i Pen Sdn Bhd

Security

Top 3 cybersecurity threats and how to prevent them

by
on November 11, 2022
Scroll Down

According to PWC research, 71% of CEOs are extremely concerned about a cyberattack. And rightfully so. Cyberattacks occur constantly, and it can feel like it’s only a matter of time before your own organization is struck by a cybersecurity breach.

While a cybersecurity breach may feel inevitable, in reality there are steps that can be taken to greatly reduce threats. The first part of cybersecurity is understanding the many possible vectors of attack a hacker can take.

In this post, we will discuss three different security breaches. We’ll walk through what they are and best practices that can be implemented to prevent them. Let’s start with the most common and least technological threat: social engineering.

What is Social Engineering?

Social engineering is a wide net that can be used to describe numerous different scams and hacks. The basic premise though is manipulating members of an organization to steal confidential data and gain unauthorized access. One of the most common social engineering methods is phishing. Another example is impersonation, where a hacker will claim to be an employee to obtain information. Let’s first take a look at phishing.

What is Phishing?

Phishing is when a hacker sends an email that appears legitimate, but is not. The email is the bait, the hacker is the fisherman, and you are the fish. The purpose of a phishing attack is to obtain data by claiming to be a person or organization of authority. Phishing emails appeal to the user’s sense of urgency, or some other psychological aspect that would get someone to click the link. Let’s look at a quick example.

Let’s say you received an email from the “Human Resources Department”. In the email, it says that your badge is going to expire tomorrow, and you must click the link in the email to reserve a badge replacement time. If you do not reserve a spot, your badge will expire and you will no longer be able to come to work.

This email appeals to our sense of urgency. We don’t want to not be able to access our workplace. It also appeals to our sense of authority — i.e our HR department is a legitimate source. Assuming you unfortunately click the link, you will be forwarded to a fake website that would ask you to put in your email and password to reserve a badge replacement time. Now the hacker has your username and password and can do unprecedented amounts of damage to you and your organization.

How to Prevent a Phishing Attack

The best way to prevent a phishing attack is to look for red flags. Make sure all emails that are coming from outside your organization are sequestered into a separate email folder.

Next, advise your IT staff to set up phishing emails to send to employees so they can practice what to look for when it comes to phishing attempts. Oftentimes, phishing emails will have misspelled words or strange wording, as if the person who wrote it doesn’t speak English.

Phishing attempts will always appeal to the employee’s sense of urgency to get them to click the link. E.G, it will say something along the lines of, “you will no longer be able to work here if you don’t update your address on this link.” Remember: Stop and think before clicking that link.

What is Impersonation?

The next form of social engineering is impersonation. A hacker will claim to be an employee of the organization and try to get their password reset. The hacker will often trawl logs that leak onto the website. They can use this to obtain information they wouldn’t otherwise have. Then they call the IT department and give information that will seem credible such as employee numbers, date of birth, and other information.

How can Impersonation Attacks be Prevented?

Impersonation attacks can be prevented by well-trained employees who vigorously follow procedural compliance. For example, check the phone number that the number is coming from. If it is not a recognized number, that is a red flag. Ask the “employee” who their manager is and who their co-workers are. Ask them a little bit about their job. If they fumble, then that is a bad sign.

When talking to people, it is human nature to be as helpful and assistive as possible; this is a crucial mistake when dealing with IT security. If you are suspicious, ask followup questions or simply hang up the phone and inform your manager of a potential cybersecurity attack.

Impersonation is one of the more insidious aspects of cybersecurity, because it is so personal. Next, let’s talk about how ransomware can cripple your organization, and what steps can be taken to prevent it.

What is Ransomware?

Ransomware is a type of virus that threatens to publish private data or withhold critical data until a certain demand is met. Typically the demand is monetary compensation in the form of cryptocurrency.

It is a sad reality that ransomware attacks are becoming commonplace. In 2021 alone, there have been dozens of ransomware attacks, ranging from the Buffalo Public School System to Colonial Pipeline Systems. More often than not, the organizations have to pay the criminals the ransom to get their data back.

