The Anatomy of a Cyber Attack

09 Apr 2019, MOQdigital Marketing


Cisco Campaign (8)In a modern marketplace, users are accessing more networks from more devices in more locations. The digital world has no borders, and many corporate apps, tools, and services now exist in The Cloud. Devices that do not look like computers can connect to the internet, utilising the Internet of Things to create smart homes, cars, offices, jewellery, and more. However – this also means that the ‘threat surface’ for cyber-attacks is bigger. Much bigger. Companies must work out how to get their security everywhere – and that means first understanding the complexity of the current market. Businesses have more to protect now than ever before. Furthermore, Cisco reports that Australia is one of the biggest targets for cyber-attacks, with at least 1 in 2 Australian businesses hit each year. In 2016, the number of incidents detected in Australian businesses was 109% - against a global average of 38%. An escalation of cyber-attacks can cripple a company. In 2017, Cisco’s Annual Cyber Security Report revealed that an attack could impact operations, reputation, and revenue – targeting networks, data, and IP addresses and leading to business shutdown. This begs the question – where are these attacks coming from, and what do they look like? Cisco has identified four types of attack most prevalent in the corporate world.

  1. The Internet of Things: The Internet of Things (IoT) is remarkable for businesses – enabling mobility and insight that has never been seen before. However, securing IoT devices is complex. Most of them cannot protect themselves, creating vulnerabilities and the opportunity for widespread exploitation and unauthorised network access. On top of this, businesses can connect thousands of devices – with billions on the market. How can companies protect their IoT assets? Cisco IoT Threat Defense built as a best-of-breed architecture that enables network segmentation and behaviour analytics, increased device visibility and remote access, cloud security, Malware protection, and firewalls. These features increase transparency and insight for traffic to and from IoT devices, as well as the detection and blocking of potential threats and anomalies. 

  2. Ransomware: Ransomware is a type of Malware that forcibly encrypts information on a device – such as documents, music, and other files. These files are inaccessible to a user until they pay a fee to release them. Typically distributed through traditional avenues, such as advertising and email, ransomware is extremely profitable – an almost $1billion annual market. Users typically fall victim by following legitimate sources, such as an email that appears to be from the company but that is actually phishing from a hacker. Once infected, the ransomware locks users out of their network by encrypting files and data. The device becomes useless, and if the hacker has accessed company files, they can cripple the organisation from the inside – ceasing trading and halting operations. Hackers then demand a ransom, and if they are not paid, they threaten to delete company data. On average, Australian businesses will spend over $15k to retrieve data from ransomware – but paying does not guarantee the return of their files, with approximately half of the companies targeted also experience significant downtime and data losses. Protecting against ransomware requires a multifaceted approach. Cisco offers advanced Malware protection for endpoints to block ransomware files from opening endpoints, as well as email security with advanced malware protection to block spam, phishing, and malicious email attachments and URLs. Firewalls and network segmenting also assist in risk reduction, as do ongoing security policies and employee education regarding how to react in the event of a breach.

  3. Malware: Malware is malicious software that can affect a computer and network in a variety of ways. This includes spyware software that records computer activity – including sensitive corporate activities and information. Malware may also apply worms and viruses, use bots to take control of infected systems, and record and transmit keyboard and mouse activity from targeted devices. Infection can occur in a variety of ways, including via phishing emails, infected USB or other portable devices, drive-by-downloads, malware affected advertising, and more. Companies can reduce their risk of encountering Malware by utilising services, such as Cisco Advanced Malware Protection, to screen incoming traffic and employ global intelligence to identify and block potential threats before they access the company’s network.

  4. Phishing: Phishing is a common, well-known form of cyber attack. Using fraudulent emails to trick employees into giving attackers sensitive information and/or system access – it is estimated that over 68% of all email traffic contains malicious or potentially dangerous content. In fact, Cisco estimates that 45% of all cyber security incidents – almost half – are caused by staff clicking on attachments and links in emails. This one click is all it takes for an entire network to be affected, and for a company to lose vital IT infrastructure. The average cost of a phishing attack is over $23k, according to the Global Economic Crime Survey. Companies looking to protect against phishing need to have a security solution that can defend against advanced email attacks and provide continuous and dynamic analysis of threats. This includes protection against blended attacks caused by multiple threats on a large security surface. An email security solution can help companies inspect their messages, while outbreak filters can contain suspicious incoming and outgoing messages until they are verified via antivirus databases. Cisco provides both of these services, along with cyber intelligence from Talos to deliver ongoing, intelligent email security.

 Applying Cisco Security

Not quite sure where to start on your security journey?

MOQdigital can help with a free Umbrella Proof of Value.

Find out more