A Top 10 Cyber Security Cheat Sheet for SMBs in 2018

I work with cloud resellers everywhere between London, England and Wellington, New Zealand. But from one geography to the next, many of them still only possess a surface familiarity with the basics of cyber security.

Given the menace that small and mid-sized customers face from cyber attacks, this is something that organizations need to fix. And they can - I’ll get to that in a moment. But first, let’s look at the reasons behind this lingering knowledge gap.

Up until recently, most cloud service providers didn’t feel the urgency to help their customers gain a deep understanding of the threat landscape. To be sure, they were aware of threats like ransomware when it popped up on their news feeds. But they’d be hard-pressed to explain in depth the differences between ransomware and, say, Adware. Instead, they dealt with new threats as they appeared. In practice, that meant strategy took a backseat to tactics as they scrambled to figure out what the new threats meant.

That’s a common problem you’ll find at companies which don’t have long security pedigrees. Security has never been top of mind and so they aren’t equipped with the background or the desire to integrate it into their service offerings.

So how do we go about fixing this huge knowledge gap? In a word, education. Security needs to become something resellers can be comfortable discussing with customers. What’s more, they need to share their knowledge without overwhelming customers with different acronyms. They need to be able to make it plain and explain security in a way that humans can understand.

Otherwise, they’ll be condemned to jump from pillar to post, chasing after one security crisis after another.

If you want to go out and learn about threats and vulnerabilities, you have to put in the time to sift through the literature. Obviously, no single document can encompass everything you’ll need to know about the topic. Here are a couple of links to good resource material published by US-CERT and Britain’s NCSC: National Cyber Security Centre along with 10 key topics you and your customers should get familiar with before 2018 arrives.

Malware

Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data or bypass access controls. Malware is a broad term that refers to a variety of malicious programs. This post will talk you through several of the most common types of malware; adware, bots, bugs, rootkits, spyware, Trojan horses, viruses, and worms.

Adware

Adware or Advertising Software is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Often times software and applications offer “freemium” versions that come bundled with adware, as we are all aware – If you do not pay for a product, you are the product. Adware has become extremely popular on social media sites where it serves as a revenue tool for the platform. It is not uncommon for adware to come bundled with spyware that is capable of tracking user activity and stealing information. Due to the added capabilities of spyware, adware/spyware bundles are significantly more dangerous than adware on its own.

Bots

Bots are software programs created to perform specific operations automatically. While some bots are created for relatively harmless purposes such as Internet auctions, online contests and video gaming. It is becoming increasingly common to see bots being used maliciously. Bots can be used collectively in a group, which is called a botnet. These botnets can then be used in DDoS (Denial of Service) attacks or for distributing malware disguised as popular search items on download sites. Websites can guard against bots with CAPTCHA tests (e.g. “I am not a robot”) that verify users as human.

Bugs

In the context of software, a bug is a flaw that can be exploited. These flaws are usually the result of human error and typically exist in the source code or compilers of a program. Minor bugs only slightly affect a program’s behavior but more significant bugs can cause crashing or freezing. Security bugs are the most severe type of bugs as these can allow attackers to bypass user authentication, override access privileges, or even steal data. Bug bounty programs have been a great driver in incentivizing reporting of these bugs.

Ransomware

Ransomware is a form of malware that holds a computer system captive while demanding a ransom. The malware restricts user access to the computer either by encrypting files on the hard drive or locking down the system. Ransomware typically spreads like a normal computer worm ending up on a computer via a downloaded file or through some other vulnerability in a network service. With a high spread rate, quick route to financial gain and obscurity using bitcoins as payment, Ransomware made the headlines throughout 2016.

Rootkit

A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Once a rootkit has been installed it is possible for the malicious party behind the rootkit to access and steal information or alter software, including security software. Because a rootkit continually hides its presence, it is difficult for security products to find them. Businesses and end users can protect themselves from rootkits by regularly patching vulnerabilities, updating virus definitions and avoiding suspicious downloads.

Spyware

Spyware is a type of malware that functions by spying on users without their knowledge. The spying capabilities can include activity monitoring and data harvesting which monitors for account information, email and website login details and financial information such as credit card and account numbers. Spyware spreads by exploiting software vulnerabilities or by bundling itself with legitimate software most commonly free software versions

Trojan Horse

A Trojan horse, more commonly known as a “Trojan,” takes after the myth it gained its name from by disguising itself as a normal file or program tricking users into letting it through – either by downloading or installing. Once in the system an attacker can control the machine remotely and carry out any malicious task they would like even installing more malware.

Virus

A virus is a form of malware that is capable of copying itself automatically and spreading to other computers. Viruses often spread to other computers by attaching themselves to various programs and executing code when a user runs an infected program. Viruses can be used to steal information, create botnets and steal money.

Worm

Worms carry out very similar actions to viruses when they infect a machine the biggest difference between the two is that a worm can spread on its own (through operating system vulnerabilities) and requires no human intervention. Worms typically cause harm to their host networks by consuming bandwidth and overloading web servers. Worms can also contain payloads, which is an action other than spreading itself, this can damage the host computer by stealing data or even creating botnets.