What Threats are Masquerading in Your Environment this Halloween?



Halloween is almost here – while this weekend will be full of ghosts and ghouls, the threats that may already exist in your IT environment can be even scarier. Here are the top threats that could be lurking in your environment and how to defend against them.

Insider Threats

1. Insider Threats

Insider threats can haunt security teams due to their difficulty to detect combined with the damage they can cause. Whether they be disgruntled employees trying to cause harm or well-intentioned employees that simply fell for the latest phishing email, insiders’ access and trusted status make them prime facilitators of data loss incidents, malware infections, and other compromises. Between miscellaneous errors, insider misuse, and physical theft or loss of devices, the 2015 Verizon Data Breach Investigations Report attributes 65.3% of data loss incidents to insiders. When successful, attacks by malicious insiders are highly costly as well. The 2015 Ponemon Cost of Cyber Crime report named attacks by malicious insiders as the most expensive cyber incidents, costing companies an average of $144,542 per year. Protecting against insider threats requires close monitoring of and control over your IT environment and the sensitive data it holds.

Trojans and Malware

2. Trojans and malware

They’re not trick or treating - Trojans and malware remain in disguise constantly, masquerading as legitimate applications or processes to avoid detection while compromising your systems. But while they may appear innocent at a glance, malware behavior is anything but normal. In the age of sophisticated attacks, endless malware variants, and zero-day exploits, simple antivirus and firewalls are no longer enough. Combatting these threats requires a combination of the right tools for both detection of inbound malware as well as behavioral analysis to flag activity from malware that has made it into the corporate IT environment.

Social Engineering

3. Phishing emails and other social engineering attacks

Like malware, social engineers are masters of deception. Their choices of costume make them especially tricky, often pretending to be coworkers, bosses, friends, or family members in order to fool victims into sharing sensitive information, installing malware, or granting unauthorized access. Attackers will use social engineering to exploit people, using commonplace tools like email or phones to manipulate unsuspecting victims. Because they target people rather than systems, these attacks are difficult to defend against with software or hardware tools and have high success rates. The best protection against phishing and other social engineering attacks is an educated and security-aware user base, a defense that can only be achieved by instilling a culture of security in the workplace.

Unauthorized Devices

4. Unauthorized applications, devices, and cloud usage

Trends like BYOD and rogue cloud usage by employees have turned many corporate networks into Frankensteinian creations of their own. By using unsanctioned devices, applications, or storage repositories, employees can far too easily open additional channels for infection or data exfiltration. However, locking down these channels has proven challenging for security teams. Preventing these kinds of unauthorized activities requires tight control from top to bottom in you IT environment: strict network access controls to lock down use of unapproved mobile devices, whitelisting to block unauthorized application usage, and granular controls over data access and movement to ensure that sensitive data can only be moved to intended, authorized repositories – whether local or cloud-based.

Software Bugs

5. Software vulnerabilities and outdated software

Bugs abound when unpatched or legacy software is running in your IT environment – and they’re eating away at your security perimeter. Often ridden with exploitable vulnerabilities, running outdated software only exposes your environment and sensitive data to additional vectors of attack. Patch all software that is used in your organization and enact patch management policies to ensure that it stays current. If end of life is announced for software that you use, develop a plan to retire that software securely. When it comes to vulnerability testing, focus on the OWASP 10 or a similar set of the most critical software vulnerabilities. Finally, implement application control to ensure that only approved software can run in your environment.

Nate Lord

Please post your comments here

451 Research: The DLP Market by the Numbers

Get the 451 take on the resurgence of the DLP market, with projections for market growth over the next five years and the top security challenges for 2016.

Download the report

Related Articles
5 Tips for Protecting Sensitive Data at the Law Firm

Recent highly publicized cyber attacks at large law firms such as Mossack Fonseca, Cravath, and Weil Gotschal have made apparent the widespread shortcomings in security safeguards in the legal industry. Here are 5 tips on how law firms can address these concerns and protect sensitive data.

Survey Finds Yawning Gap Between Security Haves, Have-Nots

A survey comparing average companies with security leaders from the Global 1000 finds a vast gulf in readiness, including in the area of content security.

Using Dark Web Data and Intelligence to Trace Payment Card Fraud

At Black Hat on Thursday two researchers described how they were able to use intelligence, transactional data, and predictive analytics to help identify payment card fraud victims.