Deciphering the Threat Landscape

Why do we continue to see so many cyberbreaches? If we look at why many of the breaches in the past year have occurred, it comes down to three major factors.

Joseph Carson, Chief Security Scientist, Advisory CISO, Delinea

June 19, 2017

3 Min Read

With more than 3.5 billion Internet users worldwide, there are millions of opportunities for hackers to exploit. If we look at all the cyberbreach reports in the past year (and even in the last few months) -- we can clearly see that it has been a busy time for cyber criminals. Public reports describe more than 500 data breaches and more than 3 billion records stolen in 2016 alone.


So why do we continue to see so many cyberbreaches? If we look at why many of the breaches in the past year have occurred it comes down to three major factors:

  • Human factor

  • Identities and credentials

  • Vulnerabilities

Every day, billions of people power up their devices and connect to the Internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get advice for health, share their thoughts and access financial information. As more and more people and businesses use online services, they quickly become a target of cyber criminals and hackers. It is critically important to know how cyber criminals target their victims, what you can do to reduce the risk and make it more challenging for the attackers who steal your information, your identity or your money.

Cyberdefense is like a game of Space Invaders with cyberattacks coming from all around the world, attacking your perimeter and devices looking for the opportunity to gain access to your sensitive information. While all of this is happening, you are not able to fight back. You hope that the basic security controls you have are going to stop them all and sometimes it is only a password that is the difference between security and becoming a victim.

Email and social media continue to be the primary weapons used by cyber criminals using cunning techniques for luring unknowing victims to simply give up their secrets using trust and help. Recent quizzes making the rounds on social media asking questions like your first five cars, the top five concerts you went to and cities around the world you have visited are all common password security questions used when resetting passwords. So, think twice about participating in social quizzes as it might be a cyber criminal simply getting you to share information that will unlock your security.

Be very careful about all those emails you get. While they all look authentic and valid, containing real information about you and suggesting that you want to cancel an order, pay a speeding ticket, get tax returns easily or open an attachment, all of these could simply mean you are one click away from getting infected with ransomware or giving access to your devices to a cyber criminal who can then watch you via your camera and listen to your conversations. It is critically important to check every hyperlink to see where it is taking you. If you suspect something, simply do not click on it.

If you do become a victim of ransomware you literally have three options: you restore from a backup, you pay the ransom (with no guarantees) or you say goodbye to your files. This is why it is of the utmost importance that you back up your files onto external hard drives and make sure it is possible to easily restore them.

In this connected world with ever increasing cyberthreats, it is important that you use intelligence and smart steps to avoid becoming the next victim. Here are some smart steps you and your employees can take now.

  1. Limit personal identifiable information on social media.

  2. Do not use social logins and limit the use of application passwords.

  3. Limit what you do over public WiFi.

  4. Use a Virtual Private Network (VPN) to keep your Internet access private.

  5. Back up critical and sensitive data online and offline.

  6. Use password managers and protect privileged accounts.

  7. Keep systems patched and up to date.

  8. Before "clicking," stop, think and check if it is expected, valid and trusted.

— Joseph Carson is Chief Security Scientist at Thycotic and a Certified Information Systems Security Professional (CISSP).

Read more about:

Security Now

About the Author(s)

Joseph Carson

Chief Security Scientist, Advisory CISO, Delinea

Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the chief security scientist and advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights