eSignature Security

In a previous post, we discussed the prominent dangers lurking within the cyber arena. In case you missed it, here’s what you need to know: 

  • WHAT: Data Breaches. TechTarget defines a data breach as “an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.” 

  • WHO: While all  companies are vulnerable… because of IT outsourcing and financial constraints, small-medium sized companies tend to have increased cyber vulnerability when paired with little to no strategy.

  • HOW MUCHIndividual breaches average around $4 million in damages, with current projections estimating cybercrime costing the global economy $6 trillion by the end of 2021. 

  • WHEN: Even after a breach is contained, undermined trust among stakeholders coupled with potential fines, penalties, litigation, or private lawsuits leave scars that are hard for the market to forget.  

  • PLAN OF ACTION: Conducting research and crafting a well-thought-out game plan can make all the difference in keeping forces of cyberwarfare at bay.  

While you’d be hard-pressed to find sources claiming a decrease in cyberthreats, much controversy exists in determining exactly how pervasive and costly data breaches can be. Yet, despite varying projections and assessments, two points receive overwhelming consensus:  

  1. Prevalence of cyber-attacks has risen considerably every year over the past decade.

  2. Every company, big or small, suffers some degree of lasting damage when subjected to a data breach.

     

 

Cybercriminals and cyber espionage actors are growingly sophisticated by the day, making every market, industry, business, and employee vulnerable to hacktivists and their stealthy ways. Because it could happen to anyoneeveryone  needs to be readily armed and well prepared to defend themselves.  

To combat increasingly volatile cyberattacks, you need ammunition loaded with information and an arsenal full of knowledge… also known as “threat intelligence.”  

Types of Cyberthreats 

Today’s cyberworld is filled with cyberthreats of varying severity, objective, and intent. You don’t have to be an expert in every single threat, but being well-versed in some of the more common intrusions is a best practice:

  • Authentic/Authorization Attacks: A process in which a hacktivist may obtain a user’s credentials or bypass the credential requirement for data access. 

  • Timing Attack: The method of exploiting security protocols to discover when your system is most vulnerable. Hackers can then use statistical analysis to generate decryption keys and gain access to your system or applications. 

  • Watering Hole Attack: An attack that involves a specific website that attackers have identified as often visited by their intended target or group. Cybercriminals use specific targeting techniques by exploiting a target’s or group’s common interests. The goal is to infect one employee’s computer, gain access to the place of employment’s network, and compromise the network. 

  • Trojan/Spyware: Entities that allow a hacker to circumvent security measures and install malicious software onto an end-user’s computer. This is likely one of the more popular types of attacks your IT department or security experts warn against. The attack is often attempted via an unexpected email—that may or may not appear legitimate–with a familiar type of attachment, such as a Microsoft Word document. The attachment contains malware that automatically downloads to your computer, giving a cybercriminal access to your system 

  • Evil Twin Wi-Fi Hotspot: A hotspot or wireless connectivity hub created by a hacker to gain access to your system, files and data. The hacker’s hotspot often appears legitimate, as it mimics a wireless connection’s original name and credentials. Even creepier, the hacktivist usually positions him/herself close to the intended target to yield the strongest signal within range.  

  • Denial of Service (DOS): A scenario in which a hacker purposely floods a website with unsustainable traffic, exceeding the website’s bandwidth. This causes the website to become temporarily unavailable to all other users. This type of attack can be executed by one (DoS) or multiple (DDoS) computers with different IP addresses.  

This is not an exhausted list of all cyber concerns in today’s digital realm, however, these are some of the more common and intrusive cyberthreats affecting multiple industries.  

Cyberthreat Terminology  

While the threats themselves compose a good deal of cyberthreat terminology, below are a few additional terms you should be familiar with: 

  • Exploit: A piece of code that uses software vulnerabilities to access information on your PC or network. 

  • Keyloggers: Malware that records a user’s keystrokes. This is particularly desirable for hacktivists launching authentic/authorization attacks aimed at collecting user credentials. 

  • Malicious File Uploads: The uploading of a file(s) that grant remote access to a cybercriminal or that damages a system or application.  

  • Assume Breach: Strategic mindset in which business leaders and CISOs shift focus from purely preventative security measures to detection, response and recovery from security breaches.  

 

 

The good news?! Assume breach is a strategy that more and more businesses like AssureSign have adopted in creating a multi-faceted response to a potential cyberattack or data breach.  

We hope after reading this post you feel more comfortable with the different types of cyberthreats and security breaches so you may begin crafting your all-inclusive, assume breach approach! 

Next week we’ll share our  guide on how you can determine the best cybersecurity defense strategy that addresses the specific needs of your  business. 

 

Download our eSignature Security Relay Race whitepaper and learn how AssureSign applies assume breach protocols to protect your documents during every step of the digital journey!

 

Donald Kratt

Chief Technology Officer at AssureSign
Donald was brought into AssureSign’s sister company, 3PV, in 2003 and now oversees Software Engineering operations for AsssureSign where he helped architect the AssureSign platform and was responsible for constructing the original engineering team.

Latest posts by Donald Kratt (see all)