Misconceptions about attack methods, targets, or intentions of cybercriminals are common. This harms corporate security. A popular saying from IT security professionals is that there are two types of companies – those that have been hacked and those that don’t yet know. The fact is that cyber-attacks are one of the most essential threats to our economy today. But even though cybercrime has become a ubiquitous topic, hacker attacks and the risk of falling victim to them are still misjudged – both by IT departments and by management. IT managers should therefore pay particular attention to some facts when planning their security strategy. The majority of cyberattacks are not particularly sophisticated.
There is often talk of particularly sophisticated attack methods and highly developed cyber-attacks, behind which well-organized hacker groups or national secret services stand. Fending off this represents an enormous, almost insurmountable challenge for an average company. The attackers seem so skilled and technically well equipped that the victims have no chance anyway.
The fact is, however, that the majority of cybercriminals these days are neither technically sophisticated nor act on behalf of the state. Most attacks result in hackers benefiting from avoidable vulnerabilities and careless human behaviour. This requires neither great technical nor financial resources, but above all perseverance and perseverance.
Cybercriminals spend a lot of time planning and preparing their attacks, spying on their victims and thus finding a way to gain access to the systems of their victims as unnoticed as possible and without creating a lot of “noise”. In doing so, they look for the weakest link in the chain, i.e. weak points in networks and systems, such as misconfigurations, standard login information or careless employees.
Phishing is the quickest way for hackers to get there. E-mail attacks with infected Office documents, which are mainly spread via phishing, are still very popular. Despite increasing awareness and education among employees, many people continue to open e-mail attachments of unchecked origin, click on unknown links or unknowingly enter login information including passwords on manipulated pages.
Most of all, cybercriminals target privileged accounts. Once a hacker has managed to get a foot in the door of his victim, he begins to look out for privileges and sensitive credentials that allow him to move through the networks looking for sensitive information. Privileged company accounts such as administrator accounts, server or database accounts are still the most effective method for extracting sensitive and lucrative data. At the same time, they offer the opportunity to hide your tracks and remain undiscovered for months – sometimes even years.
Conventional perimeter security is no longer sufficient to protect against cybercrime. Security officers should think about privileged account management, which gives them a complete overview of all privileged accounts existing in the company network as a first step.
It should be possible to monitor privileged sessions to identify unusual and potentially harmful accesses at an early stage before major damage occurs. Solutions that use machine learning technologies and analyze user activities based on individual behavioural patterns can support this.
In a further step, it makes sense to automate the password management and to enforce a minimum allocation of rights, also called “Least Privilege”. This means that only those employees who need it have access to sensitive data.