Cybersecurity impacts individuals, business, and governments, even if many aren’t aware that it’s there. Cybersecurity can be defined as the practice of protecting networks, devices, and data from unauthorized access from cyberattacks.
The World Economic Forum predicts that the cost of cyberattacks could reach $10.5 trillion worldwide by 2025, up from $8.44 trillion in 2022. In this article, we'll explore the importance of cybersecurity, some of the most common threats and challenges that Security and IT teams face today, and how tools such as the Veeam data protection platform can help businesses protect themselves from cyberattacks.
The foundational model that guides cybersecurity teams is Confidentiality, Integrity, and Availability, also known as the CIA triad. Each pillar plays a critical role in helping cybersecurity teams stay effect in finding and responding to vulnerabilities and threat actors.
Within the industry, there are several different areas of focus that cybersecurity teams are organized into to protect employees, devices, and data. These are:
Depending on the size of your organization and the systems and technologies you have in place, your cybersecurity approach may change. Likewise, as your business evolves, so should your cybersecurity strategy.
Cybersecurity involves protecting your network, devices, and data from a variety of threats and attacks In order to understand the why and how, we’ll familiarize you with some key concepts and terms Security incident, security breaches oh my! Many people, including the media tend to use these terms interchangeably and know it can be confusing. But we’re here to help you understand the differences between these terms and you’ll be an expert in no time!
Security Incident: violation of an organization’s security policies and procedures in place but does not mean that an organization had an actual data breach.
Security Breach: is security incident that has been escalated due to the exposure of sensitive information. A data breach would be an example of a security breach.
Cyberattack: Though related to a security breach, this attack attempts to compromise the systems’ security.
The most common cyberattacks include the following:
Phishing: This social engineering attack aims at tricking a user into revealing sensitive information or installing malware on their devices. Phishing emails often impersonate legitimate organizations like government agencies, banks, and online retailers. There has been n surge in phishing attacks via text messages and voicemails which allows the attacker to install malware on the user’s device.
Malware: Malicious software is known as malware. This is an umbrella term for viruses, trojans, ransomware, worms, botnets and other unwanted software that may infect a person's computer. In some cases, malware is "self-spreading" (e.g. worms), while in other cases, users are tricked into installing software that pose as something useful (trojans) or are infected unknowingly when visiting a malicious website.
Ransomware: Ransomware is a type of malware that takes control of a user's computer (or entire network) and looks for sensitive files to either encrypt or steal. Ransomware threat actors charge a ransom in the form of cryptocurrency to decrypt the files.
Distributed Denial of Service (DDoS): This attack involves using a huge number of computers, often ones that have been compromised in other cyberattacks, to send repeated requests to the victim's server. The goal is to flood the server with so much traffic it can't cope with legitimate requests. In most cases, this attack serves no purpose other than to disrupt legitimate users. However, some attackers use DDoS attacks to mask other hacking activity or in the hopes of crashing a service in a way that might allow them to access other vulnerabilities.
Man in the Middle (MITM) attacks: An MITM refers to when an attacker intercepts and alters communication between two parties without their knowledge. This type of attack can be used to steal login credentials, personal information, financial data, and other sensitive information
SQL injection attacks: This attack happens when a type of code is injected into a web application that uses a SQL databased to exploit a vulnerability. By inserting a malicious SQL statement into an input field or URL parameter, it is then sent to the database server and allows the attacker to execute commands on the database like modifying or deleting data.
Password Attack: There are several different ways that this type of attack can happen but a few examples are:
The impact of cyberattacks can range from simple inconvenience to much more serious consequences.
In October 2022, a ransomware attack gave hackers access to the personal data of 3.9 million current and former customers of Medibank. The company refused to pay the ransom, and the attack is estimated to have cost them somewhere between $25 million and $35 million. Another high-profile attack targeted the Common Spirit Health System. The group operates 140 hospitals and 2,000 patient care sites, and the attack took the group's systems down, causing them to have to delay vital surgeries. Some patients received incorrect doses of their medications as health care providers were unable to access patient records.
Cyberattacks aren't just potentially damaging to a company's reputation or bank balance. If an attack hits a health care provider, aviation company or anything else where safety is a concern, lives could be directly (or indirectly) put at risk.
Vulnerabilities and Exploits
One common way that attackers gain access to systems is through vulnerabilities or exploits. A vulnerability is a weakness or flaw in a system, while an exploit is the method or tool that is used to take advantage of that vulnerability to launch malicious actions or gain unauthorized access.
