Confused about cybersecurity? You’re not alone

Feb 21

Confused about cybersecurity? You’re not alone

At one point or another, nearly everyone has had a moment of cybersecurity gone wrong. Whether it’s a bit of spyware downloaded from your personal email or a distributed denial of service (DDoS) attack launched against your company’s network, experiences with security threats are not especially rare these days.

But understanding the odds and ends of cyberthreats is something that still eludes the casual computer user. Terms like malware, spyware, DDoS, botnet, advanced persistent threats, we know they’re bad news, but beyond that they’re just jargon used by IT guys and technology pundits. Even those who do claim to understand the nuances of cybersecurity have a tendency to confuse the details or explain them unclearly.

Who, not what, are APTs?

One of the most commonly misunderstood cybersecurity issues is the advanced persistent threat (APT). This phrase has popped up several times in recent years, often in connection with international incidents, like cyber espionage and digital terrorism.

However, the important thing to know about an APT is that the term describes a who rather than a what. One incident that’s commonly misidentified as an APT is the Stuxnet computer worm that reportedly wreaked havoc on an Iranian nuclear facility in 2010. After the attack, many pointed to the Stuxnet worm itself as an APT. Close, but not quite on the money.

The organization that created and launched the Stuxnet would be the APT in this scenario. Stuxnet itself is an example of malware – more specifically a rootkit. Malware is a word that we’re pretty much all familiar with by this point. Short for malicious software, malware is the term used to describe viruses, Trojans, spyware, worms and rootkits, among other threats.

Malware can infect a person’s computer from many access points. Most often, malware is downloaded either through a malicious email attachment or an infected website, but it can also be transferred through a USB drive, a CD or any number of devices.

With a rootkit, the malware infects the system through a coding vulnerability, then creates a back channel, or a command-and-control channel, which affords the attacker privileged access to a system – often leading to stolen information.

Distributed Denial of Service

Another cyberthreat often employed by APTs is the DDoS attack. Such aggressions have made headlines in recent years thanks in no small part to the hacktivist group Anonymous. The hackers made the news as recently as this weekend, when they supposedly launched a DDoS attack against the CIA’s website, forcing it to shut down for several hours.

DDoS attacks are typically carried out by a group of computers known as botnets. In a botnet, the attacker – often an APT – has control over thousands of malware-infected computers. In a DDoS attack, these machines are used to flood the bandwidth of an organization’s website with external communication requests, preventing the servers from being able to respond to legitimate requests. The end result is either a significantly slowed website or a complete shutdown.

Three-layer security

So now that we have a basic understanding of some well-known cyberthreats, it’s important to know what you can do to protect against them. For this, we introduce the data security pyramid.

The pyramid consists of three layers. At the base, we have Defend. This represents your first line of defense – antivirus software, firewalls and other measures that prevent attackers from breaking into the network.

In the middle, there’s the Comply layer. This is necessary for identifying persistent threats and putting a stop to them before they get out of hand.

At the top of the pyramid is the Containment layer. Every security measure has its flaws. Firewalls have holes and monitoring tools miss something every now and then. If you take this approach to data security, you recognize the importance of containing your entire environment, so even if the system is compromised the data remains safe and out of the hands of cyberattackers and ne’er-do-wells.

There is no way to guarantee network security, and there are a lot of ins and outs that are best addressed by the company and its service provider. However, with a basic understanding of cyberthreats, businesses should be better prepared to guard against any situation that arises.

Share this post

Posted In: Security
Tags: Firewall, IPS, Managed Services, Security

About Us

Global Managed Network, Security and Technology Services Company | Virtela

Virtela is the world's largest independent managed network, security and cloud services company. Virtela offers an award-winning suite of services - including managed networks, security, application acceleration and proactive infrastructure management - to mid-market and Fortune 500 customers around the world. Virtela offers unparalleled geographic reach to more than 190 countries through its partnerships with more than 500 carriers.

Virtela is headquartered in Denver, Colorado, with globally distributed Network Operations Centers in the U.S., India and the Philippines. For more information, please call +1 (720) 475-4000 or visit www.virtela.net.