Types of security threats
Protecting against cloud threats
Download 257.48 Kb.
|
Types of security threats
- Bu sahifa navigatsiya:
- Protecting against phishing
|
Protecting against cloud threats
Implementing robust cloud security practices can help protect against the various threats and vulnerabilities to ensure your infrastructure and data is secure. From securing user endpoints to implementing encryption and highlighting the importance of good password hygiene, getting cloud security right requires attention to detail. It’s also important to ensure you choose the right cloud provider from the get-go, which will take some of the weight off your shoulders when it comes to ensuring your company’s and customers’ safety in the cloud. 3. Phishing One of the most common types of social engineering threat, phishing typically involves sending emails that purport to be from a recognized and trusted source, usually with a fake link that invites them to enter personal details into an online form. Some 51% of IT professionals agree that phishing and other social engineering attacks are the biggest challenges they face this year. These are often designed as ways to get access to financial data or username and password combinations, but they can do more than that - especially with the more targeted 'spear phishing' variety, which will be tailored precisely to an individual recipient. For example, in April 2021, security researchers discovered a Microsoft 365 phishing scam that steals user credentials. This Business Email Compromise (BEC) attack works by sending emails with disguised .html files attached. Once the user opens this file, they’re directed to a website that contains malicious code and told that they’ve been logged out of Microsoft 365 and invited to log in again. Once they do this, the user’s credentials are sent to the fraudsters in charge of the scam. Protecting against phishing Effective email security tools can help reduce the likelihood of such emails getting through, but they're not 100% effective. Therefore, user education is the best way to tackle this threat. By training people to be wary and spot the telltale signs of a phishing attempt, firms can ensure their employees are not handing over valuable data to anyone that asks for it. 4. Ransomware A specific type of malware, ransomware works by encrypting key files on a machine or network, then demanding a payment - usually in the form of Bitcoin or another cryptocurrency - to make them accessible again. This is a relatively simple form of attack, but it has the power to be hugely disruptive, as was seen with the 2022 Swissport incident. A significant 42% of companies report ransomware as the biggest cybersecurity challenge they face this year. Depending on the particular type of ransomware used, an attack may encrypt certain file types that make it impossible to access critical business information, or block vital system files that prevents a computer from booting up altogether. Download 257.48 Kb. Do'stlaringiz bilan baham: 
|