Mitigating Cyber Threats of 2018


”Hand illustrated to demonstrate stopping cyber attacks" by Milovan12 - yayimages.com

In our two-part series on security threats, we have discussed the dangers that will occupy the digital world this year. In this article, we will discuss the prevention measures that can be used to avoid these cyber calamities. Supplement that to our previous discussion on how you can ‘trick’ theses thieves into not attacking your business and we have a formula for a high degree of success.

Prevention of Ransomware Attacks

In the last couple of years, ransomware has been raised to the pedestal of a top cyber threat. Whether it’s from individual users, private organizations or government-run establishments, no one is spared from these crypto virological attacks. Nevertheless, ransomware can be dealt with by implementing certain practices.

Maintain Data Backups

The majority of the ransomware attacks that are carried out use the unscrupulous technique of hacking into the computer and encrypting your own data. Attackers then demand that the victims pay extortion money for the restoration of their encrypted files. The affected parties often resort to having to pay the attackers when they don’t have any backup copies of their data. One of the easiest ways to fight off a ransomware attack is by maintaining an efficient backup system. By making online and offline data backups, you don’t have to play into the hands of ransomware operators.

A good way to store everything is in the cloud. There are a number of professional companies that will store your business data for a nominal fee. To be extra secure, set up a backup facility on your premises or hire a consulting agency to do it for you. This way you will have a backup in two places, so if one fails, there is always the other and you will never have to pay a ransomware thief again.

Customize Your Antivirus Settings Accordingly

Ransomware operators use email attachments very effectively to deliver the script of ransomware to the targeted devices and networks. Customization of your antivirus software to block the download of email attachments with shady extensions is another way to prevent ransomware attacks. For example, file extensions such as .exe, .scr, .vbs are often used to deliver the payload of ransomware strains.

In addition, and as mentioned in our article on email phishing , never open up an email attachment or click a link if you have even the slightest suspicion that it is fake - even if you are familiar with the email address that it came from. The email could have been spoofed to make you think it is from them, but really isn’t.

Take Care of Your RDS

Remote Desktop Services (RDS) represents the ability to allow a remote user to take control of your home or business computer. While there are a lot of legitimate sources for this procedure, tech support companies do it all the time, but so do criminals. Crypto Virological coders also barge into a network by brute-forcing the login credentials of RDS to infiltrate and inflict their viral ransomware mischiefs. By setting very strong passwords and with the use of protected ISPs, you can significantly minimize the chances of your network to get compromised by a ransomware attack.

It is important to train yourself and your staff to counteract the social engineering tactics used by ransomware operators to make their outings successful. Moreover, digital security experts and law enforcement agencies always advise against paying ransomware attackers for the restoration of files for two reasons:

  • There is no guarantee that they will provide you with the encryption key
  • The success of any ransomware infiltration can encourage more cybercriminals to carry out such attacks.

Prevention of AI Attacks

Artificial.intelligence

We are witnessing the growth of artificial intelligence and it is not going to slow down. In a nutshell, the term "artificial intelligence" refers to computers that can duplicate the cognitive functions of human beings, such as learning, logical thinking and problem-solving.

On the one hand, this technological advancement is celebrated as the ability to utilize the logic of human intelligence within machines, but on the other hand, experts are wary of the untapped intelligent quotient of the modern AI systems.

Maybe we are not at the age of termination by android killing monsters (and hopefully never will), but we are definitely within the realm of being subjected to those who have criminal intent.

These fears are not unreal because AI, in some way, has already been used to launch cyber attacks. Specifically, unscrupulous individuals and those of the dark web are looking to find ways to secure data using AI. The mainstreaming of AI-powered attacks will take time, but they are inevitable in the next few years. If you think cyber attacks are out of control now, the dangers will be 10-fold once criminal AI goes mainstream. Let’s try to envisage the future of cybersecurity in relation to the threats posed by the malevolent use of artificial intelligence.

Countering the Design Algorithms of Malevolent AI

No matter how genius AI has become, its initial algorithm will always be designed by humans. Therefore, the AI tools used for illicit activities can be countered by creating AI algorithms to address this criminal behavior. Moreover, to ensure that the use of AI doesn’t go haywire, a policy should be enacted that will have some form of AI regulation. No, that will not stop the bad ones from doing their thing, but at least a law can be put in place where an organized agency can work 24x7 to find and prosecute those of criminal intent. We know they do exist today, but they are broken up within the different government agencies of the United States and the world, with no central command. Same as Interpol, where is the cyber AI police force? This is something that needs to be addressed ASAP.

Unprecedented Cyber Protection Measures

In order to mitigate AI-powered attacks, innovative security measures will be required to provide a constant security blanket to organizations and individuals. We have yet to see how the brilliance of the human mind will proceed to neutralize the criminal use of AI, or at least diminish its dangers.

Prevention of Cyber-Physical Attacks

As we have previously discussed, cyber-physical attacks are usually targeted on digitally-operated critical infrastructures. In most of the cases, these attacks are carried out for something ‘bigger’. From lone hacktivists to state actors, cyber-physical attacks are mostly motivated by political and social reasons with no or less involvement of any monetary enticement.

Stopping these attacks can be really challenging because cyberattackers are experts in their craft and they are not lured by any tangible incentives. However, there are some measures that administrations can take to foolproof the virtual security of critical installments. Prevention of cyber-physical attacks is critical for the economy as well. It has been estimated that a cyber attack on a power grid located on the east coast could cost the aggregate losses of a whopping $250 billion dollars.

No Compromise on Digital Security

An electric grid might be heavily guarded by security personnel, but there are strong chances that its virtual security will not be on a par with its physical security. This tendency can be witnessed with the digital security of many infrastructure installments where cyber attackers can easily walk into their networks.

Therefore, implementing strict digital security measures should be an obligation for people responsible to maintain the overall security of any infrastructural establishment. This entails encrypted communications, customized firewalls to prevent any foreign intrusion, and most importantly, a dedicated team of skilled digital security experts.

Making Staff More Technological Savvy

Staff at Computer TrainingIt should be kept in mind that the cybersecurity of any establishment is as good as the digital competence of its staff. Stats and surveys also show us that almost 90 percent of cyber attacks succeed due to human error or behavioral actions.

For that matter, it is imperative to train the staff of such establishments to take digital security practices very seriously. Also guiding them with responsible use of the Internet is also very necessary to prevent cyber-physical attacks due to human errors.


Posted On August 19, 2018