Cyber-Attack Myths Debunked The Most Common Five
No organization or industry is safe because hackers have increased their targets from financial institutions to health-care organizations, retailers and also universities. Cyber attacks show no sign of decreasing any time soon, despite the millions of dollars being spent on security products and talent. Hackers know that organizations are not perfect, they are persistent which the hackers believe will pay off due to the believes in myth that the security team often follow that prevents them from building effective security programs to defend against complex cyber attacks.
Myth 1: Security solutions prevent hackers from penetrating into a company.
Fact: Penetration is inescapable. Hackers often claim that penetration is a “no brainer.” The attackers’ job is to find any vulnerability, while it is mandatory for the defenders to protect against any weakness.
Suggested approach: Organizations should build their security architecture having in mind the possibilities of it being breached when setting up an effective perimeter defense against hacking it is very important.
Myth 2: Cyber attackers target the most vulnerable organizations Fact: Attackers choose targets based on goals, not weaknesses. Attackers in reality can even go after the heavily protected companies. They choose their targets carefully according to what fits the operation’s goals best like stealing money, obtaining private data, pilfering intellectual property e.t.c., not organizations with weak security. Sometimes company’s attacked are not the hackers’ ultimate target, they are using the company to reach their main target or another organization.
Suggested approach: Consider what hackers would look for in your organization. Obtaining personal information and credit-card data is an obvious goal, but also think about the business ecosystem connected to you and your customers.
Myth 3: Attackers gather intelligence about the IT and security systems of their target.
Fact: Attackers gather any available data to help them anticipate the defender’s response A hacking operation’s success is based on the attacker’s ability to predict the company’s response to the attack. Attackers collect organization charts, employee data, salaries, work habits, business connections, travel calendars and any data that could helpful them to craft an accurate, comprehensive view of the company’s daily operations.
They are not interested in moving fast and gaining as much information as possible. Instead, they want to go undetected.
They also build profiles on security personnel to help them anticipate the organization’s response and understand its weaknesses. These profiles contain details like the person’s education, compensation, promotions and managers.
Suggested approach: Social media presence should be limited by employee’s, especially of security team members, to reduce information exposure. Work routines should be changed regularly and switch vendors if possible to make your organization less predictable.
Myth 4: Attackers rush to get in and leave quickly.
Fact: Attackers deploy “low and slow” techniques Attackers aren’t interested in speedily moving through an organization and quickly gathering as much information as possible. That behaviour increases the chances they will be discovered. Instead, attackers use a “low and slow” approach. They execute a limited number of actions every day and avoid “noisy” activities that will attract attention.
Suggested approach: The “low and slow” techniques provides security team with enough time to stop the attackers before any additional damage.
Myth 5: Adequate response equals fast response.
Facts: Attackers perform several decoy operations to distract response teams. Most security teams have a strong inducement to stop an incident as soon as it is detected since they are measured by the amount of time it takes to close a case. However, this leads to rushed decision making and a false sense of success.
While detection and reaction should be fast, security teams face a more complicated facts. In most cases, attackers mask the real attack with at least one decoy operation, whether it’s flooding you with malware or DDoS attacks.
Suggested approach: When closing incident tickets, always be a bit suspicious, and make sure the incident is fully included and mediated. Always plan to be deceived by attackers. A seemingly contained attack may actually be a decoy operation that was created to distract security teams.