Avoiding cyber threats can feel like an endless task. An attacker only needs one successful attempt to gain access to a network. Defenders must succeed one hundred percent of the time if they want to keep the attackers out. In practice, it’s just not possible to be perfect 100 % of the time. And often incidents start with unintentional human mistakes. What can companies do to detect and respond to cyber attacks at the earliest possible stage?
History of cyber crime
The world of cyber security has evolved quite a bit from the innocent beginning when kids were spreading viruses on floppies for fun and academics were sending each other worms. Attackers today are highly skilled. They are motivated by financial gain, access to sensitive information or damage to a brand. What started as a hobby has evolved into crime with severe consequences.
A motivated attacker will find the keys to the kingdom
The traditional defenses, such as firewalls and endpoint protection, do a good job at what they’re meant to do – namely detecting and blocking commodity threats. But you can’t expect these solutions to stop advanced threats and targeted attacks. A modern attackers’ goal is to get access to the network and they need to find the keys to the kingdom – the passwords to critical systems. They will not stop until they reach their target.
Advanced attacks are not about the code – they are about the humans
Skilled attackers rarely, if ever, use malware. The attacker’s first goal is to identify potential targets for their mission. The attacker may collect information about the target company, set up a fake company, register domains and create fake profiles for social engineering purposes.
Once the attacker determines what defenses are in place, they choose their weapon. The selected vector is often impossible to prevent or detect. It can be a zero-day exploit, a spear-phishing campaign or bribing an employee.
Social engineering is effective because it exploits trust. Thus, the human factor is often the weakest link in cyber security. The best weapon to fight back the risk of human error is increasing security awareness.
Our Cyber Security Crash Course series helps you and your employees understand the current threats out there, why they are so difficult to spot and stop, and what you can do to detect and respond to modern cyber attacks. Linda Liukas** meets the brightest minds working in the field of cyber security to find simple answers to complex questions.
* 2017 Cost of Data Breach Study, Ponemon Institute LLC (sponsored by IBM Security)
** F-Secure Cyber Security Crash Course explains in simple terms what kind of threats are out there and how they can be spotted and stopped. Linda Liukas, a programmer, children’s book author and TED speaker, explores the wonders of cyber security with the best talent in the industry. She even agrees to let F-Secure’s experts hack her. Watch the six short videos to learn what you can do to detect and respond to advanced cyber attacks. Include the Cyber Security Crash Course videos in your security training programme to foster awareness within your organization.