How Well Do You Know Your Adversary? Oct 21, 2016 BY Tim Foley

Let’s start off with a simple question: What type of data does your business store?

A.    Client or donor information
B.    Internal proprietary data
C.    Financial Data
D.    Trade Secrets
E.    Sensitive or Classified Information

If any of these apply to your business, someone out there wants your data.

Every day there are reports about another high-level attack on an organization, topped off with the overwhelming number of records compromised. What you don’t hear about are the breaches of smaller organizations, which are becoming increasingly more targeted. Hackers are targeting organizations under 1,000 employees, knowing there is less likelihood of them having an in-depth security program (or budget to support it), and more opportunities for them to exploit a company’s vulnerabilities. And if all goes well for the hacker, these organizations may not even know they have been breached until it is too late.

Fully understanding who your adversaries are in the cybersecurity space is a critical step to improving your security posture and ensuring your data is secure. In order for you to adequately defend your business from a potential breach and reduce the vulnerabilities of your business, you need to understand the psychology of the hacker: who they are, why they want your data, and how they are attacking you. 

1.    Who and why are they after you?

On the end of every threat, there is a human who, at one point or another, initiates the attack. To defend against hackers, you need to understand their motivations for targeting your business and why they are going after your data. Here’s a quick reference guide on some of the different types of cyber security attacker:

•    Nation-States:
Who: State-sponsored cyber attackers
Goal: To profit intellectually and use data for espionage 
Targets: Other governments, government contractors
Note: Stealthy and typically well-funded; will attack smaller businesses to get to larger organizations via their supply chain

•    Criminal:
Who: Attackers that range from single contractors to large organizations
Goal: To profit financially off a business’ data
Targets: Everyone and anyone
Note: They will attack whomever they have the opportunity to, especially organizations under 1,000 they know will neither have extensive security programs nor the ability to detect a breach in real time

•    Hacktivists:
Who: Political and social activists with hacking skills
Goal: To make a point to highlight their cause, disruption
Targets: Any organizations that are related to their cause, or coming out against their cause
Note: Even smaller businesses can be a target for hacktivists, depending on industry and partnerships they may have.

•    Script Kiddies:
Who: Less tech-oriented opportunistic attackers
Goal: An easy win by grabbing data and using it for profit, often times not even understanding the consequences of their actions
Targets: People in public places accessing sensitive or personal information; businesses with poor patch management practices
Note: They use scripts readily available online and created by others to target businesses for known vulnerabilities

•    Insider Hackers:
Who: Disgruntled current or past employees
Goal: To seek revenge against the organization
Targets: The company they work for/used to work for
To Note: These hackers have an understanding of company policies, and may succeed in hacking without arousing suspicion

2.    How are they after you?

For most hackers, it’s not personal, it’s just business. They utilize a variety of different tactics to try to breach an organization. A few examples of tactics include:

And, those are just to name a few. Every day there is a new tactic or attack out there that your business needs to be aware of and have policies in place to protect against. 

3.    How can I protect myself?

With an endless amount of tactics on the hacker side, there are measures that your business can put in place to proactively protect your data. These methods include, but are not limited to:

•    Employee Education - Training your employees on the types of threats they may face and how to best counter them, from phishing campaigns to security awareness
•    Security Information and Event Management (SIEM) or Security Operations Center (SOC) - Having a centralized log management system with a SIEM/SOC means that you are able to detect potential incidents in real time, allowing for faster and more complete eradication of any threat
•    Managed Firewall Service - Ensuring your firewall and other edge/perimeter devices are receiving the latest firmware and patch update will help secure your main point of entry/ingress point
•    Vulnerability Assessments - Providing you with the transparency to know what your vulnerabilities are, and allowing you to remediate them before they are used to exploit you network

4.    What now?

Once you understand who, why, and how people may be after you, then you can focus on protecting your business and determining what measures your company needs to take to reduce the risk of a breach. If your internal team does not have the expertise or bandwidth to consistently assess and enhance your security program, your business should consider outsourcing security to an Managed Security Service Provider (MSSP) such as Dataprise Cyber to ensure your business has the right combination of people, processes, and technology in place to protect your data.

Interested in learning more about protecting your data from your adversaries? Contact us today to discover if your data is secure.