threat.
DDoS Attacks
A Distributed Denial of Service (DDoS) attack occurs when a threat actor purposefully overloads your organization’s network with traffic to disrupt normal business operations and potentially divert cybersecurity resources so that other hacks can be attempted with a greater chance of success. More than 50% of reported DDoS attacks are against financial institutions such as commercial banks and payment card processing companies.
Cost: most credit card companies process thousands of transactions per second, so a successful DDoS attack can cost millions of dollars in lost revenue every minute.
Collateral damage: during a DDoS attack, an organization’s internal cybersecurity resources are often diverted to fix the disruption in services. During this time, detection time for other threats can increase, making them more likely to succeed.
How can it be prevented? Knowing how to configure your firewall to block unwanted traffic can reduce the possible areas a DDoS attack can target. Virtual Armor’s managed firewall services can be configured by our experts to make these attacks as ineffective as possible against your network.
Local File Inclusion
These attacks are among the most common kinds of web application attacks in the financial sector, making up nearly 50% of web application attacks on financial organizations in recent years. LFI attacks work by targeting web applications used by financial institutions and attempting to make them display or run files on a server—revealing sensitive data.
Cost: LFI attacks are often used to make other cyber crimes possible, so the exact costs involved with them can be difficult to pinpoint. However, given that they are commonly used to create data breaches and that the average cost of a data breach in the financial sector this year is $5.72 million, it’s easy to see why they represent a major threat.
Collateral damage: LFI attacks can open up an organization’s clients who use their web applications to Denial of Service attacks, data theft, and website defacement. LFI attacks can also lead to cross-site scripting (XSS) attacks, where malicious code is attached to a web-based application and affects every person who uses it.
How can it be prevented? Regular vulnerability scanning plays a vital role in identifying areas where your organization’s web applications can be compromised. Virtual Armor offers vulnerability scanning as an independent service and as part of our SOCaaS option.
Insider Threats
Insider threats occur when someone within your organization is responsible for a cybersecurity threat. This can happen deliberately (malicious insiders), but that’s not always the case—sometimes, employees just make mistakes or don’t have the resources to adequately protect your organization from a potential breach (inadvertent insiders).
Cost: the average cost of these incidents is upwards of $15 million in 2022.
Collateral damage: the average financial sector employee has access to over 11 million records on their first day of work. That makes the extent of the damage an internal threat can cause potentially limitless.
How can it be prevented? Hiring Virtual Armor to provide SOCaaS takes pressure off your existing cybersecurity team and puts the most sensitive parts of your cybersecurity infrastructure in the hands of our trained professionals. Simply put: the more of your cybersecurity we handle, the less of a risk you face from your own employees.
Protect Your Organization from Cyber Attacks
Strong cybersecurity isn’t optional for financial institutions—there’s simply too much to lose. To learn more about how Virtual Armor’s solutions can bolster your cybersecurity capabilities, contact us immediately and speak with a member of our team.
Malware is software designed to steal data, damage equipment, or spy on users.
Viruses infiltrate a program or device and then spread across a network.
Worms are viruses that self-replicate and spread without human action.
Trojans disguise themselves as legitimate code or software, but allow attackers to carry out the same actions as authorized users.
Ransomware restricts access to a device and gives control of it to an attacker unless a sum of money is paid to them.
Malicious Adware uses ads to lure users to download other types of malware or visit sites that will automatically infect their devices.
Malvertising is similar to malicious adware, but is delivered through a compromised website and only affects users while they are visiting it.
Spyware is malware designed to gather a user’s data without their consent or knowledge.
In the internet age, organizations in all verticals are increasingly relying on digital tools to get the job done. From seemingly mundane tools such as email and digital calendars to highly specialized programs, more work than ever relies on digital and internet-connected tools, including the cloud. Unfortunately, this rapid increase in digital interconnectivity has brought with it a sharp rise in digital crime, including the distribution of malware.
