Close Menu
    Trending
    Subscribe
    Monday, March 17

    How Can Businesses Defend Themselves Against Common Cyberthreats?

    Updated: Tech No Comments

    Every business is currently in danger of cyberattacks, and that danger is growing faster. Digital modifications are resulting in more sensitive and important data being moved onto virtual systems capable of abuse, thus increasing the competitiveness of a successful violation.

    Additionally, cyberattacking is becoming more affordable. Exploit kits and trojan- as- a- services offerings are getting cheaper, while available- cause AI tools are making masquerading as a trusted professional and exploiting vulnerabilities easier.

    Expert advice on how companies can respond to the most prevalent digital threats, as summarized by TechRepublic:

    • Social engineering attacks.
    • Zero-day achievements
    • Ransomware problems and information theft.
    • strikes on IoT devices.
    • Supply chain episodes.
    • Deepfakes AI

    Social engineering attacks

    Who are they, exactly?

    Social engineering is an umbrella phrase for some of the most popular types of attacks, all of which involve some form of individual adjustment to get data about an organization or system. Among the episodes that social engineering perform include

      Phishing: Intruders impersonate genuine entities to mislead individuals into giving up private info, like log- in credentials. This can be done via texting or phone ( smishing ), but the majority of the time it takes the form of an email.

    • Baiting: The intruder leaves a physical device, like a USB stick or CD, containing ransomware in a public location in the hopes that someone will pick it up and use it, so compromising their program.
    • Whaling: A more sophisticated form of hacking that typically targets a second, high-ranking person.
    • Company email compromise: A intended cyberattack where attackers impersonate a reliable executive via a affected email account and mislead employees into transferring money or revealing sensitive information.

    SEE: 6 Persuasion Techniques Used in Social Engineering Attacks

    What are the most common attack entry points?

    Despite the fact that emails, phone calls, and USB sticks can all be used to launch social engineering attacks, humans are the only thing that they can do.

    How can businesses protect themselves?

    Zero-day exploits

    Who are they, exactly?

    TechRepublic contributing writer Kihara Kimachia defined zero- day exploits as:

    Zero-day exploits are code flaws and gaps that software developers, security researchers, and the general public are unaware of. The term ‘ zero day’ originates from the time remaining for a software vendor to patch buggy code. Developers are prone to attack and have no time to patch the code and close the gap because they have no days or no hours to respond. One bug can give hackers enough access to explore and map internal networks, exfiltrate valuable data and find other attack vectors”.

    SEE Zero-Day Exploits Cheat Sheet: Definition, Examples, and How It Works.

    Zero- day attacks could be on the rise thanks to the growing accessibility of large language models. These models can be used to make convincing social engineering attacks and accelerate the investigation of vulnerabilities.

    What are the most common attack entry points?

    Potential attack entry points for zero- day vulnerabilities are the same as known and patched vulnerabilities — any way an attacker can exploit the weaknesses in software or hardware systems. These common entry points for attacks include:

      Email attachments that exploit vulnerabilities in software when opened. As part of a social engineering attack, these attachments can be delivered to a victim’s inbox.

    • Compromised websites that trigger the automatic download of malware onto a visitor’s device.
    • a threat actor directly exploits a vulnerability in software or hardware by injecting malicious code.

    How can businesses protect themselves?

    Kimachia offered the following advice for protection against zero- day exploits:

      Maintain software up-to-date as new vulnerabilities are patched. However, it’s important to be cautious when updating from unverified sources.

    • Install intrusion detection systems that can identify network anomalies and patterns that aid in the identification of zero-day exploits.
    • Implement endpoint security solutions that offer real- time monitoring and protection against both known and unknown threats.
    • By signing up for threat intelligence services, which provide current information on vulnerabilities and exploits, you can stay informed.
    • Develop an incident response plan so security teams can act quickly and cohesively to mitigate the damage caused by a zero- day exploit.
    • Any unusual user or system behavior that might indicate the existence of a zero-day exploit can be identified by behavioral analytics tools.
    • Conduct regular security audits using a security risk assessment checklist to proactively identify any vulnerabilities in your network and applications.
    • Never use a” .0″ release of software to protect your organization from undiscovered zero-day vulnerabilities in the initial release.

