Strengthen Your Defenses Against Phishing, Botnets, and Other Cyber Threats

Share on linkedin
Share on facebook
Share on twitter
cyber threats

Cyber threats are in the news nearly constantly, and are (or should be) top of mind for executives at every size and type of company. The Global Risks Report 2018, produced by the World Economic Forum, ranks cyber attacks as the third most pressing threat worldwide. Herewith, some specific concerns, and how you can address them more effectively.

Common Cyber Threats: Phishing, Botnets, and Bad Passwords

Phishing

This is the most prevalent type of what’s called “social engineering,” which is basically convincing authorized users to do something they shouldn’t. Phishing involves the sending of legitimate-appearing emails that induce readers to click on a link that takes them to a malicious web site or installs malware on their computers.

Malefactors execute phishing campaigns for two reasons: they’re easy, and they work. The Executive Summary of the 2018 Verizon Data Breach Investigation Report says “on average, 4% of the targets in any given phishing campaign will click it. And incredibly, the more phishing emails someone has clicked, the more likely they are to do so again.”

Once a phishing campaign visits your network, time is not on your side, Verizon adds. “You have 16 minutes until the first click on a phishing campaign. The first report from a savvy user will arrive after 28 minutes.” And phishing campaigns are getting more sophisticated, evolving into “whaling,” which targets C-level executives, and “spear phishing,” campaigns that target specific individuals or organizations to steal sensitive information or install malware.

Botnets

A botnet is a network of enslaved computers or other connected devices, created to steal data, send phishing emails, propagate malware, or compromise other networks. A hacker recently created a botnet of 18,000 routers in under 24 hours. Initially designed to attack connected computers, botnets now also go after Internet of Things (IoT) devices, which are often easy to find, easy to attack, and poorly managed or secured.

Bad Passwords

As The Washington Post reported in August, “A security audit of the Western Australian government released by the state’s auditor general this week found that 26 percent of its officials had weak, common passwords – including more than 5,000 including the word “password” out of 234,000 in 17 government agencies.” “Almost 13,000 used variations of the date and season, and almost 7,000 included versions of ‘123.’” “In one case, the auditors were able to access an agency’s network – with full system administrator privileges – by guessing the password: ‘Summer123.’”

These sad facts are not unique to Australia or its regional governments. Every year, cyber security vendor SplashData publishes a list of the most popular passwords that have been stolen and made public. The two most popular for the past few years? “123456” and “password.”

Cyber Threats: What to Do

Fortunately, a common set of steps can increase your defenses against these and multiple other cyber threats. The first of those steps is to discover and map your IT environment, including all hardware and software assets and the relationships that link these to each other, their users, and their tasks. You also need to be able to keep that information accurate, complete, and up to date.

Comprehensive discovery provides a firm foundation for the next step toward better cyber security: effective IT asset management (ITAM). With this step, you can impose policies that govern access to and behavior of your critical IT resources. For example, you can require regular scans of those assets to ensure all current patches and updates have been installed.

Once you’ve got discovery and ITAM locked in, you can take a third significant step toward better cyber security: IT service management (ITSM). Effective ITSM lets you manage IT incidents, problems, changes, and resource requests centrally and consistently. With effective ITSM, you can also implement and extend automation that performs critical tasks consistently.

Virima offers economical, modular, integrated, effective solutions for all three steps toward better cyber security. Discovery, ITAM, and ITSM tools from Virima can help you find, map, and manage your IT resources, and deliver the services your users and business require. They can also help your business identify vulnerabilities and respond to threats more quickly, effectively, and consistently.

These benefits can help make your environment more stable, secure, responsive, and valuable to your business. Learn more about Virima’s solutions for Discovery, ITAM, and ITSM, and how they can help you #CoverYourAssets, here.

Summary:

Common Cyber Threats

Cyber threats are in the news nearly constantly, and are top of mind for executives at every size and type of company. Common Cyber Threats: 1. Phishing: This is the most prevalent type of what’s called “social engineering,” which is basically convincing authorized users to do something they shouldn’t. 2. Botnets: A botnet is a network of enslaved computers or other connected devices, created to steal data, send phishing emails, propagate malware, or compromise other networks. 3. Bad Passwords: Every year, cyber security vendor SplashData publishes a list of the most popular passwords that have been stolen and made public. Comprehensive discovery provides a firm foundation for the next step toward better cyber security: effective IT asset management (ITAM). With this step, you can impose policies that govern access to and behavior of your critical IT resources.

Share on linkedin
Share on facebook
Share on twitter

Subscribe to Our Newsletter

More to Explore

To understand the business value of service mapping, it’s important to shift to a service delivery mindset, rather than thinking about delivering infrastructure, equipment, software, and applications. Defining services is relatively simple if thought of as the commoditization of what’s…

Business Service mapping – the area of configuration management that perplexes so many IT professionals, yet that which provides the highest value in configuration management database (CMDB) projects. There are several major reasons IT gets stopped when it comes to…

The world of service management has changed as technology has shifted from providing tools for administrative support to being fully embedded in the delivery of the business’ core function. There’s a world of difference between using an accounts payable system…

The Configuration Management Database (CMDB) provides a single database that contains information about the enterprise’s assets, both logical and physical. In modern service management platforms, it provides core functionality that is referenced by all of the service management practices, including…

The importance of discovery comes from what it provides to the users of the configuration management database (CMDB): trustworthy data and greater speed to value. Without discovery, the CMDB database is built by feeds and data entry, which can lead to…

There is an old saying that you can’t manage something unless you can measure it. IT asset discovery can provide you with accurate and up-to-date data and information about everything you use in IT.  You can then develop metrics using…

The most significant ServiceNow CMDB best practice is having a system with data you can trust. ServiceNow will tell you that, your stakeholders will tell you that, and IT service management (ITSM) professionals will tell you that.  Achieving high-quality configuration…

A CMDB’s value is undisputed when carefully implemented with a clear plan in place about how the CMDB database will be used and maintained within your organization.  Below is a list of six steps that you should have in place…

The past decade has introduced a tremendous change in the IT industry.  If you were to compare your IT ecosystem today with how it was ten years ago, you would likely find it hard even to recognize that you’re looking…

CMDB’s time has come! A new decade is upon us, and if you are like most people in the IT industry, you’re spending some time reflecting on what has been accomplished in the past few years and thinking about what…