Malware, short for malicious software, is a general term that encompasses a wide variety of malicious programs designed to steal sensitive data, damage equipment, or spy on unsuspecting users. In this article, we will discuss seven of the most common types of malware:
Viruses
Worms
Trojans
Ransomware
Adware
Malvertising
Spyware
2021 Saw An Alarming Increase in Ransomware & This Trend is Likely to Continue
According to a joint cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and the NSA, and in partnership with the Australian Cyber Security Centre (ACSC) and the United Kingdom’s National Cyber Security Centre (NCSC-UK) 2021 saw the continuation of several alarming cybercrime trends, and found that “Ransomware [a type of malware] groups are having an increasing impact thanks to approaches targeting the cloud, managed service providers, industrial processes and the software supply chain” and that “More and more, ransomware groups are sharing victim information with each other, including access to victims’ networks.”
The advisory also reported that the ransomware market, in particular, is becoming increasingly “professionalized”, with more criminals relying on cybercriminal services-for-hire to attack targeted organizations.
The 7 Most Common Types of Malware (& How They Can Impact Your Organization)
1. Viruses
Computer viruses are a form of malware designed to infiltrate one program or machine and then spread to other systems, much like the viruses that target the human body. As it spreads, the virus wreaks havoc on business activities by encrypting, corrupting, deleting, or moving data and files or launching DDoS or ransomware attacks on other connected machines.
Viruses are particularly insidious because they may remain dormant for a set period, allowing the virus to spread to as many machines and devices as possible before launching the attack. Viruses may be delivered via email or inadvertently downloaded from infected or malicious websites and can also be delivered via physical media such as USB drives. Cybercriminals may leave infected USB drives in lobbies or parking lots, hoping that a worker will pick them up and plug them into their network-connected computer.
Unlike worms (discussed below), computer viruses must be embedded in a host program and often remain dormant until they are activated by unsuspecting users, such as when a user plugs an infected USB drive into their machine, opens an infected file, or clicks on a malicious URL.
2. Worms
Worms are similar to viruses, but they do not require human action to infect, self-replicate, and spread to other machines. As soon as the system is breached, worms can infect both the entry point machine and spread to other machines and devices on the network unaided by humans.
Worms rely on network vulnerabilities, such as unpatched operating systems, weak email security protocols, and poor internet safety practices. Originally, the goal of most worms was to damage system resources to hinder performance. However, modern worms are often designed to steal or delete files and are typically deployed against email servers, web servers, and database servers.
The Stuxnet attack is a particularly devastating example of a worm at work. This attack targeted operations technology systems involved in uranium enrichment and impacted organizations across Iran, India, and Indonesia.
3. Trojans
A trojan is a type of malware that has disguised itself as a piece of legitimate code or software. Once an unsuspecting user grants the trojan network access, it allows attackers to carry out the same actions as legitimate users, including exporting or deleting files, modifying data, and otherwise altering the contents of the infected device. Trojans are designed to appear innocuous and are often found in downloads for games, apps, tools, or even software patches.
Many trojans rely on phishing, spoofing, or other social engineering attacks to trick users into granting them network access, but this is not always the case. Though trojans are occasionally referred to as trojan viruses or trojan worms, these terms are not strictly correct: unlike viruses, trojans cannot self-replicate, and unlike worms, they cannot self-execute. All trojans require specific and deliberate user actions to spread, such as convincing a colleague to try out this great new productivity app or download this fun game onto their work phone so you two can play together on your lunch break.
4. Ransomware
Ransomware is one of the most common and widely discussed forms of malware, and for a good reason. According to a cyber threat bulletin from the Canadian Centre for Cyber Security, 2021 saw the average recovery cost from a ransomware attack more than doubled between 2020 and 2021, from $970,722 CAD (roughly $757,852 USD as of the writing of this article) in 2020 to $2.3M CAD (roughly $1,795,380 USD) in 2021. The same bulletin revealed that the increased impact and scale of ransomware operations between 2019 and 2020 was largely fuelled by the “professionalization” of ransomware and the growth of the ransomware-as-a-service (RaaS) model, which involves less-technically-savvy criminals hiring skilled attackers to distribute ransomware campaigns, with attackers being paid a percentage of the victim’s ransom payment.
Ransomware is focused primarily on financial gain and is designed to encrypt files on an infected machine and hold them hostage until a ransom is paid. With the invention of cryptocurrencies such as Bitcoin, which don’t rely on a central authority such as a bank and are therefore more difficult for law enforcement to trace, has made it easier than ever for attackers to extort victims.