Protecting against a ransomware attack after it has already occurred is sort of like locking the barn door after the horses ran away. Once the hackers have your data, they have your data. However, there are numerous steps that can be taken to harden your security infrastructure to prevent these travesties from occurring

Endpoint Hardening Can Prevent Against Ransomware

One of the best ways to prevent ransomware is to ensure your software engineers are taking a proactive approach to security when designing a system. This is called Security by Design.

One such method of preventing ransomware is to harden your endpoints. Think of an endpoint as an access point to your application. Whether it is via a login screen, or a URL for a REST endpoint. Make sure that all data is sanitized so that hackers cannot send malicious data to the endpoints. This is often referred to as SQL injection or Cross-Site request Forgery.

Another good way to harden your endpoint is to disable Cross-origin Resource Sharing (CORS). This will ensure that only your app is only communicating with an authenticated server. Please note, though, there are some instances we want CORS enabled. For example, Google Fonts require CORS.

Lastly, two-factor authentication should be enabled on all devices. This will make it much more difficult for a hacker to steal somebody’s device and crack the password.

Keeping Software Up to Date is Crucial

Another important strategy to prevent ransomware is to keep all software and frameworks up to date. For example, if your team uses Spring Boot for their Java framework, make sure it is on the latest version. That goes for all other frameworks such as React and Angular.

The organizations responsible for maintaining these frameworks are constantly finding security vulnerabilities in their code and updating them accordingly. If you do not update the code, it is only a matter of time before a hacker exploits it.

While many hackers utilize proactive approaches such as social engineering and ransomware, often all they have to do is wait for a vulnerable security misconfiguration. Let’s walk through that, because it is becoming such a serious issue.

Beware of Cloud Security Misconfiguration

In every case of a cloud hack, it has been traced back to a misconfiguration. Google, AWS, and Microsoft go through great length to ensure their data storage tools are uncompromisable. In the cloud world, however, there is a shared responsibility model that determines what is the duty of the cloud provider and what is the responsibility of the user. Each cloud provider has some version of the model, but the AWS version looks like this:

Notice that the customer is responsible for a wide swath of duties, ranging from their data, to access and management, all the way to firewall configuration. These are where hacks most often occur. Let’s talk specifically about S3 buckets, AWS’s flagship data storage model.

What is an S3 bucket?

For the uninitiated, think of an S3 bucket as a scalable document-based database. Any data imaginable can be stored in these buckets, and it is completely scalable to meet your needs. It’s accessible via endpoints or a user interface on the AWS console.

Why are S3 Buckets Cybersecurity Threats?

In June of 2017, a hacker revealed 198 million voter records from a misconfigured S3 bucket. Suffice to say, that is not good. It can be traced back to an S3 bucket being misconfigured to public accessibility. If that is not a wakeup call to cybersecurity experts, I don’t know what is!

S3 buckets are created secure by default. In other words, they do not have access to the internet. However, configuring S3 endpoints and determining which ones should have access to the internet can be challenging. It is a process rife with misconfiguration, and often, AWS engineers will accidentally give an S3 bucket access to the internet.

Once an S3 bucket has this access, any hacker can hit that endpoint and retrieve huge amounts of data. For example, Grayhat Warfare can be used to find public S3 buckets. Then, they can ransom it back to the organization, sell it to a third party or blackmail somebody.

How to Prevent Misconfiguration

The easiest way to eliminate this threat is to be very careful when configuring the S3 buckets. Have more than one person verify the configurations before putting it out into the wild. Only allow users who are certified in the technology access to the cloud console. Test engineers can also create integration tests that ping the bucket to verify it does not have access to the internet. If it does, the test fails and the software engineering department is notified.

This is not exclusive to Amazon buckets. Azure and Google buckets can potentially be misconfigured in the same way.

Final Thoughts

In this post, we talked about three major vectors of attack: social engineering, ransomware, and cloud security misconfiguration. Each one of these are very different and diverse. Also, each involves different employees in the organization. Social engineering works by tricking people, ransomware is exploiting security bugs, and cloud security hacks exploit configuration errors.