    Ransomware attacks and data theft

    Who are they, exactly?

    Ransomware is malware, according to TechRepublic’s ransomware cheat sheet. The hackers demand payment, often via Bitcoin or prepaid credit card, from victims in order to regain access to an infected device and the data stored on it.

    Ransomware’s impact, according to recent research, could include heart attacks, strokes, and PTSD, in addition to its financial connotations.

    A ransomware attack is a form of data theft attack, and encrypting is not the only thing that attackers can do when they successfully obtain access to the data. Additionally, they could sell the information to rival cybercriminals or other cybercriminals, causing reputational and financial harm.

    What are the most common attack entry points?

      Vulnerabilities in enterprise software and applications that connect to the internet can allow bad actors to gain unauthorised access to an organization’s environment and steal or encrypt sensitive data.

    • Similar to malware that checks connected devices for vulnerabilities, compromised websites may be compromised. If one is found, malware can automatically be downloaded onto the device that provides the attacker with remote access to the system and, therefore, data.
    • Another common attack vector is employee social engineering attacks. Attackers can gain access after a worker opens a link or download from a phishing email masquerading as legitimate communication. Ransomware may also be installed on purpose by those who feel unfairly treated by their employer or have a contract with cybercriminals.
    • Weak log- in credentials can be exploited via brute force credential attacks. The bad actor then enters a string of common usernames and passwords until a legitimate login is found, which allows them to launch the ransomware attack.
    • Previously compromised credentials that have been leaked on the dark web without the owner’s knowledge can offer access to the organization’s system. As staff members frequently reuse passwords to make them rememberable, one set of correct credentials can frequently unlock multiple areas of the environment.

    SEE: Brute Force and Dictionary Attacks: A Guide for IT Leaders ( TechRepublic Premium )

    How can businesses protect themselves?

    To protect businesses and assets from ransomware, Check Point Research, a provider of threat intelligence, offers the following advice:

      Back up all company data regularly to mitigate the potential impacts of a ransomware attack. You should be able to quickly and simply restore to a previous backup if something goes wrong.

    • Keep software updated with the latest security patches to prevent attackers exploiting known vulnerabilities to gain access to the company system. Unsupported operating system laptops should be removed from the network.
    • Leverage an automated threat detection system to identify the early warning signs of a ransomware attack and give the company time to respond.
    • Install anti-ransomware software that checks computer programs for suspicious behavior that ransomware frequently exhibits. If these behaviours are detected, the program can stop any encryption before further damage is done.
    • Implement multifactor authentication to stop hackers from gaining access to the company’s systems who discover an employee’s log-in credentials. Phishing- resistant MFA techniques, like smartcards and FIDO security keys, are even better as mobile devices can also be compromised.
    • Employers should only have access to the information and systems necessary for their job, according to the principle of least privilege. This limits the access of cybercriminals should an employee’s account become compromised, minimizing the damage they could do.
    • Consider using an automated email security solution to stop phishing emails from reaching users and keep an eye on emails and files to prevent ransomware or data theft.
    • Train employees on good cyber hygiene to help minimize the risks of the inevitable human attack vector. The team is taught to recognize phishing attempts by cybertraining, which stops ransomware deployment by attackers.
    • Do not pay the ransom if a business does fall victim to ransomware. Because there is no guarantee that the attacker will keep their word, and the reward system will encourage more attacks, cyber security experts advise caution.
    • Refer to the No More Ransom project. In a collaboration between Europol, the Dutch National Police, Kaspersky Lab, and McAfee, ransomware victims are given decryption tools to remove it from more than 80 different ransomware types, including GandCrab, Popcorn Time, LambdaLocker, Jaff, CoinVault, and many others.

    IoT attacks

    Who are they, exactly?

    Since the COVID- 19 pandemic, IoT devices have become more commonplace in organizations to support new remote working policies. Although this is a good thing, cyberattackers are increasingly turning to these devices for their increased security because they typically lack the same level of security as more sophisticated hardware.

    SEE: Securing IoT with Microsoft Defender for IoT Sensors

    Cyber criminals target IoT devices in a variety of ways, including the weak security of them. For example, they can use them as an entry point to deploy ransomware on the device or wider network, or even control the device to sabotage business processes.