Ransomware frequently relies on social engineering to manipulate unsuspecting users into downloading infected email attachments or clicking on URLs from untrustworthy sources. Once a device is infected, the program typically creates a back door, which allows the attackers to covertly access the device and begin encrypting files while locking owners and other legitimate users out.
Even if your organization decides not to pay the ransom, you may still suffer financial loss. Employees who can’t access their work devices aren’t likely to get much work done, and your IT team and other technical specialists may need to be pulled away from other critical tasks to deal with the crisis. Depending on the nature of your business, even a few hours of downtime can have devastating consequences, as highlighted by the now-famous WannaCry attack that targeted the United Kingdom’s National Health Service (NHS) in 2017. The attack rendered the IT systems of hospitals and doctor’s surgeries inaccessible, which compromised medical care and put patient lives at risk. The attack knocked CT scanning facilities and MRI machines offline and left healthcare professionals unable to access vital data, including digital patient health records.
5. Malicious Adware
Adware, also called advertising-supported software, is legitimate software that is designed to display ads to a user when they are online, thereby generating revenue for the website’s owner. Though it is not inherently malicious, it can be used for malicious purposes.
While most legitimate organizations will carefully vet what sort of advertisements they allow to appear on their website (to ensure they don’t accidentally damage their brand by serving hateful or controversial content or drive business away by showing competitor ads), not all businesses are as meticulous as they should be. Cybercriminals may use malicious ads to trick unsuspecting users into downloading malware when they click on the ad or may use pop-ups, pop-unders (where the pop-up is intentionally hidden from view by the active window), or permanent windows that allow for drive-by downloads (where a user’s device becomes infected with malware simply by visiting the site). Malicious ads may also preemptively block antivirus programs from opening, further weakening your organization’s defenses.
6. Malvertising
Malvertising (malicious advertising) is similar to malicious adware. One key difference is that adware only targets individual users and relies on infected digital ads served via unsuspecting websites. Once a device is infected, adware operates continuously on that device unless actively removed. On the other hand, malvertising is served by the compromised web page itself (not via third-party adware programs) and only affects users while they are on the infected web page.
Like malicious adware, malvertising may take advantage of browser vulnerabilities to deploy drive-by-downloads. However, because the entire webpage (and potentially the entire website) is compromised, it can also forcibly redirect users away from the legitimate site to a malicious one or display advertising, malicious content, pop-ups, or pop-unders that the website’s owners did not intend to display. In the case of a forcible redirect, users may be brought to a different site infested with drive-by download malware (allowing attackers to compromise multiple sites and simply redirect them to the malicious site) or direct users to a site that looks almost exactly like the legitimate site as part of a wider phishing scam and attempt to trick unsuspecting users into handing over private information such as banking details or login credentials.
Malvertisements Cost Organizations More than Just Revenue & Site Traffic
While redirecting users to a different site impacts both website traffic and can compromise revenue streams, these are hardly the only potential costs. Website publishers may suffer reputational damage (since users are less likely to trust compromised organizations with their personal information going forward) and may be found legally liable for any damage suffered by users visiting their website.
7. Spyware
Spyware differs from the other forms of malware we have discussed so far in that its goal is not to extort funds, steal sensitive files, or damage files but instead to, as the name suggests, spy on you and your organization. Spyware is designed to gather data without your consent and forward it to a third party.
Spyware can also refer to legitimate software installed by companies to monitor their workforce or programs, such as tracking tools embedded in websites that you visit that are used for advertising purposes. However, we will be focusing on malicious spyware deployed by cybercriminals against unsuspecting targets such as businesses so they can profit from stolen data, including proprietary data and usernames and passwords (obtained via keylogging software).
Malicious spyware is a type of malware that has been installed without your informed consent and is designed to monitor your activities and capture personal, confidential data, often via keystrokes, screen captures, and other types of tracking tools. This stolen data is then aggregated and either used by the party that gathered it or sold to other parties.