Any internet-facing system must be kept up to date as part of cybersecurity best practices. Developers are always working to stay ahead of hackers, who are trying to find security holes (known as vulnerabilities) in their software.
Another common vulnerability is known as "cross-site scripting." This vulnerability means a website will run JavaScript sent to it from an external source. Attackers can exploit this to trick other users of the site or web app into taking actions because, to those users, it looks like the popup or message that is a genuine part of the site.
There are many vulnerabilities and exploits, and it's not just websites that are affected by these issues. A desktop application, game or server can be attacked in similar ways. Many vulnerabilities involve sending unusual or unexpected requests to an internet-facing application and then taking advantage of the way the application responds.
End-users and systems administrators can't be expected to identify and manually fix vulnerabilities in the software they use, especially given how complex software is today. However, proactive vulnerability management can reduce the risk of falling victim to cyberattacks. Often, ethical hackers find vulnerabilities and alert developers via something known as a CVE. This gives developers the opportunity to release a patch for the issue. The CVE will eventually be disclosed to the general public, at which point exploits may become available. Patching software as soon as security updates are available is essential to prevent attackers from exploiting publicly known vulnerabilities.
Security Measures
In addition to deploying security patches, there are other steps you can take to protect your data and harden your digital landscape from threat actors and cyberattacks.
For example, have a strong Identity and Access Management (IAM) strategy in place. This ensures that the right people have access to the right information at the right time. Managing access through passwordless and multifactor authentication (MFA) reduces the risk of the wrong people accessing the wrong information and devices. One of the core ideas of IAM is Zero Trust, a security framework that requires all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration before they are granted or can have continued access to applications and data.
It's also a good idea to make extensive use of encryption. Make sure any login forms you're using are encrypted and that traffic going into and out of your network is also encrypted. In addition, aim to have your backups encrypted both while they're on the drive and when they're being sent off-site. Encrypting data in this way prevents anyone who is eavesdropping on your network traffic from being able to read it and means that if someone does manage to get access to your backup drives, they can't read the data, so it's useless to them.
Finally, firewalls are the most common form of security. These applications vet the traffic going into and out of your network and can be configured to block any unauthorized traffic, making it harder for attackers to scan your network for vulnerabilities and reducing the impact of DDoS attacks.
The steps above are foundational to any cybersecurity strategy, but it's also important to have a plan for when things go wrong. A good incident response plan would include ways to prevent further damage, perform reputation management, recover from the damage and get back to business as usual as quickly as possible. If you don't already have a disaster recovery plan, it's a good idea to create one in partnership with your IT and Security teams and test it to ensure it covers everything it should.
Employee Awareness
No matter how secure your systems are, if your employees don't take security seriously, there's always the risk of a breach. Educate your employees about social engineering attacks, such as phishing, vishing (voice phishing), impersonation, and other similar attacks. Ensure they understand why passwordless and MFA are critical to protect their and your company’s identity. And that practicing good habits like locking devices, reading error messages, and avoiding open Wi-Fi connections makes a difference.
Test your employees on a regular basis to ensure they're following best practices, and if they fall for a phishing attack, take the opportunity to refresh their memory. Keep in mind that even savvy and sensible people can sometimes make mistakes, so focus on education rather than punishment.
With the evolution of the digital world, the responsibility of securing our networks, devices, and data doesn’t just fall to our Security and IT teams. We each play a critical role in helping to protect and secure our information and data. Protection of Sensitive Information
Regulations such as HIPAA and GDPR lay out the penalties businesses might face in the event of data breaches. Today, huge amounts of personal information, including health records, financial records and other private data, are stored in digital forms. Companies found to have been negligent can be fined millions of dollars if a data breach occurs, and even if they escape a fine, the damage to their reputation could drive customers away from them in the long term.
Economic Impact
Cyberattacks, depending on the size, can also have significant and wide-ranging impacts to entire economies and can result in any or all the following consequences to individuals and businesses:
Financial losses
Data breach costs
Recovery and remediation expenses
Lost productivity
Reputation damage
Supply chain disruption
Macroeconomic impact, including disruptions to critical infrastructure or the financial sector
An example of how a cyberattack can have large-scale economic impact happened in 2017, when the NotPetya ransomware attack not only disrupted Ukraine’s power grid, government and business systems, but it also went on to also affect the global supply chain and result in an estimated billion dollars’ worth of financial losses worldwide.
National Security
Cybersecurity is now very much a matter of national security. Government and public sector organizations rely on computers just as much as other businesses today. In 2022, cyberattacks on critical infrastructure increased by 140%. As everything from health care to Social Security, taxes, aviation and even traffic management systems move online, cybersecurity becomes more important than ever before.
