Cybersecurity for Beginners

In 1989, Robert Tappan Morris became the first person convicted for hacking under the Computer Fraud and Abuse Act after a computer program he created infected more than 6,000 university, research center and military computers. 

The Morris worm was just the beginning of an age of cyber insecurity. Criminals saw the damage Morris’ worm could do, and weaponized it for criminal and malicious activity. Viruses started getting deadlier and deadlier, affecting more and more systems. As organizations realized the threats faced on the Internet, they also began investing in antivirus technology.  

We now live in an era of ransomware, malware, and nation-state attacks.  A cyberattack can disrupt your business, compromise customer data and tarnish your brand. That’s not hyperbole- that is a fact of life in today’s connected, digital world. 

It is easy to feel powerless and fearful, given that nameless, faceless criminals are probing your business for weaknesses. It’s also easy to feel overwhelmed and confused by the jargon, acronyms and technical information involved in any conversation about cybersecurity. To help, here is our handy guide to help demystify and simplify the world of cybersecurity.   

How Hackers Turn the Internet into a Weapon 

In general, hackers penetrate the system and then demand ransom from the victims. There are other reasons like a financial loss to the target, damaging the reputation of the target, or political maneuvering. 

There are mainly five types of attacks: 

1. Supply Chain Attack
2. Man in the Middle
3. Email Attacks
4. Password Attacks
5. Malware and Ransomware Attacks 

1. Supply Chain Attack

The biggest and more devastating cyberattacks like NotPetya and SolarWinds have been supply chain attacks. In the SolarWinds case, Russian hackers hacked the software firm SolarWinds, compromising networks of at least nine US federal agencies, including NASA, the State Department, the Department of Defense, and the Department of Justice.  

These attacks occur when a threat actor can attack a target by means of compromising a third-party. By compromising a single supplier, spies or saboteurs can hijack its distribution systems to turn any application into a security risk. 

2. Man in the Middle

This is a form of eavesdropping where an attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, but the conversation is controlled by the attacker.  

3. Password Attack

There are several types of password attacks used to steal your passwords and compromise computer networks. The most common are:  

• Dictionary attack: In this method, hackers run through every password that is possible through the dictionary.
• Brute force: This is a trial-and-error method used to decode the password or data. This attack takes the most amount of time.
• Keylogger: As the name suggests, a keylogger records all keystrokes on a keyboard. Most hackers use keyloggers to get passwords and account details.
• Shoulder surfing: The attackers simply watch the user’s keyboard by looking over their shoulder. 

4. Email Attacks

There are three main types of email attacks:  

1. Phishing/Spearphishing: The attacker sends bait, often in the form of an email. It encourages people to share their details. 
2. Spoofing: The attacker pretends to be another person or organization and sends you an email claiming to be a legitimate email so that you send them important information. 
3. Trojan Horse: Hackers can send malicious files through emails. These files may be images, documents, audio, or videos, which often contains a virus, spyware or malware (more on these below).  

5. Malware/Ransomware Attack

Malware: This is a malicious program or software that disrupts or damages the computer. There are several types of malware. 

Virus: A computer virus is a malicious code that replicates by copying itself to another program or document and changes how a computer works. The virus requires someone to knowingly or unknowingly spread the infection without the knowledge or permission of a user or system administrator. 

Worms: These are standalone programs that run independently and infect systems.

Ransomware:  Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Cybercriminals then demand ransom in exchange for decryption.

How to Defend Against a Cyberattack 

Now that you know more about the threats faced online, what can you do? At Elevity, a multi-layered security fabric is critical to mitigating the risks associated with today’s cybersecurity challenges.  These tools include proactive measures, advanced detection and response software tools and, disaster recovery and continuity solutions.

An important piece of any proactive solution is Dark Web Alerts. When there is a Dark Web Alert, our service desk team knows whenever work credentials for your company are found on the Dark Web. Our team checks those passwords and will take remediation action on our customers’ behalf.  

Additionally, one of the most critical things businesses can adopt is two-factor authentication. Regardless of what systems you have or email platform you use, it should take more than just a password to access an account, so that even if the password is compromised it is useless to bad actors.    

Crucially, a cybersecurity monitoring solution that includes SOC (Security Operation Center) resources should never stop working and can bring the time to detection in critical moments from days down to minutes. That’s the difference between having to wipe or replace every machine in the organization to having a single compromised device.  

In addition, we have made an investment to provide SIEM (Security Information Event Management that uses AI and machine learning to alert Security Engineers when there is suspicious activity that a human might not notice.  This solution is often called MDR – Managed Detect and Respond. 

Traditional Anti-Virus software only checks files downloaded to your PCs against a known list of bad files. This is minimally effective given the rate at which threat actors are writing new viruses. To make this effective we have partnered with a 24x7x365 Security Operations Center team to review all the IOC’s (Indications of Compromise) alerts and focus on the real threats that will impact your business operations. 

I hope this is a useful foundation for anyone interested in learning more about cybersecurity. If you’d like to learn more about responding to cybersecurity threats, download our free Cybersecurity Handbook. If you would like a cybersecurity roadmap for your organization, reach out to us today for a cybersecurity risk assessment.