Malicious spyware is typically interested in confidential information such as:
Login credentials
Credit card numbers
Account PINs
However, it will also monitor your keyboard strokes, track your browsing habits, and harvest email addresses (including your own and those of the people and organizations you are corresponding with).
Unlike ransomware, spyware goes out of its way to remain undetected and obscure its activities. Spyware often embeds itself in other programs that users are likely to intentionally download and install, such as bundleware (bundled software packages), without the knowledge or consent of the company that is offering the legitimate software.
However, sometimes companies will purposefully embed spyware in their bundleware while describing and requiring you to agree to the spyware in the license agreement without explicitly using the term “spyware”, tricking users into voluntarily and unknowingly infecting their devices. Spyware can also infect devices using similar methods to other malware, including via compromised websites or malicious attachments. Trojan malware and malicious adware may also both include spyware.
Spyware can wreak havoc on any business environment, allowing cybercriminals to better:
Steal data
Commit identity fraud
Damage computers
Disrupt business operations
Safeguarding Your Business From Malware
There are a few steps you can take to safeguard your organization against malware. These include:
Avoid Abandoned USBs
Attackers will often leave infected USB drives in publicly accessible places such as lobbies or parking lots in the hopes that some unsuspecting employee will pick it up and plug it into their machine. Should you come across an abandoned USB drive, you should report it to security and then hand the USB drive over to your cybersecurity team for further analysis and proper destruction.
Keep Your Software Up to Date
Software developers frequently release security patches, small programs designed to address known flaws and improve security. However, your organization can only take advantage of these improvements if the security updates are installed.
Invest in Antivirus Software
While antivirus software may not seem cutting edge anymore, it still plays a critical role in any cybersecurity strategy.
Think Before You Click
While most email providers include built-in antivirus scanning that flags potentially harmful attachments or links, it never hurts to be cautious. If you encounter a suspicious link or file, do not open it. Instead, you should forward the email to your cybersecurity team for further analysis. If the email is purportedly from someone you trust (such as your company’s bank or your boss) but seems suspicious, you should reach out to that person independently to verify that they are the real sender. You should also carefully read the sender’s email address on any email you receive.
For example, if your boss Jennifer Smith usually emails you from her work email (jennifersmith@yourcompany.com), but this email is from a different address, such as jenniferesmith@yourcompany.org or [email protected], you should not reply to the email, but should instead reach out to your boss independently to verify that she sent the email. This is particularly important if the sender is asking you for sensitive or personal information, such as banking details or your password, or asking you to do something unusual, such as purchase a large number of gift cards or make changes to company banking details.
If someone sends you a URL, make sure you read it carefully. While you may be expecting a URL that directs you to www.yourbank.com and instead see www.yourbaank.com (note the extra ‘a’), you should once again independently verify that the sender is who they say they are before taking any action or handing over any information. It’s always better to spend a bit of time verifying than rush and take actions that could potentially compromise the safety and security of your organization.
Invest in Cybersecurity Training for All Employees
Even the most comprehensive and robust cybersecurity incident response plan and cutting-edge cybersecurity infrastructure depends on educated users for maximum efficacy. Ensure all employees undergo cybersecurity training as part of your onboarding process and periodically receive additional training.
Only Buy Devices from Trusted, Reputable Sources
While it may be more budget-conscious and environmentally friendly to purchase gently used devices, second-hand devices may offer more than you bargained for in the form of pre-downloaded malware. If you still intend to purchase second-hand equipment, make sure you do so from a trusted, authorized retailer of pre-owned devices and audit each item thoroughly for suspicious programs before connecting it to your network.
Opt for the Paid Version
One of the easiest ways to avoid falling victim to malicious adware is to opt for the paid, ad-free version of the software you are using whenever possible. Most organizations that offer premium subscriptions to otherwise ad-supported free products do not serve ads to premium users, so opting for the paid version can dramatically reduce your attack surface.
Vet Ads Partners Carefully to Avoid Malvertisement
Ad networks serve users ads from millions of advertisers, and most rely on real-time bidding, which means the ads shown on a website are constantly changing. This can make it difficult, if not nearly impossible, for individual website publishers to separate malicious ads from innocent ones. As such, it falls primarily on the ad provider to carefully vet ads, so it is critical that all website publishers choose their advertising partners with care.
