In today's increasingly interconnected digital world, cybercrime has become a pervasive and persistent threat. Year after year, hackers relentlessly target vulnerable business systems, leading to a surge in successful cyber attacks.
But what motivates these cyber criminals to engage in such illicit activities, and how can organisations like yours protect themselves from such threats?
In this blog, we'll take a close look at the motivations behind cyber attacks and explore some of the essential cybersecurity practices that will help to safeguard your business.
Cyberattacks are executed with a myriad of intentions, with some of the most common motivations being:
Understanding the motivations behind cyberattacks is crucial, but it's equally important to be aware of the methods hackers use to achieve their goals. Here are some of the most common cyber attacks:
Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a corporate network. Cyber security mitigation techniques are available to reduce the risk associated with all types of cyberattack vector.
To effectively combat cyber threats, organisations must be aware of and address the key cybersecurity failings that hackers often exploit, these include:
Remote access, lack sufficient controls to prevent unauthorised individuals - During recent years, cybercriminals have been targeting remote access technologies in order to compromise a network. Hackers will acquire a set of legitimate user credentials and get direct access to a corporate network (typically via RDP).
Outdated Software - Unpatched software may allow an attacker to exploit publicly known vulnerabilities to gain access to sensitive information, launch a denial-of-service attack, or take control of a system. This is often the first attack vector cybercriminals will explore when looking for ways to compromise an organisation.
Strong password policies are not implemented - Cyber actors use brute-force attacks to exploit weak passwords, particularlytargeting Remote Desktop Protocol (RDP) and cloud-based applications.
Phishing attacks – One of the most common ways in which a fully-fledged cyber attack can begin is through simple human error. Cyber criminals initiate attacks by tricking unsuspecting users into revealing sensitive information, such as their username and password or perform an action which is not authorised, for example transfering money or handing over confidential information.
Inadequate Backup Strategies: Organisations often struggle to recover from cyberattacks due to poorly managed backups, data corruption, or the absence of backups for critical assets.
To strengthen network defences and mitigate cyber risks, organisations should consider apllying the cybersecurity best practices listed below. Please note, many of the below recommendations require no additional cost to implement and should be seen as IT security best practices which are operationally managed, they include:
Adopt a zero-trust security model which means always assuming a login attempt could be malicious whether on the corporate LAN or remote access. Best practice implementation involves always checking authentication, preferably at multiple levels (e.g. end user credentials and device authentication). Access to all network points, applications and devices should always be designed to request authentication before access is granted.
Limit the ability of a local administrator account to log in from a remote session (e.g., deny access to this computer from the network) and prevent access via an RDP session. Meaning accounts with administration privileges can only be used on the corporate network or from a device which has a legitimate VPN. As an additional measure, dedicated administrative workstations for privileged user sessions can be implemented to further limit exposure. Accounts with admin privileges should also ideally be standalone accounts (no user accounts should be assigned admin privileges).
Control who has access to data and services as an extension to zero-trust. This means giving personnel access only to the data, rights, and systems they need to perform their job. This role-based access control (RBAC), should apply to both accounts and physical access. If a malicious cyber actor gains access, RBAC limits the access any hacker has to the network to the individual account that has been compromised.
Regular patching for externally-facing software. Unpatched software has within it known code vulnerabilities which can be seen by hackers and therefore exploited. Any externally facing software should be ideally patched within 14 days of the vendor releasing the vulnerability patch, (if operationally feasible). The longer software remains unpatched, the higher the likelihood it will be exploited by malicious actors during a cyberattack.
Implement MFA on all VPN connections, external-facing services, and privileged accounts at a minimum. This is the most cost-effective way to significantly improve overall cybersecurity posture.
Change default passwords of equipment and systems upon installation or commissioning
Verify that all machines, do not have open RDP ports by placing any system with an open RDP port behind a firewall and require users to use a VPN to access it through the firewall
Ensure backups are immutable, stored off-domain and off-network, meaning backups cannot be deleted and are located in a repository which is completely separate to the production infrastructure. This approach is critical in preventing cybercriminals from damaging backups should they penetrate the corporate network
Implement password policies that require a minimum of 15 characters, preferably containing alphanumerical and special characters. Administrators should also enforce account lockouts after numerous failed login attempts
Implement a cyber awareness and phishing training programme, this will increase the vigilance of the workforce to be able to identify when they are potentially being targeted by a phishing attack
Implement DMARC policies on email which is a default configuration within an email system. Domain-based Message Authentication, Reporting, and Conformance (DMARC) can automatically block or quarantine emails from potentially malicious sources
These mitigations are not exhaustive, but will significantly enhance any organisations cyber security posture when correctly implemented.
Test your security posture against the latest cyber threats with a FREE Cyber Risk Assessment from TIEVA.
A risk assessment will show how susceptible you are to modern-day cyber attack techniques to help you prioritise improvements and develop a roadmap for strengthening your security posture.