National Cybersecurity Awareness Month is turning 16 this October. This year’s theme is all about driving behavioral change and encouraging accountability to own IT, secure IT and protect IT. That’s a great theme because it should live at the core of any enterprise cyberdefence strategy.
In order to own, secure or protect IT, though, organizations in any industry need to know the fundamentals of how cybersecurity really works. Here’s a new perspective to take in order to keep any enterprise network, data and users protected from tomorrow’s threats.
Cybercrime-as-a-Service Business Model
Cybercrime isn’t just about major data breaches that dominate news headlines. It encompasses any criminal activity that is enabled by a computer.
Cybercriminals have realized that their campaigns can be more successful if they monetize their skill sets beyond developing that one campaign that will yield the big pay day. In this regard, they’ve modeled the cybercrime economy on big business – they even take weekends and offer Black Friday deals. Today, just like everyone else, they’re working to a cloud model. That’s right, cybercrime has become globally commercialized as Cybercrime-as-a-Service. Virus writers aren’t just offering their malware as one-offs anymore. They’re selling access to their latest exploit kits through On-Demand services.
The commercialization of cybercrime is putting immense amounts of pressure on corporate IT teams and CISOs to fill the widening security technology and talent gaps. That begs the questions, who is getting to the next top security talent first?
Under the Hoodie – How Malware Works
Cybersecurity awareness also means getting technical and knowing how malware actually works.
Malware is any type of malicious software that attackers develop with the intention of accessing a computer or network, often without the user knowing about it. These dangerous threats pose serious potential nightmares for any enterprise relying on IT. That’s everyone.
There are many different types of malware that work differently and have different functions, depending on what the developer wants to accomplish. Ransomware, botnets, Trojans, worms, viruses, DDoS attacks and cryptocurrency miner malware, are all types of malware that organizations should be well-versed on.
Intruders commonly use phishing emails and social engineering scams to deliver malware. They don’t always need a victim’s help, though. The NotPetya ransomware attack is arguably one of the most devastating cyberattacks in history to date. It simply used existing security gaps to freeze government agencies, cripple ports and essentially crash the world with a single piece of code.
Cultivating Cybersecurity Awareness at Infoblox
There is a frenzy of activity going on at Infoblox this year to drive and cultivate cybersecurity awareness, both in-house and with valued customers. I’ve had the pleasure of spearheading a new and fun internal cybersecurity awareness initiative for educating employees on the basics of how cyberattacks work and beyond. Infoblox has also just proudly launched the industry’s first hybrid security offering to help enterprises stay protected from anywhere. My colleague and I are also speaking at this year’s McAfee MPOWER Cybersecurity Summit in Las Vegas this week about securing digital transformations from the foundation up. Here’s a list of other global and virtual events that Infoblox is participating in.
The old adage of “knowledge is power” is never truer than with cybersecurity. I have the pleasure of meeting many industry practitioners that are focused on the cyber-defenses and implementing tools to protect their organization from the onslaught of cyber attacks. Many of these people are discussing the new cybersecurity solution that proposes to be the “magic bullet”. However, it is important to find time to understand the latest attack techniques, otherwise you can be guided by a vendor, who often educate you on attacks only their solution can defend against, and it may be a 1% likelihood of ever seeing that attack. Focus on the core security approach and develop an Incident Response process that can quickly react and remediate.
I encourage everyone to research the latest attacks that are being discussed, and how others are planning their defenses. Often times, foundational approaches to security can protect from emerging attacks as they still rely on common techniques to deliver and propagate the attack. This is something that Infoblox is very passionate about. That’s why Infoblox recently released a new solution that is a foundational security platform that adds security to any organization’s existing infrastructure, tying in with services already on the network (DNS).
To learn more about the latest threats, subscribe to threat intelligence reports from Infoblox’s Cyber Intelligence Unit. It’s 100% free to anyone and delivers details about current cybercrime campaigns.
Stay tuned for more cybersecurity awareness insights and events, and join the conversation on social media.