Be Cautious About Cookies
With GDPR compliance affecting more organizations each day, almost all websites now ask users for their explicit permission before creating cookies. Cookies are considered by some to be a form of spyware, so make sure you only accept cookies from trusted sites and consider limiting your permission to essential cookies only.
Consider Using an Anti-Tracking Browser Extension
Not all of your browsing activities need to be tracked by third parties, whether for legitimate means like advertising or otherwise. Anti-tracking tools can allow you to better opt-out of omnipresent tracking, which helps keep your browsing activities and data private.
Apps are an increasingly common delivery mechanism for malware, particularly spyware. Before you download an app, make sure that you trust the company that developed it.
Limit App Permissions
A troubling trend in the app space is apps that ask for more generous permissions than they require. Many apps ask to access your microphone, camera, or location data without justifying why they need this information. To avoid handing over more data than you need or want to, you should regularly review your app permissions and ensure your current settings reflect your actual preferences.
Nothing is Ever Really Free
As the old saying goes: if something is free, it’s because you are the product, not the customer. While sometimes free can mean a limited-time trial that allows prospective customers to try out the product for themselves, it can also mean that its creator is profiting off of the data you generate. Before you start using new software, make sure you take the time to read through the terms of use and only agree to them if you understand and accept them.
Are You Concerned About Malware? VirtualArmour is Here to Help!
While it may feel like malware is lurking around every corner, there are concrete steps you can take to better safeguard your organization and its data. In addition to the advice above, you should also consider partnering with a trusted MSSP like VirtualArmour. With offices in both Denver, Colorado, and Middlesbrough, England, we are able to offer live, 24/7/365 monitoring as well as industry-leading response times.
The cybersecurity experts at VirtualArmour have extensive experience working with organizations in a variety of verticals, including healthcare, finance, retail, and energy and are also familiar with the unique needs of service providers and offer tailored plans based on your level of need, including essential services, premium services, and one-time consults. We offer a wide selection of cybersecurity services, including:
The war in Europe has devastating physical consequences, but it’s also being conducted in cyberspace. Cyberattacks have already targeted Ukraine’s Defense Ministry and numerous banks. Accusations that Russia is engaging in cyberattacks stretch back years—to at least 2014, when Russia invaded the Crimea.
Attacks by state sponsored threat actors could have consequences for businesses and other organizations in countries allied with Ukraine.
In the US, the Cybersecurity and Infrastructure Security Agency has warned that businesses “large and small” should prepare themselves for disruptive cyber activity.
Types of attacks businesses might face include the use of Advanced Persistent Threats (APTs), malware, ransomware, DDos, and various network security attacks.
Organizations are urged to follow the advice of their national cybersecurity authorities, establish relationships with local governments in areas where they operate, and build trust between organizations via overcommunication, honesty, transparency, diligence, willingness to listen, and consistent actions.
Proactively requesting information from threat intelligence partners, having a robust incident response plan, safeguarding endpoints and more can all reduce your risk of being affected by cyberattacks.
Virtual Armor can provide effective services for businesses who want to improve their cybersecurity posture, including Managed SIEM, Managed Infrastructure & Firewall services, Vulnerability Scanning, and SOCaaS (Security Operations as a Service).
The Russian invasion of Ukraine has shocked the world, driving millions from their homes as they seek safety. However, in the internet age, wars aren’t fought in the physical world alone, and cyber warfare has become an increasingly serious threat.
The Invasion of Ukraine is Already a Cyberwar
Though most of the news coverage of the situation focuses on developments in the physical world, early cyber skirmishing has already begun. Cyberattacks have recently targeted the Ukrainian defense ministry, and two banks in what the country’s deputy prime minister stated is the largest attack of this type ever seen in the country.
While the Kremlin has denied they are behind the denial of service attacks, the disruption has brought concerns about the threat of cyberconflict into the spotlight. Ilya Vitayuk, the cybersecurity chief of Ukraine’s SBU intelligence agency, has stated that it is still too early to definitively identify the perpetrators behind the attack. This is because, as with most cyberattacks, the perpetrators worked hard to cover their tracks. However, he also added, “The only country that is interested in such … attacks on our state, especially against the backdrop of massive panic about a possible military invasion, the only country that is interested is the Russian Federation.”
