Cybercriminals have no rules, no code, they will anything and everything to get through your security controls and at what they want most, your data. This is the first of a series of posts I am calling ‘How They Attack Us’. The posts following will take one attack vector and explain it in simple terms, how to detect and avoid these attacks, and how to prevent them from impacting you or your environment.
Through my Security In Five podcast, I talk about these attack vectors all the time. The more aware you are the more secure you can be. I felt that writing blog posts would also help expand that awareness as well as make the information more referencable.
Understanding the methods hackers use will help provide more insight and feedback into your own security program. There is no single answer or one defense that will cover all these attack methods. Each attack comes with its own unique challenges and solutions to identify and prevent.
This is what we call ‘defense in depth’ as at any time a new attack can come at you and the more layers of controls you have the more difficult it will be for an attacker to succeed. An attack may get through one person’s mistake or exploit an unpatched system but your other controls and layers will slow or stop the attack from getting to the target.
This How They Attack Us series will cover topics like phishing, vishing, social engineering, malware, ransomware, vulnerabilities, data collection, denial of service, advanced persistent threats and more.
Succesful cybersecurity programs have to address all of the vectors to some degree. Ignoring or delaying one or more only increases the chance of the inevitable hack or breach/leak.
Remember, it’s not a matter of ‘If You Will Be Breached’ it’s a matter of ‘When You Will Be Breached’ and the reality is not When but ‘When You Find Out You Were Breached’. The average time to detect a breach is still 180 days after the breach occurred.
Stay tuned for these posts, podcast episodes and more.
Be aware, be safe.