The document discusses various cybersecurity attack vectors and how organizations can protect themselves. It outlines common attack methods like ransomware, malicious code delivery, social engineering, and phishing. It then recommends that organizations conduct regular security audits, establish governance policies, create an incident response plan, and provide cybersecurity education to employees. The document promotes cybersecurity services from Future Point of View including vulnerability testing, forensics, and training to help organizations enhance their protections.
Report
Share
Report
Share
1 of 20
More Related Content
Cybersecurity Attack Vectors: How to Protect Your Organization
2. Ripped From the Headlines!
CYBERSECURITY ATTACK VECTORS
In 2015, more than 178 million Americans had
their records exposed in cyber attacks
*Cyber attacks cost the average
American firm $15.4 million
*http://money.cnn.com/2015/10/08/technology/cybercrime-cost-business/
**Damage from hacks cost businesses $400
billion per year
**http://www.inc.com/will-yakowicz/cyberattacks-cost-companies-400-billion-each-year.html
3. CYBERSECURITY ATTACK VECTORS
IT’S NOT IF YOU WILL BE ATTACKED BUT WHEN!
There are important ways you can protect yourself and your
organization
First, it’s vital to understand the major methods cyber
criminals use to accomplish attacks…..
4. CYBERSECURITY ATTACK VECTORS
Major Attack Vectors Utilized by Cyber Criminals
Ransomware
Ransomware is becoming more sophisticated and more prevalent.
These types of attacks restrict access to a computer until a ransom is
paid. If the ransom is not paid, data is destroyed forcing organizations
to either pay the ransom or lose critical data forever.
5. CYBERSECURITY ATTACK VECTORS
Major Attack Vectors Utilized by Cyber Criminals
Delivery of Malicious Code
These attacks, often referred to as “watering hole” attacks are
characterized by hackers injecting malicious code on to a public web
page known to be frequented by those in a particular industry.
This type of attack is intended to infect a computer and thus gain
access to a targeted network.
6. CYBERSECURITY ATTACK VECTORS
Major Attack Vectors Utilized by Cyber Criminals
Social Engineering
Individuals are able to prey on the trustworthiness or inexperience of
staff by posing as company personnel, vendors, or powerful authorities
to gain information or resources that they can use to bypass
organizational security.
7. CYBERSECURITY ATTACK VECTORS
Major Attack Vectors Utilized by Cyber Criminals
Remote Access
Through open ports or the exploitation of web code, hackers are able
to use SQL injection to gain unauthorized access to a server.
8. CYBERSECURITY ATTACK VECTORS
Criminals are aided by the conscious assistance of an organization’s
employee(s)
Major Attack Vectors Utilized by Cyber Criminals
The Inside Job
9. CYBERSECURITY ATTACK VECTORS
Phishing schemes involve attempts to steal your identity or
information (such as usernames, passwords, and credit card
details) for financial gain by using a fake email disguised as one
sent from a trustworthy entity to entice you to click on a bad link
or file. These often come dressed as from a financial institution
(such as a bank).
Major Attack Vectors Utilized by Cyber Criminals
Phishing
10. CYBERSECURITY ATTACK VECTORS
The FBI reported that between October of 2013 and August of 2015
$750 million was extracted from more than 7,000 companies using
spoofing type scams. Criminals fake correspondance from the
executives of victim companies, asking employees to initiate
unauthorized international wire transfers on the company’s behalf.
In spoofing, an e-mail header is manipulated to look like it came
from somewhere different than the source.
Major Attack Vectors Utilized by Cyber Criminals
Spoofing
11. Access Through Intermediaries
Retail chain Target suffered an extremely high profile breach in
2013, which led to 40 million credit and debit cards to be stolen
during that holiday shopping season.
The attack was implemented in part through the use of a malware
that successfully garnered the electronic credentials of Target’s
HVAC vendor.
CYBERSECURITY ATTACK VECTORS
Major Attack Vectors Utilized by Cyber Criminals
12. Brute Force Attack
An attack that uses automation to systematically check all
possible passwords or keys until the correct password is
discovered. The success of these attacks are based on the
strength of the password. This is why longer, more complex
passwords are safer.
CYBERSECURITY ATTACK VECTORS
Major Attack Vectors Utilized by Cyber Criminals
13. What Can I Do?
There are some important steps you as a leader can
take to protect your organization today…
CYBERSECURITY ATTACK VECTORS
14. Security Audits & Assessments
These security assessments examine your internal and external
security including your firewall ports, packet flow, access and
authentication to your network, traffic control and much more.
They are followed by a report and a remediation plan that you
can use to fix any vulnerabilities.
They should be performed at least once a year. It is also
important to do thorough research on any company you will use
to perform these. You will be allowing them access to your
network, so it is critical that you have vetted their credentials.
CYBERSECURITY ATTACK VECTORS
What Can I Do?
15. Governance
It is important to have procedures and processes surrounding
your security including documented rules for passwords, role-
based access control, rules for reporting potential security
weaknesses, and the requirements for reporting potential security
weaknesses and the requirements of applying security updates,
patches, and fixes.
CYBERSECURITY ATTACK VECTORS
What Can I Do?
16. Incident Response Plan
Organizations often have documented disaster recovery plans
without having security incident response plans. This is
unfortunate. Planning for various types of breaches, your
organizational response based on the severity of the breach,
specific roles during or following a breach, and running exercises
that simulate a breach are all important ways you can prepare.
When something does happen you want to ensure that the entire
team is working together to mitigate risk.
CYBERSECURITY ATTACK VECTORS
What Can I Do?
17. Education
Your team members can be your greatest asset or vulnerability
when it comes to cybersecurity. Every member of your team
should be taught how to spot and avoid cyber threats. Security
education today must be a cornerstone of every organization’s
technology strategy.
CYBERSECURITY ATTACK VECTORS
What Can I Do?
18. Let Us Help You Protect Your Organization
FUTURE POINT OF VIEW
A Cyber Weapon For Your Organization
INTERNAL ASSESSMENTS: We will assess
and report on areas such as Access
Controls, Malware, Physical Security,
Wireless and Mobile, Change Management,
Patch/Update Management, Remote Access,
Backups, and Disaster Recovery.
EXTERNAL ASSESSMENTS:
Penetration Testing, Network and
Firewalls, System Change
Management, Public Facing Access, and
more.
We offer the following services:
19. Let Us Help You Protect Your Organization
FUTURE POINT OF VIEW
A Cyber Weapon For Your Organization
We offer the following services:
VULNERABILITY TEST
SUBSCRIPTION: These are periodic,
random, unannounced, tests to your
cyber perimeter to validate that no
changes or oversights have occurred
that leave your organization vulnerable
to an attack or breach.
CYBERSECURITY FORENSICS
SERVICE: This is offered if you have
already experienced a breach. We
uncover and identify where, how, and
via whom the breach occurred.
20. Let Us Help You Protect Your Organization
FUTURE POINT OF VIEW
A Cyber Weapon For Your Organization
We offer the following services:
EDUCATION: We offer private and public education to equip your team and leadership
with the ability to identify and avoid the latest in cyber threats. These courses are
designed to educate all members of your organization how to continually protect the
organization’s digital assets.
For More Information on our Cybersecurity Education Please
Visit FPOV.com/edu