Cyberattacks, even those specifically targeting Ukraine, could seriously impact the United States.
In response to the invasion of Ukraine, CISA (Cybersecurity and Infrastructure Security Agency) has issued a statement. Entitled Shields Up, it states (as of the writing of this article):
“While there are no specific or credible cyber threats to the US homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region. Every organization—large and small—must be prepared to respond to disruptive cyber activity. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber-attacks. When cyber incidents are reported quickly, we can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack.”
However, as the Shields Up announcement indicates, cyberwarfare concerns are not contained to the national and international stage. Organizations of all sizes and in all verticals need to be taking appropriate steps to proactively safeguard their digital assets.
What Sort of Cyberattacks Should We Anticipate?
While we have no way of knowing exactly what sort of attacks the cyber warfare front of the Ukraine-Russia conflict will bring, we can look to a history of previous international attacks for guidance. According to Forbes, organizations should be prepared to handle:
Advanced Persistent Threats (APTs)
APTs is a broad term used to describe any attack campaign where an attacker, or group of attackers, establishes an illicit, long-term presence on a network in order to covertly mine highly sensitive data. Most intrusions of this nature that target private companies tend to focus on the theft of intellectual property, compromising sensitive data (such as employee or private user data), sabotaging critical infrastructure (such as deleting database data), or taking over websites with a goal of illegal financial enrichment, the strategies deployed against private companies can be used against nations and companies alike.
With cyber warfare on our doorstep, now is the time to batten down the hatches and strengthen your cybersecurity posture. By improving your overall security posture, you can proactively guard against ATPs by making it difficult for intruders to infiltrate your network in the first place, preventing them from establishing a covert, long-term presence.
Malware
Malware refers to any form of malicious software, typically spread by infected email attachments and suspicious website links deployed as part of phishing scams. While most email providers automatically filter out suspicious messages, one of the best steps organizations can take to improve their cybersecurity posture is to invest in employee cybersecurity training.
Cybersecurity is everyone’s responsibility, from the CEO down to the summer intern. Teaching workers to identify and report suspicious activities can stop an attack before it even begins, so all team members should receive robust cybersecurity training as both part of their onboarding process and on an ongoing basis.
Ransomware
Ransomware is a subset of malware, which uses malicious code to encrypt files and prevent legitimate users from accessing data or systems on either their individual machine or the organization’s network.
DDoS
DDoS (Distributed Denial of Service) attacks are attempts to crash a web server or other online service by flooding the supporting infrastructure with more traffic than the network can reasonably handle.
This type of attack can be instigated by either a large group of attackers working together or a single attacker with a sufficiently large botnet (connected computers performing repetitive tasks as directed by the user in charge). The goal of DDoS attacks is to overload the server, forcing it offline and preventing legitimate users from accessing the organizations’ products or services.
Network Security Attacks
Network security attacks is an umbrella term for attacks aimed at disrupting an organization’s network and system for a variety of reasons, including causing service disruptions, stealing data, or corrupting files. While this is often done for financial gain, in the case of the cyberwarfare front of Russia’s attack on Ukraine, it is likely to be for political or military gain.
To help safeguard themselves from these types of attacks, organizations should be taking proactive steps to safeguard their networks from network breaches.
What Steps Should Your Organization Be Taking to Best Safeguard Your Digital Assets
Follow All Current Advice From Your National Cybersecurity Authority
The situation, both on the ground in Ukraine and in the digital sphere, is continually evolving, with new threats always on the horizon. To best safeguard your organization, it is vital to stay up to date on the situation and follow the current advice of your national cybersecurity authority.
In the European Union, organizations should follow the advice of ENISA (the European Union Agency for Cybersecurity).
Establish A Relationship With Local Governments in Jurisdictions Where Your Company Operates
In the United States, InfraGard is responsible for coordinating information sharing between critical infrastructure providers.
Organizations operating in the United Kingdom should review information provided by NCSC’s Critical National Infrastructure hub.
