For the complete White Paper (“Angel Investing in Cybersecurity: Understanding the Technology”), please check out Mach37.com
In the first installment of Cyber101, attackers were characterized as having two goals, steal your information or disrupt your business. Four main attack targets were identified, the externally-facing resources accessible from the open internet, your internal network, devices on your network, and the people who use those devices. But how do attackers go after these targets to get access to your internal information or resources?
Regardless of the attack vector, the approach is generally to deploy a piece of malicious software, hidden somewhere in the external or internal infrastructure, that can help the attacker steal information or disrupt business operations.
The first vector, attacking the network, can be accomplished by:
- Tricking your firewall into believing that bad traffic is really OK
- Modifying your routers to mis-direct traffic
- Listening in on traffic inside your wired or wireless corporate network, and many more.
Devices can have malware loaded onto them:
- Through e-mail
- Embedded in downloaded apps
- Through the browser
- From corrupted thumb drives
- In the originally shipped operating system, and many additional methods.
Most security professionals consider people to be the weakest link, either through intentional malice (think disgruntled employees on the way out) or unwittingly through phishing attacks, poor practices, inadequate attention to policies or system maintenance requirements, and of course many, many more. A third type of “people” attack involves stealing online credentials or identity such as passwords, and impersonating the victim. Put it all together and you get a picture like the following:
There are many more specific attacks available in the arsenal, but most of them can be understood within these categories. Next week, Cyber101 will address why defending against this range of attacks is even harder than it seems at first glance.