Privacy Preservation
Social media and online advertising are big business, and users are becoming increasingly aware of the importance of managing their digital footprints. Regulations such as the EU GDPR (Global Data Protection Regulation) and California's CCPA (California Consumer Privacy Act) place restrictions on what companies can do with user's personally identifying information. Leaking data through negligence or sharing data without authorization can have serious consequences. Businesses must take cybersecurity seriously to protect their users and ensure compliance with these regulations.
Trust and Reputation
As users start to pay more attention to issues of privacy, they're thinking twice about who they hand over their data to. Businesses that have a record of data breaches may find themselves struggling to retain users. It's difficult to recover from a damaged reputation. However, businesses that communicate clearly, alert people to breaches as soon as they're aware of them and are clearly taking precautions to prevent breaches in the first place are more likely to have strong relationships with their users and to be able to re-earn their trust should the worst happen.
Cybersecurity is a complex issue. Keeping the following best practices in mind can help reduce the risk of your organization falling victim to a cyberattack.
Authentication Approach
Do: Enable on a passwordless approach (ie: biometrics like Windows Hello, FIDO keys, SMS or email codes.)
Do: Enable multi-factor authentication, MFA
Do: Provide effective training for your employees
Do: If passwords are the only option for your organization, create strong passwords with combinations of letters, words, numbers, and symbols that are longer in length
Don’t: Assume that passwordless authentication completely protects you from breaches
Don't: Re-use passwords
Regular Software Updates
Do: Keep software up to date with the latest patches on all devices
Don't: Allow users to connect unknown or outdated devices to your network
Don’t: Download unauthorized software or applications to devices or the network without approval from IT teams
Employee Training and Awareness
Do: Consistently train employees on the role they play in helping to protect their company
Do: phishing attacks
Do: Run regular role plays/simulations for social engineering and other attacks
Do: Train employees to classify and label confidential information and data
Don't: Give users admin access or other rights not required for their job
Don’t: Connect to free WIFI hotspots
Data Backup and Recovery
Do: Take regular backups
Do: Ensure some backups are stored off-site
Do: Test your backup and recovery plans
Do: Use secure backup tools that encrypt the data
Don't: Rely on backups stored on your network
Don't: Assume a backup system configured a long time ago is still sufficient for your current operations
Implementing Effective Recovery Plans
Do: Write a detailed disaster recovery plan and test it.
Do: Collaborate and share your recovery plan between IT and Security teams
Don't: Assume your CTO's recovery plan will suffice without running a simulation
Ransomware is a serious issue for modern businesses, and 85% of the businesses we surveyed for our 2023 Ransomware Trends report have experienced a ransomware attack. Many of the organizations surveyed chose not to pay the ransom, either because they could not do so or because of potential legal issues. Concern about data loss is a recurring theme encountered among the 4,200 IT professionals we spoke to for our Data Protection Trends report, but there are many other issues organizations are dealing with in the ever-changing cybersecurity landscape.
Internet of Things (IoT) Security
IoT devices are increasingly common in the supply chain and logistics industry and in health care settings. Unpatched IoT devices are often targets for cyberattacks and may be used for botnets or simply to give an attacker a foothold for a more ambitious cyberattack.
Artificial Intelligence and Machine Learning in Cybersecurity
AI is a powerful tool, but as developers are experimenting with it, new threats are emerging. The concept of Prompt Injection is something many malicious actors are experimenting with. By feeding an AI tool malicious prompts, an attacker could take control of the AI and use it to extract data or run other malicious code.
Quantum Computing and Cryptography
Quantum computing could, in theory, break the encryption algorithms used to secure many parts of the modern web. While developers are working on quantum-resistant encryption algorithms, these are not yet in place on most online services. Indeed, there are still websites that use insecure MD5 encryption to store passwords, let alone more complex modern encryption systems. This is something that may become a serious issue in the future.
Evolving Threat Landscape
Cybersecurity is an arms race, and no good developer or systems administrator can rest on their laurels when it comes to security. It's vital that anyone involved in corporate IT takes the time to stay educated on the latest threats and learn how to protect their systems against them.
Cybersecurity is something that everyone should take seriously, from developers to systems administrators and end-users. Backups play a vital role in protecting data and mitigating the effect of cyberattacks. If you'd like to learn more about how the Veeam Data Protection Platform can help you secure your organization's data, contact us today to schedule a demonstration.