IT Security Know-how: Terminology & Lots of Interesting Facts

Users

IT security is not just about computer systems and networks. The “human factor” represents a significant attack surface. On the one hand, carelessness and negligence tempt company employees to carry out risky actions.

On the other hand, cyber criminals exploit the “human vulnerability” to realize their criminal intentions. Social engineering is a tactic designed to trick users into disclosing confidential information. The attackers pretend to be trustworthy or to know the victim.

Lack of patch management

The majority of attacks against IT systems are carried out via vulnerabilities in outdated software products. The manufacturer has fixed this vulnerability in the current software version, but the company has failed to install the updates.

Misconfigurations

Even minor misconfigurations can have devastating consequences for IT security. Threat actors exploit these vulnerabilities to gain unauthorized access to corporate systems. Common attack vectors include:

Privileged Accounts: Cybercriminals often target accounts with elevated administrative rights. Once compromised, these accounts allow attackers to move laterally within the corporate network, take over servers, and modify configurations to their advantage.

Lack of Network Segmentation: Network segmentation involves dividing connected components into separate subnets. By isolating systems—e.g., using IT security gateways—you can ensure that a single security breach does not escalate further, as long as the attacker cannot access additional systems. Without proper segmentation, malware can spread unchecked from one system to another.

Zero-Day-Exploits und Vulnerabilities

A vulnerability is a security flaw in an IT system that poses a threat by allowing attackers to access system resources and manipulate data.

A zero-day exploit refers to an attack that targets a newly discovered vulnerability before a patch is available. The term "zero-day" highlights the fact that software or hardware vendors have only just become aware of the flaw—meaning no security updates exist yet. This creates a critical risk, as cybercriminals can exploit the weakness as an entry point before it is fixed.

Supply Chain Attacks

In a supply chain attack, cybercriminals don’t target a company directly. Instead, they exploit vulnerabilities in suppliers, third-party service providers, or vendors of software and hardware. The manipulated solutions are then introduced into the target company—often through software updates.

Supply chain attacks can spread via compromised applications, software, firmware, or even hardware, making them particularly difficult to detect and mitigate.

Advanced Persistent Threats (APT)

Advanced Persistent Threats (APTs) are sophisticated, targeted cyberattacks against specific individuals or groups. Malware secretly infiltrates a network and spreads undetected. Attackers use highly advanced techniques to establish long-term access, gather sensitive data, or cause damage.

Phising/Smishing

Phishing is a form of social engineering and the most common cause of successful cyberattacks. Victims are tricked into revealing personal or confidential information through fraudulent emails or messages that appear trustworthy. These emails often contain malicious links or attachments that, once opened, infect the victim’s computer.

Smishing is similar to email phishing attacks. In a smishing attack, cybercriminals send fraudulent SMS messages to trick recipients into clicking on malicious links or revealing their login credentials. Attackers often use personal information to make the message appear legitimate. The goal is to steal credentials and misuse them for further fraudulent activities.

Ransomware Attacks

Ransomware is a malicious form of malware used by cybercriminals to encrypt a company’s computers or systems. Access to the data is only restored upon payment of a ransom. Ransomware spreads through spam emails, phishing attacks, and vulnerabilities in browsers and operating systems.

Distributed Denial-of-Service (DDoS)

DdoS attacks aim to cripple servers, websites, or networks by overwhelming them with massive amounts of traffic. Cybercriminals typically use a botnet to flood the target server with requests, causing it to become overloaded and unable to function properly.

Collateral Damage in Larger Attacks

Many small and medium-sized businesses mistakenly believe they are not targets for cybercriminals due to their size. This assumption is incorrect. Many attacks are not highly targeted but rather executed as large-scale mass attacks. When cybercriminals go after major corporations, smaller businesses often become collateral damage. The impact—whether through deleted or encrypted hard drives—can be just as severe.

What?

Assessing the Status Quo: By evaluating the current state of IT security, all vulnerabilities can be identified. This serves as the foundation for establishing an ongoing information security process.

How?

Bug Bounty Programm: A bug bounty program is an initiative launched by a company that offers financial or material rewards for discovering vulnerabilities in software, applications, or web services. Any identified weaknesses must be reported directly so they can be fixed internally before being exploited.

AV Scanner: Antivirus scanners provide basic security by detecting and blocking malware using constantly updated signature databases.