It is important to remember that Cybersecurity is not relegated to one particular team. It is everyone’s responsibility. Everyone, from the CEO down, should have some level of cybersecurity awareness training.

Via: https://www.cbtnuggets.com/

477 thoughts on “Top 3 cybersecurity threats and how to prevent them”

  76. В этой публикации мы предлагаем подробные объяснения по актуальным вопросам, чтобы помочь читателям глубже понять их. Четкость и структурированность материала сделают его удобным для усвоения и применения в повседневной жизни.
    Получить дополнительные сведения – https://medalkoblog.ru/

  120. Заказать диплом https://diplomikon.ru быстро, надёжно, с гарантией! Напишем работу с нуля по вашим требованиям. Уникальность от 80%, оформление по ГОСТу.

  145. Продвижение сайта https://team-black-top.ru в ТОП Яндекса и Google. Комплексное SEO, аудит, оптимизация, контент, внешние ссылки. Рост трафика и продаж уже через 2–3 месяца.

  146. Комедия детства один дома фильм 1990 — легендарная комедия для всей семьи. Без ограничений, в отличном качестве, на любом устройстве. Погрузитесь в атмосферу праздника вместе с Кевином!

  147. Нужна душевая кабина? душевая кабина купить в минске лучшие цены, надёжные бренды, стильные решения для любой ванной. Доставка по городу, монтаж, гарантия. Каталог от эконом до премиум — найдите идеальную модель для вашего дома.

  151. Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.

  172. Публичная дипломатия России https://softpowercourses.ru концепции, стратегии, механизмы влияния. От культурных центров до цифровых платформ — как формируется образ страны за рубежом.

  173. Институт государственной службы https://igs118.ru обучение для тех, кто хочет управлять, реформировать, развивать. Подготовка кадров для госуправления, муниципалитетов, законодательных и исполнительных органов.

  174. Школа бизнеса EMBA https://emba-school.ru программа для руководителей и собственников. Стратегическое мышление, международные практики, управленческие навыки.

  175. Опытный репетитор https://english-coach.ru для школьников 1–11 классов. Подтянем знания, разберёмся в трудных темах, подготовим к экзаменам. Занятия онлайн и офлайн.

  176. Проходите аттестацию https://prom-bez-ept.ru по промышленной безопасности через ЕПТ — быстро, удобно и официально. Подготовка, регистрация, тестирование и сопровождение.

  177. «Дела семейные» https://academyds.ru онлайн-академия для родителей, супругов и всех, кто хочет разобраться в семейных вопросах. Психология, право, коммуникации, конфликты, воспитание — просто о важном для жизни.

  178. Свежие скидки https://1001kupon.ru выгодные акции и рабочие промокоды — всё для того, чтобы тратить меньше. Экономьте на онлайн-покупках с проверенными кодами.

  179. «Академия учителя» https://edu-academiauh.ru онлайн-портал для педагогов всех уровней. Методические разработки, сценарии уроков, цифровые ресурсы и курсы. Поддержка в обучении, аттестации и ежедневной работе в школе.

  188. Simply desire to say your article is as astounding.
    The clarity in your post is just excellent and i can assume you are an expert on this subject.
    Fine with your permission allow me to grab
    your feed to keep up to date with forthcoming post.
    Thanks a million and please keep up the gratifying work.

  201. Hi there, I discovered your web site via Google at the same time as looking
    for a similar topic, your website got here up, it seems to be good.
    I have bookmarked it in my google bookmarks.
    Hello there, simply turned into alert to your blog via Google, and located that
    it’s truly informative. I am gonna be careful for
    brussels. I will be grateful should you proceed this in future.
    Numerous other folks will probably be benefited from your writing.
    Cheers!

  212. hello!,I like your writing very much! percentage we be in contact more approximately your post on AOL?

    I require an expert on this house to unravel
    my problem. Maybe that’s you! Looking ahead to look
    you.

  215. I do not know whether it’s just me or if everybody else encountering issues with your site.

    It appears as if some of the text in your posts are running off the screen. Can someone else please comment and let me
    know if this is happening to them as well? This could be a problem
    with my browser because I’ve had this happen before.
    Kudos

  229. Do you have a spam problem on this blog; I also am a blogger,
    and I was wondering your situation; many of us have created some nice procedures and we are
    looking to trade solutions with other folks, be sure to shoot me an email if interested.

