1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

3/8/2018

0 Comments

The Most Common Cyber Security Risks

 
Common cyber security risks

Combating the Most Common Cyber Security Risks

Hard as it may be to believe, government agencies have been found to have some of the worst cyber-security systems in the United States.

Agencies at federal, state, and local agencies were all ranked below other industries (retail, transportation etc.) in a study on U.S. cyber-security. Even NASA, considered one of the most technologically-innovative institutions in the country (if not the world), was flagged for its high vulnerability.

The U.S. Department of State was another weak performer, struggling to protect their systems from outside threats with an unsuitable set-up.

The point? If one of the most powerful governments in the world is failing to keep sensitive data out of criminals’ hands, they are risking the security of countless people on a daily basis. They cannot afford to be so lax.

The same is true of your own business, albeit on a smaller scale: allowing your enterprise to be vulnerable in today’s world is dangerous for your employees and clients alike.

What cyber threats are you most susceptible to, and how can you protect against them?

Malware

What is it?

We’ve all heard of malware, but do we know what it actually is?

This applies to various incarnations of dangerous software that can cause all manner of chaos in your computer, delivered as a virus or ransomware (in which you are ordered to pay in order to regain access to your system).

The malware can actually take over your computer, monitor your activities without your awareness, or even transfer critical information to another user with the utmost discretion.

How can you prevent it?

Make sure you use unique passwords and educate your employees to do the same. Only share sensitive data on a site which is clearly secure, with ‘https’ in their URL.

You should never download any files sent by a sender you don’t trust or recognize, and make sure data is backed up to disconnected hardware on a regular basis. This enables you to restore vital information in the event of a malware attack, without needing to pay or sacrificing critical data.

Phishing

What is it?

You know to never open an attachment in an email from an unknown sender, or to be wary of telltale bad grammar. These are sure signs of a phishing scam, but some cyber-criminals are more advanced.

They may pose as someone else – such as a friend, a bank etc. – and encourage you to follow a link or open an attachment. The email may look legitimate but will contain harmful malware that could pose a serious risk to your entire business.

How can you prevent it?

The most obvious technique: be sure before you click. If there is anything remotely suspicious or odd about the email, don’t follow a link or open an attachment.

If an email from a bank or other trusted organization asks for confidential information, contact them through another channel to confirm this (though they will generally never ask for sensitive data through email anyway).

Anti-phishing toolbars can be installed on your browser, which will notify you if you enter a known phishing website. Use desktop and network firewalls to protect your system from any malicious programs, and pay attention when your browser informs you that a site is ‘not secure’ (lacking the ‘https’ in its URL bar).

SQL Injection Attack

What is it?

SQL (Structured Query Language) is a language allowing for communication between databases, and countless servers use it to manage critical data. An SQL injection is an attack aimed at these types of servers, employing malicious coding to extract data from them which would otherwise remain private.

If the server under attack carries access information (usernames, passwords), financial details (credit cards etc.), or any other highly-sensitive data, the criminal responsible will be able to access some or all of it.

How can you prevent it?

All sensitive data contained within a database should be encrypted. Passwords, financial records, and anything else which could leave your business vulnerable must be protected.

Also, don’t store such sensitive information if you don’t need it currently, and are unlikely to in the future. Leaving data that carries real value to linger in your databases could lead to problems – all of which can be avoided simply by wiping useless information.

Implement Web Application Firewall as it will automatically block and prevent SQL injection attacks.

Cross-Site Scripting (XSS)

What is it?

During an XSS attack, the cyber-criminal injects malicious code right into your website with an aim to go after your visitors through their browser.

They can plant the code in comments on blogs, possibly embedding links to risky JavaScript that would attack unsuspecting users. The browser would run the infected script believing it to be part of the legitimate website, and the user is none the wiser.

These attacks can cause severe damage to your reputation, as your site would be responsible for endangering visitors’ sensitive data.

This is worsened if they are customers purchasing from you or providing their personal details. As a result, you might not even realize your site is infected until customers start tracing suspicious activity back to their activities on your domain.

How can you prevent it?

While web application firewall will block XSS attacks, you need to pay attention to the way in which your site accepts input data, to minimize malicious code passing through. This might mean using a number of filters in place, such as a web app firewall, that reduces the risk of an XSS attack significantly.

Another step, though somewhat more complex, is to use an alternative rendering format to raw HTML, to reject entries that might be malicious. Markdown or BBCode are alternatives to raw HTML that may help to protect against XSS attacks.

Cyber-security threats are constantly evolving, as criminals continue to find weaknesses in security protocols and exploit them. By keeping your security systems up to date and, staying abreast of the latest risks, you can maximize your business’s resistance to threats. 

Never be complacent about your business’s cyber-security precautions: you should always be willing to explore new systems and processes for the good of your entire enterprise.

When you have questions concerning cybersecurity threats, get in touch with our team and we will be happy to help.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit