Top 5 most common network security threats. Be sure your organization has a plan to protect and/or prevent each of these malicious types of network security threats.
Hacking is easy. And profitable. An average phishing attack could potentially cost a mid-sized organization $1.6 million. Phishing is just one of the many ways that an organization can be attacked or breached.
Let’s talk about the top 5 most common network security threats.
Common Network Security Threats #1: Social Engineering
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. Wikipedia
While we typically think of email as the main source of social engineering, hackers can gain your trust through phone, email, snail mail, or direct contact. The intention is to gain access to a system that would be too difficult for them to hack into.
Phishing or Spear phishing may be the top techniques used by social engineers to get your confidential information. Cybriant partner, KnowBe4, has compiled a list of top 10 techniques that the bad guys typically use. The list includes:
- Diversion theft
- Spear phishing
- Quid Pro Quo
See the KnowBe4 article, “What is Social Engineering” for a more detailed look into those techniques.
Common Network Security Threats – Social Engineering Stats:
- 1 in 131 emails contains malware.
- 4,000+ ransomware attacks occur daily.
- The number of Phishing Attacks increased 65% last year.
- phishing attack costs a mid-sized company $1.6 million.
- 47% of attacks in 2017 caused by phishing.
Common Network Security Threats #2: Technical Vulnerabilities
A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats. An asset is any tangible or intangible thing or characteristic that has value to an organization, a control is an administrative, managerial, technical, or legal method that can be used to modify or manage risk, and a threat is any potential event that could harm an organization or system. Source: ISO 27001
Many organizations confuse Vulnerability Management and Vulnerability Scanning. Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities. The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.
Today, security professionals find themselves chasing the “threat of the week,” often to no avail. Racing ahead without context and prioritization results in reactive firefighting and pursuit of the wrong issues. Performing the security basics well demands insight and focus.
Fortunately, vulnerability remediation doesn’t always have to be performed overnight, although the highest risk issues should be addressed quickly.
According to a comprehensive assessment of global data breach statistics, 99.9 percent of the exploited vulnerabilities were compromised more than a year after the common vulnerabilities and exposures (CVE) was published.
In other words, if organizations would patch their vulnerabilities in less than a year, they could improve their chances of preventing an exploit-initiated data breach by as much as 99.9 percent.
Excerpt from “The Modern Approach to Vulnerability Scanning”
Common Network Security Threats – Technical Vulnerabilities Stats:
- More than 90% of exploited vulnerabilities in 2015 were more than one-year-old and nearly 20% were published more than 10 years ago.
- 8,000 vulnerabilities a year were disclosed over the past decade.
- 85% of successful hacks used the top 10 exploits.
Common Network Security Threats #3: Poor Patch Management
Patch management is a strategy for managing patches or upgrades for software applications and technologies. A patch management plan can help a business or organization handle these changes efficiently. Techopedia
A poor patch management plan can put a company at risk for hackers finding ways through their systems via vulnerabilities. [See Equifax]
A proper patch management plan will help your organization find missing security patches, support multiple systems and platforms, and handle increased compliance restraints.
Common Network Security Threats – Poor Patch Management Stats:
- 45% of companies are not using a dedicated patch management solution to distribute and manage software updates.
- 72% of decision-makers do not deploy a patch within 24 hours after it is released to the public.
- Failure to patch caused the infamous Equifax breach, releasing the data of 143 million people.
Common Network Security Threats #4: Compromised Endpoints
Compromised endpoints have become much more common in the mobile-era that we live in today. BYOD means that employees are connecting their own devices to a corporate network. While this helps an employee’s productivity, it may cause problems for an organization’s network since corporate policy may not be enforced on the device.
This threat is very closely related to common network security threats – social engineering. That is because many compromised endpoints are caused by social engineering including phishing attacks that cause an end user to download malicious software onto their devices.
What is the risk of letting malware execute? Download our ebook: Prevention vs. Detect and Respond.
