Five common misperceptions about business cyberattacks

Most decision makers in IT management are having to spin so many plates, all at the same time, that there’s always a danger one of them will eventually fall to the floor and smash.

The problem is, just because you’ve attended to a cyber security issue, or decided that it’s not relevant for your business, that doesn’t mean you can forget all about it. With the increasing sophistication and determination of attackers, and the type of threats evolving all the time, you can’t afford to drop your guard with any aspect of security, even for a moment.

While maintaining IT security is an increasingly challenging task, a good place to start is to avoid a number of common misperceptions, all of which were encountered within a wide range of organizations when investigating and neutralizing attacks over the past year.

Misperception 1: We are too small to be a target and don’t really have anything worth stealing

It’s easy to think attackers might be targeting bigger fish than your organization. Or that you’re in a low-interest sector and simply don’t have any assets likely to attract the attention of a passing cybercriminal. But our experience tells us otherwise. If you have processing power and a digital presence, you are a potential target.

It’s worth remembering that even though hackers from North Korea and Russia make the headlines, most attacks are not carried out by nation states but opportunists looking for easy prey. So, whatever size your business, if you have any weaknesses in your defenses, such as security gaps, errors or misconfigurations, then you could easily be next.

Misperception 2: We don’t need advanced security technologies installed everywhere

Some IT teams still believe that endpoint security software is enough to thwart all threats, and that they subsequently don’t need security for their servers. Big mistake. Unlike in the past, any errors in configuration, patching or protection make servers a primary target.

The list of attack techniques designed to bypass or disable endpoint software include those operated by humans which exploit social engineering, malicious code injected directly into memory, ‘fileless’ malware attacks such as reflective DLL (Dynamic Link Library), and attacks using legitimate remote access agents like Cobalt Strike, alongside everyday IT admin tools. Unfortunately, basic anti-virus technologies will struggle to detect and block such threats.

Even the assumption that protected endpoints can prevent intruders from making their way to unprotected servers is misguided. Recent experience tells us servers are now a prime target and attackers can easily find their way in using stolen access credentials.

Most contemporary cyber criminals have a strong understanding of Linux machines. In fact, attackers can hack into and install back doors in Linux machines to hide and maintain access to your network. If your organization only relies on basic security, intruders won’t find it too difficult to bypass your defenses in this way.