    Additionally, IoT botnet attacks frequently involve the use of coordinated attacks by a single “botmaster” against a network of connected devices that are being carried out without the device owners ‘ knowledge. Examples of botnet attacks include distributed denial- of- service ( DDoS ) attacks on a target server or website, data theft by intercepting transmissions over the network and malware distribution. Botnet attacks can also use “living off the land” strategies, which involve the use of legitimate IoT devices and software to fend off detection.

    What are the most common attack entry points?

      Existing software vulnerabilities in a device can be exploited by cybercriminals to gain access to an IoT device or network. Poor security practices, a lack of updates, or outdated software may contribute to these vulnerabilities.

    • Many organizations lock their IoT devices using default or weak credentials, which can be easily guessed by an attacker through a brute force credential attack.
    • As part of a wider social engineering attack, employees might provide IoT device log-in credentials or download IoT-targeting malware.
    • If IoT devices are not kept physically secure, then attackers might tamper with the hardware by altering settings or connecting malicious devices. Intruders could be present, but also contractors or contractors who have access to their homes.
    • All the above entry points could be present at the device’s supplier or manufacturer, meaning it could be compromised even before deployment.

    SEE: Research Finds Most Risky IoT, Connected Assets

    How can businesses protect themselves?

    The following advice is from Brian Contos, a security expert with Phosphorus and Sevco, senior threat expert at Trend Micro and TechRepublic contributing writer Cedric Pernet and TechRepublic reporter Megan Crouse.

      Maintain an up-to-date list of IoT devices to ensure complete access to every device that requires protection.

    • Ensure IoT devices have strong, unique passwords that are rotated regularly to prevent successful brute force credential attacks.
    • Keep IoT devices up to date with the most recent security patches and firmware, and upgrade them to more up to date devices that support improved security practices.
    • Harden IoT devices by disabling unnecessary ports and connectivity features.
    • Use network firewalls, access control lists, and VLANs to restrict IoT devices ‘ communication outside the network.
    • Validate and manage IoT digital certificates to mitigate risks such as TLS versions and expiration dates.
    • Monitor IoT devices for suspicious changes, such as reactivating insecure services or default password resets.
    • Implement mobile security solutions and train employees to detect compromise attempts on their mobile devices.
    • In order to protect sensitive information from hackers, advise employees to turn off mobile devices and store it away from employees during sensitive meetings.
    • Enable logging for application, access and security events and implement endpoint protection and proactive defences like SIEM tools and security orchestration solutions.
    • Implement phishing-resistant multifactor authentication to ensure that legitimate cybercriminals have access to the correct log-in details.

    Supply chain attacks

    Who are they, exactly?

    A cybercriminal uses a less secure vendor of software, hardware, or services to target an organization during supply chain attacks. Historically, supply chain attacks occurred when an attacker infiltrated a trusted supplier that had been granted access to the victim’s data or network to do their job, however, now software supply chain attacks— where the attacker manipulates software that is distributed to many end user organisations— are actually more common. Businesses that have used the compromised software are now vulnerable to data theft, ransomware, and other types of attacks.

    Bad actors use a variety of techniques to access and manipulate the code behind commercial software products. After breaking into one of its developers ‘ accounts or utilizing a vulnerability in the download location, they may release malicious updates. Alternatively, attackers might amend code stored in a software library used by developers for hundreds of different products.

    SEE: After suffering a MOVEit supply-chain attack, BBC, British Airways, and Boots are hit with hackers ‘ Ultimatum.

    Sometimes, the bad actor might build a trusted relationship with legitimate developers of enterprise software and become one of the maintainers of their tool, allowing them to slowly push different vulnerable parts of code into the software without being noticed. In the XZ Utils data compressor, a backdoor was introduced in 2024 using this example.

    What are the most common attack entry points?

    To execute a supply chain attack, attackers first need to gain access to a crucial part of a target organization’s supply chain. There are a number of potential targets, all of whom are vulnerable to social engineering schemes, using weak log-in credentials, unintentionally downloading malware from a compromised website, and having digital systems flaws. Some common entry points are:

      Third-party software providers could be used by hackers to alter the target company’s software or modify its update mechanisms before directly altering the product’s code.

