The 3 biggest pitfalls every CIO and CEO must be aware of and how to avoid them

"The 3 biggest pitfalls every CIO and CEO must be aware of and how to avoid them"

 

The biggest questions raised by executive managers executives has been “how many categories are there for cyber attacks?”

This is definitely a key area of concern and I would love to share some info about this with you.

A cyber attack will always fall into one of three (1 out of 3) categories:

1. Reconnaissance

2. Access

3. Disruption

 

Reconnaissance

1. Reconnaissance is the way information is discovered about an organisation, system, network, or a particular application.

2. It allows you to then dig deeper and gain more knowledge around information systems such as operating systems, topologies, ports, and services.

3. The more knowledge and preparation an attacker has about a particular organisation, the easier it is to exploit.

 

Access

1. Access is simple – it’s just a form of escalated privilege, anything that allows an attacker to compromise a password, system, network, or application.

 

Disruption

1. Disruption is about interrupting a service that’s available to stakeholders, clients, and internal users. It’s taking a system offline or causing trouble for that system or network.

  

Let’s take a look at some specific attacks and what actually happens – how they affect the flow of a business 

SYN-Flood

A SYN-Flood request is a wonderful decoy that disrupts the TCP handshake. By default, when a device communicates with a server, it will perform the well-known, 3-way handshake.

With a SYN-Flood attack, thousands of TCP requests can be unloaded – ones that don’t mean anything and aren’t real. This disrupts a system that doesn’t know how to mitigate against that type of attack.

 

IP/MAC Spoofing

This is when an attacker pretends to be a different IP address or MAC address in order to gain access to or through a system or network. A particular user can be interrupted and his IP or MAC address then spoofed.

This type of attack makes it 100x harder for an administrator or security engineer to detect where the actual source of traffic is coming from.

 
SMURF Attack

A SMURF attack is my personal favourite – it allows an attacker to ping a network subnet and, as the ping comes in, all devices sitting on that network will REPLY back to the Source IP Address that initiated the ICMP request.

All devices will reply back with ICMP REPLY. You can just imagine this scenario on a /20 or /19 or even a normal /24 network as all the devices are trying to reply. Not to mention the ping request may be more than one request, it may be thousands! 

This effectively causes a DoS attack and all bandwidth / resources of devices will be eaten, resulting in downtime.

Meet Andrew Constantine

Andrew Constantine is an entrepreneur and a cyber security advisor who is changing the world of cyber security. He is the CEO of Australia’s largest community of technology and business executives.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *