Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:08 PM
Joseph Carson
Joseph Carson
News Analysis-Security Now

Deciphering the Threat Landscape

Why do we continue to see so many cyberbreaches? If we look at why many of the breaches in the past year have occurred, it comes down to three major factors.

With more than 3.5 billion Internet users worldwide, there are millions of opportunities for hackers to exploit. If we look at all the cyberbreach reports in the past year (and even in the last few months) -- we can clearly see that it has been a busy time for cyber criminals. Public reports describe more than 500 data breaches and more than 3 billion records stolen in 2016 alone.


So why do we continue to see so many cyberbreaches? If we look at why many of the breaches in the past year have occurred it comes down to three major factors:

  • Human factor
  • Identities and credentials
  • Vulnerabilities

Every day, billions of people power up their devices and connect to the Internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get advice for health, share their thoughts and access financial information. As more and more people and businesses use online services, they quickly become a target of cyber criminals and hackers. It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money.

Cyberdefense is like a game of Space Invaders with cyberattacks coming from all around the world, attacking your perimeter and devices looking for the opportunity to gain access to your sensitive information. While all of this is happening, you are not able to fight back. You hope that the basic security controls you have are going to stop them all and sometimes it is only a password that is the difference between security and becoming a victim.

Email and social media continue to be the primary weapons used by cyber criminals using cunning techniques for luring unknowing victims to simply give up their secrets using trust and help. Recent quizzes making the rounds on social media asking questions like your first five cars, the top five concerts you went to and cities around the world you have visited are all common password security questions used when resetting passwords. So, think twice about participating in social quizzes as it might be a cyber criminal simply getting you to share information that will unlock your security.

Be very careful about all those emails you get. While they all look authentic and valid, containing real information about you and suggesting that you want to cancel an order, pay a speeding ticket, get tax returns easily or open an attachment, all of these could simply mean you are one click away from getting infected with ransomware or giving access to your devices to a cyber criminal who can then watch you via your camera and listen to your conversations. It is critically important to check every hyperlink to see where it is taking you. If you suspect something, simply do not click on it.

If you do become a victim of ransomware you literally have three options: you restore from a backup, you pay the ransom (with no guarantees) or you say goodbye to your files. This is why it is of the utmost importance that you back up your files onto external hard drives and make sure it is possible to easily restore them.

In this connected world with ever increasing cyberthreats, it is important that you use intelligence and smart steps to avoid becoming the next victim. Here are some smart steps you and your employees can take now.

  1. Limit personal identifiable information on social media.
  2. Do not use social logins and limit the use of application passwords.
  3. Limit what you do over public WiFi.
  4. Use a Virtual Private Network (VPN) to keep your Internet access private.
  5. Back up critical and sensitive data online and offline.
  6. Use password managers and protect privileged accounts.
  7. Keep systems patched and up to date.
  8. Before "clicking," stop, think and check if it is expected, valid and trusted.

— Joseph Carson is Chief Security Scientist at Thycotic and a Certified Information Systems Security Professional (CISSP).

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-01
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploit...
PUBLISHED: 2020-12-01
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that...
PUBLISHED: 2020-12-01
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause pr...
PUBLISHED: 2020-12-01
HUAWEI nova 4 versions earlier than and SydneyM-AL00 versions earlier than have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected prod...
PUBLISHED: 2020-12-01
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.