    • Third- party service providers that may have been granted access to the target company’s system and have weaker security.
    • Third-party hardware providers can gain access to their facilities, as hackers can manipulate physical or hardware components during manufacturing or distribution.
    • Open- source or private code repositories used by enterprise software developers. This allows attackers to incorporate malicious code into hundreds of different software products used by even more businesses.

    How can businesses protect themselves?

    The following advice is from Kurt Hansen, the CEO of cybersecurity firm Tesserent, senior threat expert Cedric Pernet and TechRepublic contributing writer Franklin Okeke.

      Conduct an audit to ensure that all business activities involve third parties because they frequently involve a variety of suppliers to various organizational components.

    • Follow a documented governance process for third parties that includes accreditations, whether they are doing assessments and if they are outsourcing themselves. Make sure contracts include details about requirements, data protection rights, and penalties for violating them.
    • Remain aware of developing geopolitical tensions and consider if they are putting the supply chain at risk.
    • Before deploying new software updates, examine the differences between the old and new code for code differences.
    • Implement a zero- trust architecture, where every connection request must meet a set of rigorous policies before being granted access to organizational resources.
    • Use honeytokens to transfer valuable data. Once attackers interact with these decoy resources, an alert is triggered, notifying the targeted organization of the attempted breach.
    • Conduct regular assessments of third-party risk. This helps to expose each vendor’s security posture, providing further information on vulnerabilities that should be remediated.
    • Third-party attack surface monitoring automatically.

    AI deepfakes

    Who are they, exactly?

    As part of cyberattacks, AI deepfakes are increasingly being used. Bad actors can more easily impersonate trusted individuals to evade security controls and gain access to an organization’s environment.

    In recent months, AI tools ‘ ease of use and affordability have also significantly lowered the barrier to entry. Research by Onfido revealed the number of deepfake fraud attempts increased by 3, 000 % in 2023, with cheap face- swapping apps proving the most popular tool.

    SEE: Report Reveals the Impact of AI on the Cyber Security Landscape: Prompt Hacking, Private GPTs, Zero-Day Exploits, and Deepfakes.

    There are a number of impacts a deepfake attack could have on an organization. Multiple instances of financial fraud have been reported, with a con artist pretending to be an executive and persuading an employee to give them money. In addition, deepfakes could be used to convince others of false events, such as a staffing change, which impacts an organization’s stock price. Deepfake employee content sharing may have serious consequences, harming a company’s reputation and employee experience.

    What are the most common attack entry points?

      Email. It was the most popular method of deepfake content distribution in 2022.

    • Video and phone calls can be made using sophisticated technology to impersonate a trusted executive’s voice and likeness. The deepfake could be a conversation that is being held in real time or a recorded message.
    • Authentication methods based on voice or facial recognition can be tricked using deepfake content of authorised employees.
    • Attackers may choose to create a compromising deepfake and share it on social media with the intention of eroding the company’s reputation or influencing their stock, or even their disgruntled employees.

    How can businesses protect themselves?

    The following advice was provided by Robert Huber, the chief security officer at cybersecurity firm Tenable, and Rahm Rajaram, the former VP of operations and data at financial services firm EBANX.

      Make regular risk assessment procedures, including evaluating internal content as well as that from third parties, a part of AI deepfakes.

    • Be aware of the common indicators of deepfake content, like inconsistent lighting or shadows, distortion at the edge of the face, lack of negative expressions and lip movement not correlating with audio. Consider hiring more teachers in this field.
    • Implement phishing- resistant MFA to prevent the attacker’s access even if their deepfake campaign results in them acquiring log- in credentials. Consider whether large wire transfers would require such verification without the use of facial recognition.
    • Look out for data breaches that expose customers ‘ credentials and flag these accounts to watch for potential fraud.
    • Maintain best cybersecurity practices to reduce the chance of all-encompassing phishing attacks, including those involving deepfakes.

    More cyber security resources

    Use these resources from TechRepublic Academy to enhance your organization’s cyber security:

    Source credit

    Keep Reading

    © 2025 alancmoore.com