  230. Мы предлагаем генеральная уборка в Москве и области, обеспечивая высокое качество, внимание к деталям и индивидуальный подход. Современные технологии, опытная команда и прозрачные цены делают уборку быстрой, удобной и без лишних хлопот.

  231. Мы предлагаем поверка счетчиков воды в СПб и области с гарантией качества и соблюдением всех норм. Опытные мастера, современное оборудование и быстрый выезд. Честные цены, удобное время, аккуратная работа.

  232. I’m amazed, I must say. Seldom do I come across a blog that’s both equally educative
    and interesting, and let me tell you, you’ve hit the nail on the head.
    The issue is something which too few people are speaking intelligently about.
    I’m very happy that I found this in my hunt for something relating to this.

  237. Hi I am so glad I found your blog, I really found
    you by mistake, while I was researching on Digg for something else, Nonetheless I am here now
    and would just like to say kudos for a fantastic post and a all round exciting blog (I also love the theme/design), I don’t have time to
    browse it all at the moment but I have bookmarked it and also added in your
    RSS feeds, so when I have time I will be back to read much more, Please do keep
    up the fantastic jo.

  246. Hello I am so excited I found your web site, I really found you by error, while
    I was looking on Digg for something else, Regardless I am here now and would
    just like to say thanks for a marvelous post and a all round enjoyable blog (I also love the theme/design),
    I don’t have time to browse it all at the moment but I
    have bookmarked it and also included your RSS feeds, so when I have time
    I will be back to read a great deal more, Please do keep up the fantastic work.

  258. Сериал «Уэнсдей» https://uensdey.com мрачная и захватывающая история о дочери Гомеса и Мортиши Аддамс. Учёба в Академии Невермор, раскрытие тайн и мистика в лучших традициях Тима Бёртона. Смотреть онлайн в хорошем качестве.

  259. Срочно нужен сантехник? сантехник на дом вызвать в Алматы? Профессиональные мастера оперативно решат любые проблемы с водопроводом, отоплением и канализацией. Доступные цены, выезд в течение часа и гарантия на все виды работ

  261. Type C usb flash 8gb оптом Usb флешка оптом и флешка для девочек в Новосибирске. Подарочные флешки для мужчин и флешка в виде животных купить в Набережных Челнах. Флешка оптом черная поворотная и ручка флешка с лазерной указкой

  262. With havin so much written content do you ever run into any
    issues of plagorism or copyright infringement? My blog has a lot of completely unique content I’ve either authored myself or outsourced but
    it looks like a lot of it is popping it up all over the web without my agreement.

    Do you know any ways to help reduce content from being
    stolen? I’d genuinely appreciate it.

  263. Today, while I was at work, my sister stole my iPad and tested to see if it can survive
    a 25 foot drop, just so she can be a youtube sensation. My
    iPad is now broken and she has 83 views. I know this is totally off topic but I
    had to share it with someone!

  276. hey there and thank you for your info – I have definitely
    picked up anything new from right here. I did however expertise a few technical
    points using this web site, as I experienced to reload the website lots of times previous to I could get it to load properly.

    I had been wondering if your web hosting is OK?
    Not that I’m complaining, but slow loading instances times will sometimes affect your placement in google and could damage your high-quality score if
    advertising and marketing with Adwords. Well I’m adding this
    RSS to my email and could look out for a lot more of your respective intriguing content.
    Ensure that you update this again very soon.

  288. Today, I went to the beach with my kids. I found a sea shell and gave it to my
    4 year old daughter and said “You can hear the ocean if you put this to your ear.” She put the shell to her ear and screamed.

    There was a hermit crab inside and it pinched her ear.
    She never wants to go back! LoL I know this is entirely off topic but I had to
    tell someone!

  293. АО «ГОРСВЕТ» в Чебоксарах https://gorsvet21.ru профессиональное обслуживание объектов наружного освещения. Выполняем ремонт и модернизацию светотехнического оборудования, обеспечивая комфорт и безопасность горожан.

