Security Best Practices: Tricks Attackers Use

Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+Email this to someone

In my last post, Security Training: Why Learning Security Best Practices is in Everyone’s Best Interest, I detailed the importance of security training, including the necessity of being taught to “think before clicking” on malicious links and how a security breach can have horrifying effects on your organization’s productivity. In case your organization chooses to forgo the formal training, this post details some potential threats and what they look like and covers basic security terminology that will come in handy when protecting your devices. Receiving formal security training is crucial. If, however, you choose not to, knowing what to be wary of will better equip you to think before clicking to safeguard your personal devices as well as your organization’s.

Tools to arm yourself can be found on, an informational website created by SANS, a security information and education organization. This site has several helpful guides that address security best practices and how best to teach, implement, and consistently utilize them. A useful place to start is understanding some basic security-related terms.

With these terms and their definitions in your arsenal, it will be easier to  begin to detect and watch out for potential threats to your devices.

In Peer to Peer Magazine, Douglas Brush, the Director of the Information Security Governance practice at Kraft Kennedy in New York, details the different types of attackers and attacks you might face.

Brush divides attackers into two groups, interior and exterior threats. Interior threats are those that come from the employees within the organization or contractors and vendors that have easy access to company data and confidential information. Exterior threats are those that come from outside office personnel, like hackers and malicious groups. Brush describes the ways attackers can infiltrate an organization:

1. Reconnaissance: the actions an attacker takes to “case the joint.” This information gathering can be done by reviewing your own website, social media platforms, databases such as Public Access to Court Electronic Records (PACER), database lookups using, and domain name system (DNS) records, and advanced tools to mine and correlate data.

2. Scanning: Scanning techniques use networks and networking technology to identify connected IT assets. The most common form of scanning uses tools to probe TCP/IP networks to map computers, routers and servers, identify the devices’ operating systems, and discover open ports and services.

3. Exploitation: an active attempt by an attacker to get a toehold in a system or network. This can come in the form of a phishing email, a USB flash drive or a compromised host with a known vulnerability.

4. Maintaining a Presence: Attackers who get in want to stay and be unnoticed. After a successful initial exploitation, an attacker scans an environment for new targets, harvests credentials, escalates privileges, and pivots to new systems to exploit.

5. Exfiltration: In most common breaches, attackers are attempting to remove data from its environment. This is called exfiltration. Exfiltration can be done by insider threats with USB flash drives, cloud storage platforms such as webmail or cloud storage, or even something as simple as printing confidential documents and walking out the door.

Being aware that there is a variety of threats is helpful when understanding the very real danger of a security breach. As Brush states, “It’s not a matter of whether you will experience a data breach; it is a matter of when you will experience one.”

Here are some examples of phishing emails so you can better avoid becoming a victim of one.

With these in mind, you are ready to face the scary inevitability that you and/or your organization will experience a security breach. If you are mindful of these introductory key points of security best practices, you have already begun to proactively defend yourself against attackers.