Four assumptions to make about cybersecurity threats

One of the biggest challenges facing IT security teams today is the pace at which the threat landscape is evolving. Criminals are investing significant time and resources into developing malware that can avoid even the most stringent monitoring.  Indeed, The State of Network Security in 2021 report commissioned by Barracuda found that almost three-quarters (72%) of Australian companies said their organisation had been the victim of at least one ransomware attack in the last year.

As a result, it’s almost impossible to predict what might be around the corner. Protective measures must be constantly enhanced and users educated about the role they have in keeping resources safe from attack.

While there are a large number of unknowns when thinking about IT security, there are still four assumptions that have emerged in the past few years. These assumptions are:

  1. An attack may already be underway:
    Because it has proven successful for so long, email is still considered the number one threat vector for organisations. Phishing attacks are the most common type which lead to the introduction of rogue code into an IT infrastructure.The cybercriminals involved tend to have two key objectives. One is to steal authorised user credentials to be used for login attempts and the second is to infect infrastructures with malware.
  2. Online forms and web applications are currently being scanned by bots:
    Cybercriminals are constantly on the hunt for vulnerabilities that will allow them to gain administrator-level access to applications. They may attempt to log in with credentials stolen through a successful phishing attack or purchased through a data dump. They use bots to automate many of these processes.
  3. Bots are attempting to penetrate your IT network:
    The network threat vector is constantly changing as organisations evolve their IT infrastructures. A secure network strategy needs to consider every part of the network, including staff now working from home, to ensure protection against automated bots is in place and functional.
  4. Some attackers wait for users to come to them:
    Some criminals are content to let targets make the first move. This could be visiting a compromised website or social media platform while using an outdated browser or having some other unpatched vulnerability. Alternatively, infected ads can attack a device used to visit a legitimate site. In this scenario, a third-party ad company has accepted an infected ad and placed it on a legitimate website that sells advertising.

Planning is not enough

At the end of the day, it’s simply not possible to anticipate every type of attack that might be mounted, and so security plans must be based on threat vectors.

As mentioned earlier, one of the most popular is email and so protecting your entire email infrastructure is critical. Whether that infrastructure is on-premise or in the cloud, it’s still vulnerable to phishing attacks and malicious attachments. Your security team needs to be able to identify likely phishing attempts, stop advanced threats and other malicious attachments, and respond quickly when incidents occur.

Meanwhile, applications are subject to so many automated attacks that robust automated protection is required. This includes protection from attacks like denial of service, brute force, credential-stuffing, and zero-day attacks. Advanced bot protection will also protect the site from spambots and scraping.

While almost every workstation or networking device that connects to the internet provides some firewall protection, if you lack a network-wide firewall solution you should consider yourself as having no firewall at all. Features like network segmentation, application control, and secure remote access must also be considered. A firewall should also be able to defend on-premise, multi-cloud, and hybrid deployments.

It’s also worth considering web security and filtering tools that can help to defend users against web-borne threats such as drive-by downloads and infected ads. These tools should not only defend against the latest threats, but also include features like social-network regulation, remote filtering, and visibility into SSL-encrypted traffic.

Finally, it’s vital not to forget the importance of regular data backups. If the worst happens and an attacker gains access to the corporate network, backups are likely to become the only way to get things functioning normally again.

Maintaining cyber vigilance is a never-ending task, but one that needs to be top of mind at all times. A cybercriminal only has to succeed once to cause significant damage and loss.

Mark Lukie
Mark Lukie is a Sales Engineer Manager for Asia Pacific and Japan at Barracuda Networks. He has 20 years’ IT industry experience with deep skills in networking, cybersecurity, backup/disaster recovery, public cloud platforms and systems integration. Mark has been with Barracuda for more than nine years and has extensive knowledge on the company’s entire solution portfolio, including security, application delivery and data protection solutions. He is a member of the Barracuda Global Cloud Security Team, which focuses on security solutions for public cloud platforms such as Microsoft Azure, Amazon Web Services, VMware vCloud Air and Google Cloud Platform. Mark’s qualifications include: Microsoft Certified Systems Engineer/Administrator (MCSE/MCSA), Certified Novel Administrator (CNA), Barracuda Application Delivery & Security Expert (ADSX) and Barracuda Certified Technician & Expert for NextGen Firewalls.