  295. Открыть онлайн брокерский счёт – ваш первый шаг в мир инвестиций. Доступ к биржам, широкий выбор инструментов, аналитика и поддержка. Простое открытие и надёжная защита средств.

  306. I think that everything composed was actually very logical.
    But, consider this, suppose you were to write a killer
    headline? I ain’t saying your content isn’t good, but suppose you
    added something that makes people want more? I mean Top 3 cybersecurity threats and
    how to prevent them – IPen Tech Your Technolgy
    Associate is kinda plain. You should look at Yahoo’s home page and
    watch how they write post headlines to grab viewers interested.
    You might add a video or a related picture or two to grab people interested about everything’ve written. Just my opinion, it would bring your posts a little livelier.

  316. Magnificent items from you, man. I’ve remember your stuff
    previous to and you are just too excellent. I actually like
    what you’ve obtained right here, certainly like what you’re saying and the best way wherein you say it.
    You make it entertaining and you still care for to keep it wise.
    I can’t wait to read much more from you. That is really a great website.

  319. What i do not understood is in truth how you’re no longer actually a lot more neatly-preferred than you might be right now.
    You are so intelligent. You already know therefore significantly
    in the case of this matter, produced me in my opinion consider
    it from numerous varied angles. Its like men and
    women are not fascinated until it’s one thing to do with Girl gaga!

    Your own stuffs outstanding. All the time maintain it up!

  320. Hi there, i read your blog occasionally and
    i own a similar one and i was just curious if you get a lot of spam feedback?
    If so how do you protect against it, any plugin or anything you can suggest?

    I get so much lately it’s driving me insane so any help is
    very much appreciated.

  324. Новости Украины https://gromrady.org.ua в реальном времени. Экономика, политика, общество, культура, происшествия и спорт. Всё самое важное и интересное на одном портале.

  325. Современный автопортал https://automobile.kyiv.ua свежие новости, сравнительные обзоры, тесты, автострахование и обслуживание. Полезная информация для водителей и покупателей.

  326. Строительный сайт https://vitamax.dp.ua с полезными материалами о ремонте, дизайне и современных технологиях. Обзоры стройматериалов, инструкции по монтажу, проекты домов и советы экспертов.

  354. Do you mind if I quote a couple of your posts
    as long as I provide credit and sources back to your weblog?
    My blog is in the very same niche as yours and my visitors
    would really benefit from a lot of the information you present here.
    Please let me know if this okay with you. Thanks a lot!

  355. Hello there, I found your web site by way of Google even as
    searching for a comparable subject, your web site
    got here up, it seems good. I’ve bookmarked it in my google bookmarks.

    Hi there, just become alert to your blog thru Google, and
    located that it’s truly informative. I’m gonna be careful for brussels.

    I will appreciate if you happen to proceed this in future.
    Numerous other people will probably be benefited from your writing.
    Cheers!

  361. Please let me know if you’re looking for a article
    writer for your weblog. You have some really good articles and I
    believe I would be a good asset. If you ever want to take some
    of the load off, I’d love to write some content for your
    blog in exchange for a link back to mine. Please shoot me an email
    if interested. Thanks!

  366. Нужна топливная карта? https://avtobas40.ru. Экономия до 15%, автоматическая отчётность, удобные безналичные расчёты и контроль автопарка онлайн.

  369. Хотите оформить карту на топливо? https://ktz59.ru. Контроль за каждой транзакцией, отчёты для бухгалтерии, гибкие лимиты и бонусные программы.

  385. I have been exploring for a bit for any high quality articles or
    weblog posts on this kind of area . Exploring in Yahoo I ultimately stumbled upon this website.
    Reading this info So i’m happy to express that I have an incredibly excellent uncanny feeling I discovered exactly what I needed.

    I most indisputably will make certain to don?t disregard this site and give it a glance
    on a constant basis.

