The era of the image of a cybercriminal hiding in a basement for attacks is gone. While there may be a few that continue to use that method, a majority of those involved in cybercrime have developed into sophisticated entities that emulate the planning and execution of a well-organised corporation. The first step in protecting yourself and your company is to understand that cybercriminals have profited to such a degree that they are investing in more complex forms of attacks on a daily basis, and preparing for them requires constant diligence.
A 2018 Incidence Response by Insights Reports narrows everything down to the Secureworks Three P’s of Protection:
“Secureworks 2017 Incident Response investigations provided a valuable reminder of how important it is to prioritize the basics above all else, even in a comprehensive program with the latest technologies. A program can only be effective if people, process, and technologies are working in concertto [sic] defend against cyber threats. Three of the basics that frequently make the difference between a high and low impact incident are:
- Partitioning or segregating your network
- Reducing user privileges
- Understanding and hardening your perimeter”
Best Tips to Circumvent Attacks
Your enemy knows your weaknesses, and in cybersecurity, a majority of their success continues to be in phishing (40%) and “scan and exploit” (23%). They make use of the vulnerabilities and weaknesses of human interest and error to infiltrate and steal your proprietary information and data.
Enhanced login and password requirements combined with restricted management of user account privileges will be major steps that can assist in protection. This translates to more elaborate combination passwords containing alpha and numeric characters as well as changing them on a monthly basis. The addition of an MFA (multi-factor authentication) adds another layer of protection so that a user must validate with more than one access point. Creating a limited number of individuals that have access to the user information will offer a higher level of security.
“We are routinely encountering incidents where threats are getting access to networks through internet facing services that only require a single password to gain access.”- Jeffrey Carpenter, Senior Director, Secureworks’ Incident Response Consulting Practice
Work with the IT Department to enhance or implement a complete activity log for your network and if you don’t have an automated program, require specific individuals to monitor and look for abnormal behavior. This is known as endpoint visibility and can be a critical tool in discovering a potential attacker before they breach your system.
“The majority of incidents tend to have log analysis at their core, with effort spent trawling through logs from various sources to understand what happened and when.”
Jeffrey Carpenter, Senior Director, Secureworks’ Incident Response Consulting Practice
In most organisations, the concept isn’t “if” your network has been compromised, but “when” it will be. Establish a complete incident preparation as part of your response planning. Create a practice run-through to involve all of those that are part of your plan, the responses that they will be required to make, and the time that it takes from discovery to resolution.
Include all security protocols, reports, and changes as an integral part of your weekly management meetings. You should also incorporate reports for software patches and updates. In 2017, patch lapses were a major reason for successful system breaches. Cyber criminals rely on lack of prioritising these important areas and take advantage of the vulnerability.
“The idea that attacks are leveraging zeroday vulnerabilities which defenders are powerless to prevent is a myth. In almost every case where software vulnerabilities were exploited to gain access to a network or system, the vendor had released security patches for those vulnerabilities months beforehand.” – Don Smith, Senior Director, Secureworks C
It’s important to remember that for every change you make to update your protection, cyber criminals are devoting their full attention to locating other areas that are vulnerable. This is their full time job and over the years, they have become well-versed experts with profit levels that are soaring. Your job is to create an environment that makes their job difficult to do.
We know that companies must focus on the day to day operations of their organisations. Da Vinci Forensics is committed to not only offering consultations and advice for the safety and security of our clients, but to maintain constant vigilance on the latest attack methods that are being employed by cybercriminals. We are professionals at helping you protect your data.
Da Vinci Forensics Team