Organizations in the European Union should speak to their local CSIRT (Computer Security Incident Response Team) and CERT (Computer Emergency Response Teams) contacts. A full list of these can be found here.
In Germany, the BSI (Federal Office for Information Security) has released several cybersecurity warnings related to the situation. Current security warnings can be found here.
Even the most comprehensive, best-designed cybersecurity strategy can be easily undermined if your organization lacks interdepartmental trust. A solid relationship between stakeholders and your security team is critical if you want to keep your organization secure.
Clear, concise, focused, and on-point communication is critical, and there is no such thing as too much information. Too many stakeholder-security team conflicts are rooted in a lack of communication, miscommunications, or misunderstandings. Opening the lines of communication, and keeping them open, is an excellent way to build trust.
Honesty & Transparency
When it comes to cybersecurity, honesty is the best policy. When it comes to admitting fault, acknowledging a mistake, or delivering bad news, stakeholders and security teams alike appreciate honesty. By being honest about your organization’s current security posture (including any deficiencies), security and stakeholders can work together to fortify your organization’s cybersecurity posture.
On the other hand, lies, omissions, and misrepresentations cause cracks in your cybersecurity posture and foster inter-organizational distrust, with potentially disastrous consequences. All trusting relationships are built on a foundation of honesty.
Diligence
Hard work, dedication, and commitment from both your security team and your stakeholders is critical for building organizational trust. Both sides of the table need to know that the other side is working hard to fulfill their obligations and is willing to own up to any mistakes or shortcomings. It’s a lot easier to build trust when you know the rest of the team has your back.
A Willingness to Listen & Accept Feedback
Communication is a two-way street, and both stakeholders and security teams need to be willing to listen and accept honest feedback and not dismiss the other side’s suggestions and concerns out of hand. When one side feels that the other isn’t taking their concerns, expertise, or advice seriously, it undermines the relationship and damages trust, weakening the organization and compromising its security posture.
Action
Talk is great, but only when it is followed by concrete action. When either the security team or the stakeholders promise to do something, the other side needs to see that they will follow through. When we can’t trust our teammates to act on their promises, those promises become meaningless.
That being said, we are only human, and sometimes promises are broken. When this happens, it is critical to acknowledge that the promise was not honored, provide an explanation (budgetary concerns, staffing shortages, etc.), amend the promise so it can be reasonably accomplished, commit to action, and then act to fulfill the promise. A cycle of inaction and broken promises can impact more than your cybersecurity posture; it can poison your organization, driving away good workers and demoralizing those who remain.
Initiate a “Request for Intelligence” From Your Threat Intelligence Partner
You can’t adequately defend yourself if you don’t know what you are defending against. A request for intelligence is a comprehensive report compiled by your threat intelligence partner. When requesting your report, make sure you specify your intended audience (such as your board of directors or security team) and any specific concerns you may have so that your vendor can tailor the report accordingly and ensure all critical and relevant information is included.
A good request for an intelligence report should go beyond the normal overviews your partner is providing and should include specific concerns related to your vertical, industry, and operating locations. It should also provide information on threat actors you should be concerned about, as well as the TTPs (tactics, techniques, and procedures) those threat actors typically use.
Collaborate Closely With Your Security Vendors
Your security vendor needs to take a proactive role when it comes to preparing your organization for cyber conflict and defense.
Vendor account representatives can help ensure your organization receives the correct level of care and attention and help you get the most out of your security products and services.
You should also work closely with your product vendors to confirm turnaround times and automation options for ruleset and patch updates (to ensure your software automatically downloads and installs security patches as soon as they are made available).
A good vendor should be already communicating with you about the situation in Ukraine, but if you have not received any communications, you should reach out directly to your vendor, representative, or support team.
Keep an Eye Out for Disinformation & Misinformation
As such, it is vital to get your news from trustworthy sources and rely on the advice of local and national leaders as well as your security team to ensure you are getting the facts. As the situation continues to evolve, it is also vital that you are keeping your incident response plans up to date and keeping the lines of communication open both across your organization and between your organization and relevant third parties, such as your managed security services provider (MSSP) and relevant government bodies.
