Read Time: 3 Minutes
Cyber security, cyber threats, cyber criminals… These are the words that are all over the media today. But what is this buzz all about? Jarno Niemelä from F-Secure labs explains…
“Cyber” is in many cases basically a way for consultants to double their fees. It is as simple as that. And that is why it is talked so much about.
The real difference in cyber-attacks and “normal” online attacks is not the tool used, but the target and effect of the attack. While a DDoS attack against a Minecraft server is harmful for its target, it is not a cyber-attack as such. However, a DDoS attack against a bank that crashes credit card processors and the ATM network is a cyber-attack.
Shortly, cyber-attacks are not about the attack or defense, they are about what the attacker does when he gets into the system.
While any company has enemies and is interesting to profit-seeking online criminals, it is the big, important or influential companies who are targeted specifically and are the potential victims of cyber-crime. The rest are mainly targets of opportunity.
There are lots of different ways to execute such a cyber-attack, e.g. Trojans, web-based attacks, social network attacks, attacks over USB, etc.
Just like regular malware, targeted cyber-attacks need code running in the victim’s system. This means they need to be able to infect at least one device. And, they need to be able to move laterally in the victim network. So, from a defense point of view, there is little difference between a normal online attack and a targeted one.
Both types of attackers also need Command and Control access to be able to direct the attack and to be able to leak the stolen goods.
However, there are some differences as well.
In targeted attacks, there are more resources available, which can be used for 0-Day exploits and exotic attack types. The attacker is patient and the infection may lie dormant for a long time. This means that if you have the capabilities to stop these more advanced attacks, you are well prepared for malware of any type.
So, what can you do to protect your company against the new cyber threats? In today’s world, old fashioned antivirus is simply not enough.
Preparation is the best defense and the following 8 steps will keep you and your company safe:
- Install a proper End point protection – such as F-Secure Protection Service for Business, or Client Security
- Patch everything – you can make it easy with Software Updater
- Minimize attack surface
- Harden OS and apps
- Make backups
- Know your system
- Create system baseline with checksum tool
- Get familiar what processes are normally running in the system
Mostly cyber security is about doing your basic security properly. A system that cannot be infected, cannot be used as a beachhead. Stopping lateral movement will stop the cyber attackers.
In addition, pay extra attention to critical production infrastructure. Isolate your production if possible. Make sure your production servers have different network connections than your visible ones. And make your production self-monitoring with watchdogs and alarms. And last, create and maintain a file and system integrity database.
Invitation to cyber security webinar series
Welcome to join our Labs expert Jarno Niemelä for a webinar on cyber security. Jarno is an experienced speaker and researcher, and will guide you through this series of webinars.
You can register to the webinars from the right hand teaser link.
Be sure to register and join early – only 1.000 first participants will be able to join the live session.
See the full schedule below:
|4 May 2015 at 11.00 EET||Introduction to cyber security|
|4 June 2015 at 11.00 EET||Defending workstations|
|21 September 2015 at 11.00 EET||Defending servers|
|15 October 2015 at 11.00 EET||Defending network|
|9 November 2015 at 11.00 EET||Responding to an incident|
|3 December 2015 at 11.00 EET||Building secure systems|