Detection is all about knowing when something has gone wrong. We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the faster you know about an incident, the quicker you can mitigate the impact and get back to normal operations.
Detection is about:
- Knowing the threats applicable to your business
- Having cybersecurity products or services that help monitor your networks
- Having well-trained employees who can spot things that aren’t right and report them
- In some cases, phishing attacks using your brand, even having your customers alert you when cybercriminals are trying to gain access to your system via customer credentials.
Knowing the Threats
Not all threats in cybersecurity equally impact your business. Some, like broad ransomware attacks are designed to infect any system anywhere that is vulnerable. In other cases, attacks may be motivated by the type of business your are in and the value of what you have. For example, if your are in the retail business cybercriminals may be looking to steal customer payment data or access a bank account. If you are in manufacturing, maybe stealing your intellectual property or disrupting your operations is the goal.
You don’t need to be a cybersecurity expert to ensure that your business is protected, but it is critical that you understand the online threats to your company’s network. Awareness of key threats will enable you to employ practices and behaviors that limit your company’s risk.
Below is a list, and by no means all inclusive, of some common threats.
Viruses and spyware can enter your computer through emails, downloads and clicking on malicious links.
- Viruses can enable hackers to steal valuable corporate, customer or employee information, distribute spam, delete files or crash your entire computer system.
- Spyware programs allow hackers to monitor your online activity and steal passwords, records and other valuable data.
Federal Agency Ransomware Guidance:How to protect your networks from Ransomware
Business Email Compromise
Via email to business leaders of others encouraging a payment of, for example, an overdue invoice that is actually a fake invoice designed to generate a payment to a cybercriminal.
Phishing attacks usually use fraudulent emails to trick people into sharing information they shouldn’t. For consumers it could be personal data, such as Social Security numbers, or financial information (e.g., credit card account numbers, usernames and passwords). In your business, it could be getting employees to share network credentials or to infect your system by clicking on links or opening infected documents.
How Phishers Attack
- Fraudulent emails: Phishers trick consumers and employees by sending them emails that appear to be from reputable organizations, such as a bank, retailer or credit card company. These emails include Web links that take consumers to a fake Website where they enter their personal information.
- Posts on social networks: Phishers use fraudulent posts (sometimes by hacking the accounts and distributing messages to groups of friends) to get people to click on links they shouldn’t.
- Text messages: Like social network posts, text messages can include links to dangerous sites and infect mobile devices.
- Spoofing your brand: using your good name and brand to send emails to your customers that look like the come from your business and encouraging clicking on a link or downloading a document.
- Spear phishing: targeting you business and employees directly using email and other messages that look like they come from a customer or another business you do business with (like a vendor) to try and specifically compromise your business
Scams and Other Threats
Threats and scams change often, and to keep up with the latest information to protect your business, subscribe to these updates:
- Get Federal Trade Commission (FTC) Business Blogs Updates by Email (Under Business Center Updates choos: Business Center Blog Updates)
- Get FTC Scam Alerts by Email (Under Consumer Updates choose Scam Alerts)
Know the Threats
Each year companies investigate the causes of data breaches and produce reports on what led to networks being compromised. Here are a few:
- AT&T 2017 Cybersecurity Insights
- Cisco 2017 Annual Cybersecurity Report
- Google Android Security 2016 Year In Review
- Identity Theft Resource Center (ITRC) 2017 Breaches
- Symantec 2017 Internet Security Threat Report
- Verizon 2017 Data Breach Investigations Report
- Verizon 2017 Data Breach Investigations Report Executive Summary
Industry and Other Specific Threat Information
Depending on your business, participating in a threat sharing service maybe an important step. More and more industries are creating specific threat sharing services for their community, some threat sharing collaboratives are emerging by geography and there is an emerging threat sharing industry offering subscriptions to threat information. Some services deliver this information via email and some have portals to view information. Explore with any trade associations what information or recommendations they have.
In some cases like ransomware, detection of an incident is easy as the cybercriminals will make their presence clearly known. Well-trained employees will let you know if they are receiving phishing of suspicious communications. Basic security services such as security software will inform you of some threats like potential phishing websites or scan attachments and notify of any threats. Some strong authentication tools will inform you when they detect a new user trying access your system. However, many attempts to compromise your business will be by their nature attempts to gain access without being noticed.
You may want to consider improving your protections via using some kind of network monitoring service that helps to detect incidents. The availability of cybersecurity tools and services is growing. You should work with your IT department and/or vendors to discuss what kinds of services and tools would best match your business.
NIST Cybersecurity Framework Steps