New security breaches are uncovered almost daily – any one of which can jeopardise your company, place your intellectual property at risk, and cause damage to your company’s bottom line and reputation.
Cyber criminals are increasingly aggressive, well-funded and persistent, and these days, no company can ever be completely safe from the most determined attackers.
Common cyber security measures generally revolve around strengthening infrastructure against incursions such as hacking attempts. However, these measures fail to take into account the risks presented by attacks exploiting new and unknown zero-day vulnerabilities.
Zero day vulnerabilities are being used with increasing regularity and the time between discovery and the development of new attacks to exploit zero-day vulnerabilities is diminishing, making it harder to protect against them.
These risks are compounded by the soft target in an organisation’s cyber defences presented by email. As a core business tool, email is a dependable and longstanding form of communication for organisations of all sizes, but remains the single most common and effective entry point for malicious software, or malware, much of which is designed to exploit zero day vulnerabilities.
Cyber criminals can use a variety of relatively simple techniques to gain unauthorised entry into an internal network or system via an email. These include phishing, spear phishing, and whaling, all of which can help criminals acquire sensitive information to access networks, or infect a workstation directly with malware.
Large companies generally have multi-layered email filters in place, often along with internal guidelines on how to use email safely. However, SMBs sometimes fall short when it comes to adequate security measures and internal business practices to ensure email security.
The evolution of malware
SMBs are vulnerable to email as the entry point for an attack and this is compounded by increasingly complex malware. As the threat landscape evolves, and malware detection becomes more advanced, cyber criminals are forced to create ever more sophisticated and specialised malware.
This increasing complexity is reflected in the number of malware ‘families’ now known to cyber security software experts. In 2005, seven ‘families’ represented 70 per cent of all malware activity, and the types of viruses were mainly mass-mailing ‘worms’ with backdoor capability, including for example Nigerian email scams.
In 2014, however, 20 ‘families’ represented 70 per cent of all malware activity. Today’s malware is much more sophisticated and unique, including stealthy command-and-control botnet membership, credential theft, and, often, some form of fraud such as bitcoin mining.
Needless to say, as malware evolves, and more zero-day vulnerabilities are discovered, traditional anti-virus software is struggling to cope. Companies need a strategy that reduces their security exposure and protects them from cyber threats with fast and effective attack detection, containment, and response.
SMBs can begin to protect themselves against threats with a systems approach, which requires multiple layers of technology that help protect an enterprise at every phase in the ‘kill chain’.
Education is another simple and often overlooked starting point to protection. Most malware that makes its way into a business’ internal networks got there because somebody responded to an email, or clicked on a link without recognising or understanding the risks involved.
There is a simple but effective two-step approach SMBs should take to protect themselves against potential zero-day attacks:
1. Minimise insider threats through education and system prevention
The most insecure parts of any security infrastructure are people. Mistakes inevitably happen; sometimes deliberately, most by accident. Cyber criminals design many of their attack techniques around the weakness of human error.
Malware designed to exploit zero day vulnerabilities is frequently delivered via phishing emails. These are designed to increase the likelihood of mistakes and information breaches by internal staff, so employees must be trained to recognise them and educated as to how they can best be avoided.
There are cloud-based cyber security solutions for insider threat prevention available at a low cost. These often come with ready-made and programmable granular policies to block, quarantine, redact, or automatically encrypt inappropriate or sensitive outgoing messages using policy driven rules engine.
2. Take a layered security technology approach
To be better and faster at beating cyber criminals at their own game, organisations need pre-emptive solutions that are easy to integrate into existing systems and that are cost-friendly.
This means that companies need a strategic systems approach to protect against today’s evolving cyber threats. Cloud-based solutions can provide SMBs with the extra layers of protection needed to guard against targeted email attacks like spear phishing and zero-day exploits. The various components of such a layered defence system work together as cooperative, compensating controls to interrupt attackers as they attempt to move from one phase to the next in the attack cycle.
Cloud-based cyber security solutions can be a helpful addition to on-premise software and hardware, making it easier for companies to add protection mechanisms that exceed the measures they could build and deploy themselves.
By developing a partnership with a cloud-based cyber security supplier, and combining that with ongoing training of staff, SMBs can increase their resilience against current and future threats and improve their defences.
About the author:
Adrian Blount is the Director of Cyber Solutions at BAE Systems Applied Intelligence