Regularly, media states that some large organization has been the victim of a cybersecurity incident. Attackers find a way into the company and wreak havoc on their internal network, encrypting workstations, stealing data, and causing massive damage. While big companies are not the only ones to get hacked, it seems that it would be far more difficult to breach a massive organization with a comparative security budget. Despite this, there seems to be news of a new breach frequently. Almost a million cyber attacks happen daily, and the first step to stopping them is understanding them.
How Do Targets Get Picked?
The first part of any cyber incident is the hacker picking the victim. This is very rarely a targeted process and is instead far more likely to be a situation where the attacker is looking for a weak link anywhere on the internet. The exception to this is social engineering campaigns, which are usually directed at a certain business to see if they find success. It can be very typical for hackers known as initial access brokers to search the internet for known vulnerabilities in common appliances, such as VPN gateways. If they can get initial access, they will then typically sell this access to another group.
Targets chosen this way are typically purely attacked by chance. Initial access brokers will go after anyone they can find with these vulnerabilities on their internal network and decide after the act if it was worth the effort. When a big company gets compromised in this fashion, it is typically the attackers being faster to find a vulnerability than the company can patch it. This is why staying on top of remediation is so vital for defensive cybersecurity teams.
How Are Big Companies Often Easier Targets?
As counterintuitive as it may seem, it can often be easier for criminals to breach a large company as opposed to a small company. Unfortunately, attackers know this and exploit it under the assumption that they will be able to extort more money out of their victims or steal more valuable information. Across many different initial access methods, it will often be far easier to leverage them against larger companies.
When looking at social engineering campaigns, often the only thing needed for success is a single person to fall for the scam. Hackers only need a single access point, typically a single set of credentials to get into a network and start looking at ways to escalate privileges and move laterally. In a large company, there are far many points of failure. The odds are higher of someone falling for a social engineering campaign in a company of thousands as opposed to a small team of 10.
Similarly, attacks against network components can be easier against large companies in many ways. Massive organizations can have thousands of components all connected and facing the internet. This can open up a massive attack surface for criminals to map out and attempt exploitation. This is another case where hackers only have to get it right once. As long as a single component is left out of date, there is a way into the network that can open up many different attacks.
What Should Organizations Do To Protect Themselves?
Organizations of any size should be aware of the most common initial access methods used by hackers and defend against them before something bad can occur. While larger organizations are prone to some security problems as has been shown here, they do have the advantage of large budgets and large security teams. This means that they will be able to develop a solid plan and have the resources to stop attackers in their tracks.
While small teams do not always have the same resources available, this does not mean that they should have to sacrifice when it comes to security. Proper perimeter monitoring through available tools, often even free, open-source tools, goes a long way in protecting against attacks. It is also vital to properly train employees on how to identify and stop phishing attacks. These mitigations alone can go to great lengths in protecting organizations.
Even with a good baseline in place, it can be a good idea to have some professional assistance. Consulting with a penetration tester can help to map out entry points into a system and identify any weaknesses in a company’s network. External testing does a great job of identifying what can happen for initial access, and internal testing can identify what could happen after. The team at Blue Goat Cyber specializes in this type of testing and can help your team meet your security needs.