EDR Solution: Endpoint Detection and Response (EDR) is a cybersecurity solution designed to protect endpoints such as PCs, tablets, laptops, and smartphones. EDR solutions monitor device behavior in real time, analyzing activities for suspicious patterns to detect and mitigate threats.

Penetration Testing (PenTest): A penetration test simulates real-world cyberattacks using the same techniques that hackers would employ to gain unauthorized access to a system. This test helps assess the system’s resilience against attacks.

Zero Trust: The Zero Trust model follows the principle: "Trust is good, control is better." It assumes that no device, service, or request—even from within the corporate network—should be trusted by default. Access is only granted to users who are authenticated, authorized, and connected via an encrypted channel. 

Multi-Factor-Authentication (MFA): Multi-factor authentication is a key component of Zero Trust. Users must provide more than one form of verification to gain access. A password alone is not sufficient—an additional factor, such as a one-time code sent to another device, is required.

Updates: Regular software updates are essential for maintaining security. It is crucial to ensure that security patches provided by vendors are installed as quickly as possible to minimize vulnerabilities.

Device Control: Device control prevents unauthorized USB or peripheral devices from accessing sensitive data. It enables the immediate identification of all devices connected to a computer, providing full visibility into incoming and outgoing data transfers.

Next-Gen Firewall: A firewall analyzes data entering or leaving a computer or network, blocking specific network ports and creating a barrier between trusted and untrusted networks. Only traffic that meets predefined security rules is allowed through. Next-generation firewalls offer advanced capabilities beyond traditional firewalls, enabling better detection and prevention of cyberattacks.

IDS/IPS: Next-gen firewalls include Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). These systems continuously monitor network activity, detect potential security incidents, log relevant information, and take action to prevent breaches. Additionally, they alert security administrators to suspicious activity.

AI Traffic Analyzer: AI-powered traffic analysis enables faster detection of cyberattacks. By leveraging artificial intelligence, metadata from captured network packets can be automatically analyzed, allowing attackers to be identified more quickly and efficiently at every stage of a cyberattack.

Network Segmentation: Network segmentation separates different functional areas within a network, preventing malware from easily spreading from one segment to another. Network Access Control (NAC) identifies all devices within a network and assigns appropriate permissions. Each segment of a network is assigned its own virtual LAN (VLAN), ensuring controlled access. NAC systems automatically place users and their devices into the correct network segment with the appropriate access rights.

CDN: A Content Delivery Network (CDN) distributes online content across globally dispersed servers. Instead of being served directly by the original server, requests are processed by the nearest available server. This helps balance traffic spikes, such as those caused by DDoS attacks, reducing server overload and improving performance.

Proxy: A proxy server acts as an intermediary between two systems, such as a local computer and a website’s web server. By routing traffic through a proxy with its own IP address, overall IT security can be enhanced. When a client makes a request, the response is sent to the proxy first, where its contents are analyzed. Unwanted content is filtered out, and unauthorized remote access is more difficult. Additionally, network administrators can block harmful content, while malware hidden on a website may mistakenly target the proxy instead of the user’s actual device, adding an extra layer of protection at the enterprise level.

• Establish an awareness of the need for IT security among employees. Create an understanding for the security measures taken and communicate these clearly. Ensure that security-relevant measures are internalized by all employees.
   
• Define guidelines for the various internal and external communication channels that employees can use as a guide. Define a central internal communication medium such as the intranet.
   
• Even the most sophisticated security guidelines are of little use if your employees are not trained in dealing with IT, data and information security. The security of your systems can only be guaranteed if technology, processes and people complement each other in the best possible way. Therefore, conduct training courses on data protection and information security for all employees at regular intervals (every 1-2 years).
   
• Raise awareness among your employees using AI-driven phishing simulations. These help them to recognize telltale signs of an attack and take action. At the same time, knowledge learned is consolidated and checked for effectiveness.
   
• Create a business continuity plan. This includes a strategy to prevent interruptions to your operations or at least to ensure a quick recovery. Clearly define roles and responsibilities for all teams. The use of technologies and tools for backup and recovery, including remote working platforms, must be clearly outlined.
   
• Take out cyber insurance for your company. This additional insurance offers you protection in the event of incidents such as hacker and ransomware attacks, fraud and other cybercrime activities. It protects against financial losses and liability claims that may arise from cyber attacks and data breaches.