If something is valuable, someone will try to steal it. Protecting against network security cyber threats requires understanding the types of attacks to which networked systems are exposed, and the available means of protection.
The increase in the breadth and number of devices connected to corporate networks has widened the areas that security professionals must defend, and increased the potential points of entry by which attackers may gain access to networks. In many cases, fallible humans are often the weakest security link, since they may be duped by convincing attackers, or fail to take the correct course of action to secure systems. Well trained and engaged users are often effective at identifying attacks that may be missed by other techniques. Working with users is a key part of network security.
However, it should be recognised that if network security controls are too draconian, users will seek to bypass security restrictions and negate any advantages that controls may contribute. Therefore the key is to strike the right balance of useable security.
Spam is the most commonly encountered email network security cyber threat. Although the amount of spam in circulation has dropped since 2010, it still comprises the majority of email. Despite being thought of as little more than a nuisance to networks, the large volumes of spam can swamp unprotected inboxes rendering it difficult for users to conduct email communication. Equally, the contents of some spam emails may be taken at face value by some users leading to large financial losses.
Phishing attacks are also commonly distributed by email. In these emails attackers entice users to disclose usernames and passwords to attackers. Many of these attacks attempt to glean credentials for financial services by sending emails to as many recipients as possible. Attacks can be very specific in nature and may be directed against targeted individuals as a means of obtaining network security service credentials valued by attackers.
Targeted phishing attacks against specific individuals are often referred to as spear phishing attacks. In these cases, attackers send emails to a small, preselected group of recipients. These emails may be crafted to resemble emails that the recipients may be expecting and be difficult for recipients to distinguish from non-malicious emails. Frequently spear phishing emails may contain links to websites hosting malware in an attempt to entice the user to click the link in order to install malware on their end point. Alternatively, targeted emails may be sent with malware attached to the email masquerading as a legitimate document.
The apparent legitimacy of spear phishing attacks means that even the best trained user may be fooled, so network security will be compromised. Awareness is key to prompt users not to engage with emails that raise their suspicions, however, the best approach remains to filter email with effective anti-malware and anti-phishing detection to intercept emails before there are delivered to inboxes.
Malware may enter organisations by many means. Often malware is sent as an attachment to emails, or as a link to a malicious website within the textual content of the email. In addition, users may encounter websites serving malware without any external enticement. Legitimate work-related websites are often compromised to distribute malware to visitors, or even the advertising networks that embed adverts within web pages can be subverted by attackers to include links to malware.
Source: Martin Lee Technical Lead, Threat Intelligence, Cisco, UK