Common Network Security Threats Compromised Endpoints Stats:
- In Q1 of 2017 alone, mobile ransomware attacks increased by 253%.
- 66% of security professionals doubt their organizations can prevent a breach to employees’ devices.
- The most mobile attacks occur on businesses in the US. Businesses average 54 mobile malware infections.
Common Network Security Threats #5: Advanced Persistent Threats
An advanced persistent threat is a set of stealthy and continuous computer hacking processes, often orchestrated by a person or persons targeting a specific entity. An APT usually targets either private organizations, states or both for business or political motives. APT processes require a high degree of covertness over a long period of time.
The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in systems. The “persistent” process suggests that an external command and control system is continuously monitoring and extracting data from a specific target. The “threat” process indicates human involvement in orchestrating the attack.
APT usually refers to a group, such as a government, with both the capability and the intent to target, persistently and effectively, a specific entity. The term is commonly used to refer to cyber threats, in particular, that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information,but applies equally to other threats such as that of traditional espionage or attacks.
Other recognized attack vectors include infected media, supply chain compromise, and social engineering. The purpose of these attacks is to place a custom malicious code on one or multiple computers for specific tasks and to remain undetected for the longest possible period. Knowing the attacker artifacts, such as file names, can help a professional make a network-wide search to gather all affected systems. Individuals, such as an individual hacker, are not usually referred to as an APT, as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.
Common Network Security Threats Advanced Persistent Threats Stats:
- 81% of data breach victims do not have a system in place to self-detect data breaches.
- Many companies rely on notification from third parties to let them know about a data breach on their network, increasing the time to detection from 14.5 days to 154 days.
According to the FBI, business email compromise (BEC) alone cost businesses worldwide over $5 billion from 2013 to 2016. Here’s the disconnect: phishing skirts technology by targeting human beings. That’s why it’s critical to educate employees to recognize and report all manner of phishing attacks.
Gartner argues that the biggest threats are not the ones that risk causing the most damage to you, but simply the vulnerabilities in your organization’s environment that are being actively exploited “in the wild.”
According to its research, the primary method of compromise for most threats is the exploitation of known but unmitigated vulnerabilities, not zero-day threats or new exploits. This is largely a matter of cost: threat actors will continue to primarily use the most cost-effective and reliable exploits instead of new ones because they too have limited time and resources.
How to address Common Network Security Threats
While each common network security threat has its own individual process for prevention (or elimination), some of the threats are closely related.
For example, organizations typically categorize vulnerability management and patch management in the same sentence. That’s because if you find a vulnerability, you want to patch it immediately, but those are different services.
Similarly, social engineering can cause compromised endpoints. But, your organization should have a way to maintain one and alleviate the other.
This is why we created Cybriant PREtect.
Cybriant PREtect integrates five essential security controls delivered as a single subscription service.
With each integral service, PREtect will help your organization combat each of the top 5 common network security threats.
The services included in our PREtect offering are:
- Security Awareness Training
- Vulnerability Management
- Patch Management
- Endpoint Detection and Response
- Managed SIEM with Security Monitoring
These services are available individually, but when these services are delivered together they harden your organizations’ computing environments and significantly help reduce the risk of loss due to breach.
PREtect ensures a sound security posture as well as compliance with government regulations and industry best practices for effective information security.
Common Network Security Threats and PREtect
- Reducing your threat landscape: We targeted the top 5 common cyber breach vectors mentioned above and bundled services that will reduce your risk of loss due to breach.
- Building a solid security foundation: Our services are based on the NIST Cybersecurity Framework which consists of standards, guidelines, and best practices to manage cybersecurity-related risk.
- Simplify compliance: Each PREtect service will help you operationally comply with any cybersecurity regulatory requirements
- Speeding time to business value: We have the expertise, data, processes, etc. to make your security tools work at peak efficiency. More info at cybriant.com/pretect.