Consider Adopting Secure Communications Tools
Organizations that are concerned about the security and privacy of their business communications (including eavesdropping, data loss, communications metadata exposure, or non-compliance) should consider increasing communications security or switching to more secure communications tools. Organizations with employees in and around Ukraine should also be aware that those individuals may face communications disruptions.
Encrypted messaging and calling solutions like Element and Wickr are ideal for low-bandwidth environments and can be used to enhance the security of your everyday communications as well as work as out-of-band communication channels during incident responses. They can also be used to provide traveling executives with improved communications security. If you are concerned about the security of your current in-house communication tools or are looking to replace them with a more secure option, your managed security services provider can help you make the right choice for your organization.
Should an incident occur, your MSSP can help you respond effectively (mitigating, or even eliminating, damage), conduct a thorough investigation into the root cause of the incident, and help you prepare any reports required for relevant legislative bodies (such as GDPR, HIPAA, or CCPA).
Safeguard Your Endpoints & Practice Good Software Hygiene
Safeguarding your endpoints (smartphones, laptops, and tablets that have access to your network) and hosts (such as networks) is vital. Endpoint detection and response (EDR) involves using tools and solutions to detect, investigate, and mitigate suspicious endpoint and host activities. Unlike traditional anti-virus software, EDR isn’t reliant on known behavioral patterns or malware signatures, allowing it to quickly and easily detect new threats. Depending on the nature of the threat it has detected, EDR is also designed to trigger an adaptive response (much like your immune system springing into action).
One of the easiest yet most critical steps any organization can take to improve their security posture is to keep all their software up to date. When software developers discover vulnerabilities in their products, they release patches to address them. Cybercriminals often target recently patched software in the hopes that not all organizations have been as diligent as yours about installing new security patches. Installing patches takes a few minutes, and the process can often be automated and scheduled so that patches are installed during non-business hours to completely eliminate downtime.
Take Proactive, Preventative Steps Before an Incident Occurs
As the old saying goes, the best defense is a good offense. By being proactive and shoring up your cybersecurity defenses before an incident occurs, you stand a better chance of mitigating or even eliminating damage. Regular pen (penetration) testing, which involves hiring an ethical hacker to stress-test your defenses and search for vulnerabilities, can help highlight security deficiencies so they can be addressed before a cyber attacker is able to exploit them.
Investing in ongoing cybersecurity training is also critical: Employees who can’t identify potential threats are more likely to fall for things like phishing scams, and employees who don’t know how to respond to an incident won’t be able to respond effectively. As such, it is critical that you review your incident response plans regularly and make sure all relevant stakeholders are kept up to date.
You may also want to consider running tabletop scenarios. Tabletop scenarios work like cyber incident fire drills: Your team is presented with a hypothetical scenario and asked to respond, allowing them to put their cybersecurity training to use in a no-stakes environment. Tabletop scenarios not only familiarize your employees with potential threats and help them hone their response skills, but they are also a great way to identify and address security gaps before they can be exploited.
Concerned About Your Cybersecurity Stance? VirtualArmour is Here to Help!
The situation in Ukraine has put many organizations on edge, and trying to figure out how to shore up your organization’s cybersecurity defenses against cyber conflict may be overwhelming. Fortunately, the VirtualArmour team is always here to help.
We offer a variety of security solutions, including:
We have extensive experience working with organizations in a variety of highly-specialized industries, including energy, finance, healthcare, and retail, and are well-versed in the unique security and IT challenges faced by service providers. With offices in both Denver, Colorado, and Middlesbrough, England, we are able to offer live, 24/7/365 monitoring and industry-leading response times.
The situation in Ukraine is constantly shifting, and it can be hard to stay up to date and get the facts your team depends on to best inform your cybersecurity posture. To help you get the information you need, we have compiled a list of links to relevant organizations below.
In Germany, the BSI (Federal Office for Information Security) has released several cybersecurity warnings related to the situation in Ukraine. Current security warnings (in German) can be found here.
Cybersecurity is a complex and continually evolving field. To best safeguard your organization and its digital assets, it’s important to stay up to date.
To learn about the latest news and developments in the cybersecurity sphere, please consider visiting our Articles and Resources page and reviewing the educational articles listed below.
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy. If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.