SOLUTION BRIEF
Cyber Attacks:
The Knowns & Unknowns The “Known Knowns” – What We Know We Know Vulnerabilities that public entities are aware of and can plan for fall into the “Known Knowns” category. The majority of this type of security incident involves three categories of breaches1:
1. Denial of Service (DoS) Attacks: A type of cyber attack in which a malicious entity targets a host server or network resource, attempting to render it unusable by the host’s customer base.
2. C rimeware: Malicious software designed to carry out or facilitate malicious or illegal online activities, including viruses, worms, trojans or rootkits.
3. P oint of Sale (PoS) Intrusion: A type of cyber attack that specifically targets PoS systems where payment-related information is stored, collected and/ or transmitted.
1. “The Privileged Few” Vulnerabilities that are known only to a small, private group, including governments, IT industry leaders and the cyber criminals themselves.2 While these privileged few may be able to protect against these types of attacks, most organizations are not privy to these threats until it’s too late.
behavior is a factor on both sides of the cyber security war. You may not be able to predict how your attackers or defenders will behave with 100% accuracy, but arming yourself with cyber security best practices and establishing the right mindset with your staff can offset many threats.
The “Unknown Unknowns” – What We Don’t Know We Don’t Know The hard fact of cyber security is that while you are planning your defense against the next cyber attack, cyber criminals are working diligently 24-7 to thwart all your efforts. Those threats that haven’t even been created yet fall into the “Unknown Unknown” category of attacks.
” NS W
TH E
• Denial of Service (DoS) • Crimeware • Point of Sale (PoS) Intrusion
• “ The Privileged Few” • Human Behavior
NOWNS” UNK
Cyber security experts frequently cite two types of “Known Unknown” vulnerabilities:
2. Cyber Security and Human Behavior 3 Human
WN NO “K
The “Known Unknowns” – What We Know We Don’t Know
– Donald Rumsfeld
THE “KN OW NK NO
“
As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns — the ones we don’t know we don’t know.”
• Future Cyber Security Threats TH
E“
UNK
N OW N U N K N O
WN
S”
Continued on next page
1-800-843-8733 • LearningTree.com/Cyber2018
SOLUTION BRIEF: Cyber Attacks: The Knowns & Unknowns (continued)
Indicators of Compromise The best defense against cyber security threats is ensuring your IT staff is familiar with the Indicators of Compromise (IoC). Familiarity with these common indicators can help your team mitigate an attack:
1. Unfamiliar Outbound Network Traffic: Suspicious network connections may be a sign that attackers are attempting to exfiltrate data from your system.
2. Geographic Oddities: Outbound traffic to regions where your organization generally doesn’t do business could indicate a systems breach.
3. Login Anomalies: Repeated login failures, unusual sign-in times, failed passwords or new privileged account creation/access could indicate a system compromise.
4. Database Exfiltration Indicators: Creation of compressed or encrypted files, spikes in data reads and HTTP response sizes, and abnormal file system, registry changes or any unfamiliar outbound network traffic can indicate that an attacker has compromised your network.
5. DDoS Blitz Play: A Distributed Denial of Service (DDoS) attack can be a symptom of a larger attack to come. Attackers frequently use DDoS to distract monitoring and alerting systems in order to “fly under the radar” with malware and crimeware.
“
Mitigating Known Known Attacks Design, test and implement a mitigation plan for known threats. A well thought-out and thoroughly-tested mitigation plan is your best defense when a cyber attack strikes. Keep up-to-date on anti-virus patches. According to the 2015 Verizon Data Breach Investigations Report, the majority of cyber attacks exploit “known vulnerabilities where a patch has been available for months, often years.” Make sure your IT staff is installing and maintaining anti-virus software. Ensure your IT staff is actively monitoring for IoCs. Technical issues with your network can occur for a variety of reasons, but knowing the tell-tale signs of an attack can decrease your response time and lessen the impact to your customers.
Mitigating Known Unknown Attacks Learn from your competitors’ misfortune. There is no way to anticipate every future cyber attack that threatens your industry, but a good indicator of what cyber criminals will attack tomorrow is recognizing their target today. Establish the right cyber security mindset with your IT staff. The #1 failure in cyber security is not people – it’s a lack of on-going training and education. Encourage your IT staff to perform their jobs with security in mind.
Mitigating Unknown Unknown Attacks Indicators of Compromise (IoC) are red flags in your network that may signal a systems breach. Familiarity with these common indicators can help your team identify and react to an attack that may be imminent or already in progress! – Amin Lalji Cyber Security Expert and Learning Tree Course Author & Instructor
Educate your organization on new cyber threats. Take advantage of online resources, such as US-CERT, to stay informed of up-and-coming cyber threats. Train your staff in cyber security and incident response. Though you may not know what cyber attack lurks around the corner, a well-trained IT staff will always be your best defense in protecting your organization from cyber criminals. A successful training plan should be a long-term strategy to test and train your staff to ensure lasting success.
Learning Tree offers 30+ Cyber Security courses including 40+ Certifications aligned with the National Initiative for Cybersecurity Education (NICE) framework. Learn more at: LearningTree.com/Cyber2018
1-800-843-8733 • LearningTree.com/Cyber2018