A cyberattack and a security breach are two types of security incidents. Each term has a distinct meaning.
A cyberattack is the deliberate attempt to steal data, infiltrate networks as a launch point for more attacks, or disable compute resources. Cyberattacks can take many forms, including phishing, malware, ransomware, denial of service (DoS), network intrusion, brute force, data exfiltration, and compromised credentials.
An attack can target data, applications, social media, networks, hardware, or endpoints. Attacks can be either passive, where cybercriminals will monitor or steal information but make no other changes, or active, where cybercriminals will maliciously delete or encrypt data.
A security breach is a security incident that involves unauthorized access of systems or resources. Data breaches are a subset of IT breaches, involving intentional or unintentional access, disclosure, or manipulation of private or confidential data.
What Are the Challenges of Attacks and Breaches?
The increasing rate of malware attacks -- on the network and on mobile platforms -- is a major challenge for organizations. Hackers are continually innovating their methods -- by incorporating artificial intelligence, for example. Many attacks are also becoming more targeted.
Factors that can complicate the prevention of IT breaches (and cyberattacks) include the use of remote and hybrid workforces, the proliferation of internet-of-things devices, and shortages of qualified cybersecurity personnel.
These challenges can result in attacks and breaches that require thousands of dollars to resolve. In addition, an attack or breach can cause serious amounts of downtime (the average cost in time of a malware attack is 50 days, according to IT security consulting firm PurpleSec) and damage customer trust.
How Can You Protect Yourself from Attacks and Breaches?
In the current cybersecurity landscape, more protection is better than less.
The first line of defense is good internal practices, via cybersecurity programs and frameworks. Practices include using strong passwords or passphrases; enabling multifactor authentication and account lockout options; rejecting third-party cookies; and educating users on social engineering techniques and how to avoid phishing attacks.
Then there are tools. The cybersecurity market has countless products to choose from. Cybersecurity tools include IT breach and attack simulation platforms; cloud access security brokers; patch management and vulnerability management products; managed detection and response (MDR) services and managed security services; endpoint detection and response technologies; VPNs; unified threat management products; user and entity behavior analytics tools; security information and event management platforms; and next-generation firewalls.
How Organizations Fight Back Against Threats
There are a multitude of ways a bad actor can infiltrate a network, steal data, or compromise access. Every organization will differ in terms of its vulnerabilities and needs.
Here are examples of how several companies have implemented cybersecurity measures.
Detecting and mitigating attacks quickly: After an exposed server left an open remote desktop port connected to the internet, a U.S.-based hospitality company became the target of an attack. The attackers attempted to hack into the company’s privileged accounts. Because the company had previously implemented the Varonis DatAlert Suite, which monitors and generates alerts for critical systems, the company could detect and defeat the attack within 30 minutes.
The first sign of the attack came when Varonis detected anomalies within Active Directory. Varonis then sent alerts to the hospital company’s network administrator. Working with the network administrator, the Varonis incident response team quickly identified which servers and ports were being used in the attack and locked them down. The incident response team then investigated the failed authentication events and determined that usernames and device names had been spoofed. Forensic analysis connected the failed authentications events to a Russia-based IP address over remote desktop protocol (RDP). That discovery led to quickly disabling the server along with external RDP access.
Defeating web domain scams: A major air traffic and safety regulator in the UK experienced an upswing in cybersecurity incidents after launching a refund claims process for customers of a failed global travel agency. Malicious actors created several fraudulent websites to gather customer claims data under false pretenses and used that data to file claims for refunds. To take down these fraudulent sites, the agency implemented ZeroFox’s takedown-as-a-service offering. Within 24 hours of deployment, the ZeroFox service identified the fraudulent websites and initiated takedown activity. The service also identified other malicious websites and spoofed social media forums that needed immediate action.
Securing endpoint devices in a highly regulated environment: In light of mounting threats that targeted healthcare organizations, a U.S.-based medical institution wanted to strengthen its existing combination of firewall, antivirus, and web filtering tools. Decision makers wanted a more integrated security system that would also satisfy the requirements of the Health Insurance Portability and Accountability Act. The team deployed FireEye Network Security, a threat protection product, to uncover and block imminent threats, including attacks that evade traditional signature- and policy-based defenses. The medical institution has seen far fewer false positives due to more accurate alerts.
Threat hunting after a suspected breach: A financial services institution needed a threat-hunting service to investigate a suspected IT breach. The institution had more than 2,000 networked endpoints distributed between the central and satellite offices. The company engaged CyberSecOp, a managed security service provider (MSSP), which then configured an evidence collection system and scanned the network. The MSSP identified the suspected breach and isolated the malicious content. CyberSecOp then coordinated with the financial company’s IT team to determine other remedial actions.
Maintaining security in a virtualized, remote work-enabled environment: After a major shift to remote work that moved workloads to virtualized servers and desktops, a U.S. law firm needed an automated way to detect and respond to cyber threats. The law firm purchased an MDR service from Rapid7. The MDR service combines the expertise of Rapid7’s security operation center analysts and threat intelligence team with Rapid7’s SIEM system, InsightIDR. The MDR service provides the law firm with alerts on both internal and external intruder activity and identifies security risks such as misconfigurations.Omdia discusses the cybersecurity challenges created by hybrid work models.
Conclusion: Attacks and Breaches Require Multilayered Defense
Whether an organization suffers from a cyberattack or IT breach, the consequences will likely include system or operational downtime, theft or loss of sensitive information, and damages to revenue and company reputation.
The first line of defense is instituting practical measures like strong password and authentication requirements and training employees. But that’s rarely enough in today’s world. That’s where cybersecurity tools come in. There are many types of tools that offer advanced security.
Sometimes, however, even good security practices and tools won’t suffice. Attacks and breaches are likely to increase in coming years, and new methods of attacks (e.g., involving cryptocurrencies and deepfakes) are becoming more prevalent. The best way of forward is a combination of good practices and technology, security awareness, and business continuity and disaster recovery systems to rebound from an attack or breach.