Anyone who wants to defend himself successfully against cyber criminals must know their procedures. Dell Technologies takes the current European Cyber Security Month (ESCM) as an opportunity to explain seven common methods.
Whether large corporations or SMEs: hackers are increasingly attacking German companies to steal valuable information, manipulate systems or encrypt company data and subsequently extort ransom. At the European Union’s current European Cyber Security Month, Dell Technologies identifies seven typical methods they use.
1. phishing emails. The attackers try by fraudulent emails to animate the recipients to reveal login data. This happens on the one hand by phishing emails sent in bulk, but also by targeted spear-phishing emails to handpicked victims.
2. Contaminated websites and apps. Often cyber criminals infect web pages on the Internet or apps in stores with their malware. If the employees call up these websites or download the apps, the contained malware can spread throughout the company network.
3. USB sticks. Another way that viruses, Trojans, and the like find their way into the corporate network is through USB sticks and other data carriers. It is particularly dangerous if the employees connect their private USB sticks to the company computers because the private PCs are often insufficiently protected.
4. Software vulnerabilities. Cybercriminals exploit security holes in companies’ software systems to penetrate corporate networks directly. They have it particularly easy when companies do not close such vulnerabilities by regular security updates.
5. “Man in the Middle” Attacks. With this method, hackers use insufficiently encrypted communication to engage in communication between two partners. If they succeed, they can read the traffic or even manipulate it.
6. DDoS attacks. To paralyze Internet services, hackers bombard them with so many requests that they collapse under this load. They can eliminate web-based systems from companies or their websites, causing huge financial losses and serious reputational losses.
7. Insider threats. Danger threatens companies but not only from the outside. Surprisingly, cyber attacks also take place from within. Own employees or employees of IT service providers use their access to the enterprise systems to steal, delete or manipulate data.
“Cyber criminals have an extensive repertoire. In so-called Advanced Persistent Threats, they often combine different methods to achieve their perfidious goals, “says Andreas Scheurle, Product Specialist Endpoint Security at Dell Technologies.
As a counter-strategy, the IT security expert recommends a comprehensive defense approach that combines multiple levels of security. These include the protection of all Internet and network connections through firewalls and virus filters, the encryption of all stationary data and all data in the transmission path as well as the monitoring and restriction of all access through an Identity and Access Management (IAM). In addition, employees should be sensitized by training on the dangers of cyberspace.
“The realization of a holistic defense concept naturally involves effort and requires specialized know-how,” says Scheurle. “Especially small and medium-sized companies often do not have the necessary IT resources. In that case, you should definitely trust a trusted partner for IT security, because the question is not whether they are attacked, but when. ”