  388. Undeniably believe that which you said. Your favorite reason appeared to be on the internet the easiest thing to be
    aware of. I say to you, I certainly get irked while people consider worries that they plainly do not know about.
    You managed to hit the nail upon the top and defined out the whole
    thing without having side-effects , people could take a signal.
    Will probably be back to get more. Thanks

  389. Howdy would you mind sharing which blog platform you’re using?
    I’m planning to start my own blog soon but I’m having a hard time choosing between BlogEngine/Wordpress/B2evolution and Drupal.

    The reason I ask is because your layout
    seems different then most blogs and I’m looking for something unique.
    P.S My apologies for being off-topic but I had to ask!

  392. Have you ever thought about creating an e-book or guest authoring on other sites?
    I have a blog based upon on the same subjects you
    discuss and would love to have you share some stories/information.
    I know my audience would value your work. If you’re even remotely interested, feel free to send me
    an email.

  398. Стройкаталог https://stroycata1og.ru проекты коттеджей, дома любой площади, каталог стройматериалов. Комплексные услуги от проектирования до сдачи объекта с гарантией качества.

  404. Hey! I know this is kinda off topic but I’d figured I’d ask.

    Would you be interested in trading links or maybe guest authoring a blog post or
    vice-versa? My blog addresses a lot of the same subjects as yours and
    I think we could greatly benefit from each other.
    If you happen to be interested feel free to send me an email.
    I look forward to hearing from you! Excellent blog
    by the way!

  407. Excellent goods from you, man. I have understand your stuff previous to and you are just extremely excellent.
    I really like what you’ve acquired here, really like what you’re saying and the
    way in which you say it. You make it enjoyable and you still take
    care of to keep it smart. I can not wait to read much
    more from you. This is really a tremendous web site.

  408. Hmm it appears like your site ate my first comment (it was
    super long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog.
    I too am an aspiring blog writer but I’m still new to everything.

    Do you have any tips and hints for novice blog writers?
    I’d certainly appreciate it.

  412. I have been exploring for a little bit for any
    high-quality articles or blog posts in this sort of area .
    Exploring in Yahoo I eventually stumbled upon this site.
    Reading this info So i am satisfied to express that I have an incredibly excellent
    uncanny feeling I found out just what I needed. I so much certainly will make sure to do not omit this website and give it a
    look on a continuing basis.

  415. Hmm it appears like your website ate my first comment (it was super
    long) so I guess I’ll just sum it up what I submitted and
    say, I’m thoroughly enjoying your blog. I as well am an aspiring
    blog blogger but I’m still new to the whole thing. Do you have any recommendations for beginner blog writers?
    I’d really appreciate it.

  428. Have you ever considered about adding a little bit more than just your articles?
    I mean, what you say is fundamental and all.
    However think about if you added some great visuals or videos to give your posts more,
    “pop”! Your content is excellent but with images and clips, this website could certainly be one of the most beneficial in its niche.
    Awesome blog!

  452. Hey there just wanted to give you a quick heads up.

    The words in your article seem to be running off the screen in Firefox.
    I’m not sure if this is a format issue or something to do with
    browser compatibility but I thought I’d post to let
    you know. The design and style look great though!

    Hope you get the problem resolved soon. Many thanks

  469. Howdy just wanted to give you a quick heads up. The words in your article seem to be running off the screen in Firefox.
    I’m not sure if this is a format issue or something to do with internet browser compatibility but I figured
    I’d post to let you know. The design and style look great though!
    Hope you get the issue solved soon. Many thanks

  476. Наружная реклама https://pioner-reklama.ru и вывески под ключ: дизайн, производство и монтаж. Световые короба, объёмные буквы, баннеры и витрины. Индивидуальные решения для бизнеса любого масштаба.

  477. Планируете ремонт https://remontkomand.kz в Алматы и боитесь скрытых платежей? Опубликовали полный и честный прайс-лист! Узнайте точные расценки на все виды работ — от демонтажа до чистовой отделки. Посчитайте стоимость своего ремонта заранее и убедитесь в нашей прозрачности. Никаких «сюрпризов» в итоговой смете!

Leave a Reply

Your email address will not be published. Required fields are marked *

i Pen Sdn Bhd