What is threat prevention?

What is threat prevention?

When we talk about threat prevention in cybersecurity, we’re talking about how to block attackers from our system. Attackers have a lot of ways to wriggle their way into our data, software tools and networks.

In this blog, we’ll talk about these threats against cybersecurity. We’ll go over some common threat types, threat prevention strategies and tools.

Threat prevention vs. threat detection

“Threat detection” is also a common phrase in the cybersecurity world. While similar to threat prevention, it’s a bit different — threat detection finds threats that are already in your system or possible signs an attacker is trying to enter your system. Even if you fail to prevent an attack, this is a part of threat prevention in a way, because detecting a threat gives you the opportunity to prevent it from accessing more critical parts of your system.

Types of threats

Malware

Malware, or malicious software, comes in a variety of forms. Here are some examples:

• Trojans, much like the original Trojan horse, is disguised as something legitimate and/or helpful. For example, maybe you think you are downloading a word processing app, but it really is designed to steal data or spy on you. It might even still work as a word processor!
• Ransomware often uses malware like a trojan to help attackers steal and encrypt data on a victim’s system. These attackers will demand payment to decrypt your data and may even demand more money to delete the victim’s data (though there’s no guarantee they’ll actually follow through).
• Spyware does what it sounds like — spies. It hides in the background of your device and watches what you type and what you click on. It’s often used to steal usernames and passwords or other personal information.
• Viruses and worms are malware that spreads. Like a virus that makes you sick, computer viruses spread by contact, though between computers. Contact could be through an email, an online download or a USB flash drive. Worms are a bit different. They are able to move by themselves through a network by making copies of itself.
• Rootkits work deep down in the operating system to take over a computer or network. Attackers use this to give themself permissions that allow them to perform actions a normal user can’t do.
• Botnets are created by malware that takes over a computer and uses that computer for some action. For example, the taken-over computer could be used in a Distributed Denial of Service (DDoS) attack, which forces a large number of computers to request access to a website or server until it can’t handle all the requests and shuts down.

Phishing

Phishing is a type of social engineering threat where attackers trick a user to give away personal information or complete some action. For example, you might get an email saying you need to change your password urgently, and to click on a link in the email. Upon clicking the link, you might be taken to a website that looks a lot like a website you do use, but it’s really a fake one used to steal your username and password.

Phishing is the most common way attackers steal information. It can be difficult to spot a phishing attempt, especially as attackers use more clever ways to create these attacks — even with artificial intelligence! But generally, phishing attacks have these things in common:

• Urgency: You are encouraged to act fast to avoid bad consequences.
• Familiarity: You are linked to a website that looks like one you use often.
• Impersonation: The attackers pretend to be someone else, like a friend, family member, coworker or representative from a company.

Man-in-the-middle attacks

Man-in-the-middle (MitM) attacks, also known as man-in-the-middle attacks, happen when an attacker intercepts any kind of communication. For example, if you connect to public, unsecured Wi-Fi network, an attacker might sneakily record what you are accessing on that network.

Insider threats

Insider threats are threats that happen within a company, and generally refer to people. They can be malicious, where the person deliberately uses their knowledge of the company’s technology to give attackers information. Or they can be accidental, where a user falls victim to a phishing attack or accidentally loses a USB drive with company information.

Misconfigurations and vulnerabilities

Sometimes threats are not intentional actions from attackers. They can be issues with the way your company sets up their network, configures their devices or handles their company data. A common example is inadequate patching of a device’s software — old operating systems likely have security vulnerabilities that can be fixed by updating the device.

Threat prevention strategies and tools

So how does threat prevention work? Since attacks are coming from all angles, prevention has to come from all angles. Let’s go through some threat prevention solutions.

Mobile device management

Mobile device management (MDM) is the foundation for security for any devices that access sensitive company data. Once a devices are enrolled into an MDM, IT admins can:

• See what devices are accessing their network
• Keep devices and apps updated
• Enforce security policies

If a device falls out of compliance with security standards, MDM can help get the device get into a compliant state.

Monitoring

Once you know what devices you have, you can start gathering data about them. This isn’t personal data (like texts you send or your browsing history), but data about the health of a device. This telemetry data can be collected and/or analyzed with various software. For example:

• Security Information and Event Management (SIEM) software looks for unusual behavior that might be a cyber attack. It monitors network activity from users and devices. SIEM software deals with a lot of data, so it often uses Artificial Intelligence (AI) and Machine Learning (ML) to digest the information.
• Endpoint Detection and Response (EDR) software detects threats on a device and takes action if a threat is found. It looks for known signs a device might be infected and also checks for strange behavior that might indicate an unknown threat. The information collected by EDR can help admins investigate the source and behaviors of a threat. This software may also use AI/ML.

Network protection

Connecting to your company network makes work possible. It gives employees access to any applications, data or other resources they need to do their job. Unfortunately, if an attacker gets into your network, they can gain access to this private information too.

Alongside other security policies, protecting your network can involve:

• Understanding what normal network activity looks like and identifying strange behavior
• Using tools like Zero Trust Network Access that only allows verified users and devices free from compromise to access company resources
• Implementing least-privilege access to ensure users only have access to what they need to do their work

User education

As we mentioned earlier, phishing is a serious threat to cybersecurity, which makes users a point of access for attackers. Training users to recognize signs of a phishing attack can go a long way into protecting company resources.

Users should also be made aware of security best practices, like how to store and create good passwords. Training should be frequent enough so users remember the training and engaging enough so the material is easier to remember.

IT and Security teams should create a work environment where users feel comfortable contacting them, especially if a user suspects they accidentally fell for a phishing attack. This will ultimately help IT and Security teams act more quickly and thoroughly to respond to the attack.

Cybersecurity frameworks and standards

There’s so much more to learn about threat prevention. Cybersecurity is a massive topic — thankfully there are resources to help us learn more.

• The U.S. National Institute of Standards and Technology (NIST) offers a cybersecurity framework to provide guidance on how to manage cybersecurity risks.
• The Center for Internet Security (CIS) publishes a list of benchmarks for organizations to meet. These help admins configure their software and systems in a secure way.
• ISO 27001 is an international standard that aims to protect the confidentiality, integrity and availability of your data.