What Step Is Not Likely to Reduce Possible Attacks to an Organization

These days it seems that every time yous open your favorite news source at that place is some other information breach related headline.  Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the "headline of shame" over the past several months or years.  With all this publicity and the increasing awareness of the full general public about how data breaches can touch on their personal privacy and financial wellbeing, information technology is no surprise that in that location is a lot of interest in preventing hacking.  The trouble is that in that location is no way to prevent others from attempting to hack into whatever target they chose.  Since there is a practically limitless number of targets to choose from, the attacker need only exist lucky or skilled plenty to succeed once. In improver, the take a chance of successful prosecution of perpetrators remains low.  However, while you can't forestall hacking, you lot tin can assist to reduce your attack surface to make your system less likely to be the discipline of attacks.

Hacking types: the various attack strategies

At this point, lets differentiate between opportunistic attacks and targeted attacks.  Opportunistic attacks are largely automated, low-complexity exploits against known vulnerable conditions and configurations.  Ever wonder why a small business with a pocket-sized geographic footprint and almost no online presence gets compromised?  Chances are good they but had the right combination of problems that an automatic attack bot was looking to exploit.  These kinds of events tin can potentially end a pocket-size to medium concern as a going business while costing the aggressor practically nothing.

Targeted attacks are a different story all together.  These attacks are by and large low, dull and persistent; targeting your organizations technical footprint as well as your employees, partners and supply concatenation.  While targeted attacks may use  some of the same exploitable conditions that opportunistic attacks apply, they tend to be less automated in nature so equally to avert possible detection for as long as possible.  In improver, they may involve a more than frequent apply of previously unknown exploit vectors ("zero day's") to accomplish their goals or abuse trusted connections with tertiary parties to proceeds access to your organization.  Ultimately information technology doesn't matter which of these kinds of attacks results in a alienation outcome, but it is important to think of both when aligning your people, processes and technology for maximum effect to mitigate that risk.

There take been many articles written regarding all-time practices for minimizing the take a chance of a cyber-security incident.  Rather than recount a listing of commonly cited controls, I would similar to approach the topic from a slightly different perspective and focus on the height six technical controls that I feel are likely to help  mitigate the near risk, provided that all the "table stakes" items are in place (i.e. you have a firewall, etc.).

Antagonist Simulation Service

Lets customers examination their security operations and detection capabilities confronting advanced penetration testing techniques.

Learn more

1. Patch and Update Constantly:  Ultimately the well-nigh hacker-resistant environment is the i that is best administered.  Organizations are brusque cut arrangement and network administration activities through upkeep / staff reductions and lack of training.  This practice often forces prioritization and choice nearly what tasks become done sooner, afterwards or at all.  Over time this creates a large, persistent baseline of low to medium take chances problems in the environment that tin contribute to a wildfire event under the right conditions.  Lack of a consummate nugget inventory – both hardware and software – contributes to this take a chance as applications and devices become unmanaged.  Staying on acme of patching, system/awarding updates, stop of support/life platform migrations, user administration and configuration management is irksome, time consuming, and generally underappreciated; but this activity - more any other single task, will reduce the gamble of cyber events in an organization and dramatically reduce the hazard of opportunistic attacks.
2.  Email Security:  Email is the number one entry signal for malware into the enterprise.  No surprise really.  Given all the data that has pointed to this as the root cause of many alienation events, it should exist the next identify where organizations double-down on security.  Information technology is very important that organizations take the time to be informed consumers in this regard and empathize what threats the e-mail controls are preventing and what the remaining exposures are and so that a layered control model tin can be put in place.
3. Endpoint Detection and Response:  Nigh of that email is destined for a user that will click on attachments and potentially infect themselves with malware of some kind.  The second most mutual malware infection vector is through malicious web content; also, an end-user action.  As a result, it makes sense to have a thorough suite of controls on the endpoints and servers in the environment to identify and shutdown viruses, malware, and other potentially unwanted programs.  Making sure that all endpoints are under management and kept current will help prevent whack-a-mole malware infections that tin can persist in environments with inconsistently applied controls.
4. Segmentation and Egress Filtering:  Merely because a hacker or piece of malware makes its style into your environment, doesn't mean they should be able to spread side by side network nodes or waltz back out with your mission critical, regulated information.  Limiting the ability to communicate both beyond and outside the network through a combination of controls such equally firewall policies and requiring the use of proxy servers is an oftentimes-overlooked opportunity for organizations to increment their security, limit the impact of an incident and  assist prevent a network incident from becoming a public data breach.
5. Robust Detection Control Infrastructure:  History teaches us that prevention-centric strategies will neglect and should exist paired with detective controls to minimize time to detection and remediation.  Make certain you have a well-tuned SIEM/SOAPA/SOAR infrastructure equally part of your security architecture and that that is receiving logs that cover the internal network and applications as well as through the perimeter.  This includes tuning of endpoint, application, and network device logs to enable an early on detection and response capability in the environs.
6. Multi-factor / Multi-stride Hallmark:   The majority of breaches involve the use of cracked, intercepted or otherwise disclosed authentication credentials at some point.  Use strong, multi-factor authentication methods by default wherever possible.  Combined with the ability to detect and alarm on failed login attempts, this practice can provide clues to users that may exist the focus of targeted attacks.

Since many implementations of multi-factor/multi-step authentication involve an private utilizing their cell phone for calls or SMS messages, this does crave that users take steps to secure their mobile phones.  Unabridged articles have been written about this topic lonely, but in short make sure that the device is fully patched, running simply trusted/signed applications from reputable app stores and is protected by a pivot or other security access control.  Make certain that you bank check with your mobile provider to have steps to prevent a malicious user from porting your phone number to some other device/carrier.  Lastly, use app-based authentication methods whenever possible every bit opposed to SMS-based or phone phone call methods to further protect yourself from number port out schemes.  Such steps can help reduce the risk of concern electronic mail incorporate schemes and maintain the authentication security of corporate social media accounts such as Facebook™, Twitter, and Instagram™.

Cybersecurity has always been something of a race between attackers and the defenders. Organizations that steadily and consistently execute on timely, data-driven decisions that are focused on risk-reduction are more likely to win the twenty-four hour period.  Every organization, regardless of size, faces difficult choices about where to allocate their limited resource; and you can never eliminate the risk of a cybersecurity incident entirely.  Then, huddle up and decide how your arrangement is going to run the side by side phase of this race.  Later all, like the eponymous characters in "The Tortoise and the Hare" all we can do is run the race in any way we feel maximizes our run a risk of coming out on top.

wardworsir.blogspot.com

Source: https://cybersecurity.att.com/blogs/security-essentials/hacker-prevention

Share this post