The evolution of technology has fundamentally changed the security landscape. The trench warfare style of a static frontline for computer security has given way to guerilla warfare. In the past few weeks alone, we’ve seen the Glibc vulnerability and the DROWN SSL vulnerability.
Cybersecurity risks pose increased threat to your business, which can be subjected to significant liabilities if your network falls victim to a cyber-related attack. Safeguard your environment and your business by reviewing the five actions crucial for preparedness: identify, protect, detect, respond, and recover (based on NIST Framework for Improving Critical Infrastructure Cybersecurity).
Who are the attackers and what are their motives?
- “Script kiddies”: exact revenge on a perceived wrong, or just fooling around
- Corporations: seek intellectual property (e.g. see competitors’ strategy)
- Activists: desire political/ideological publicity
- Criminal Organizations: money through extortion or seeking to expand their zone of control
- Nations: extract intellectual property (e.g. utilities, defense technology, etc.)
What weapons are they using?
- Phishing: Targeted emails that could contain an attachment with malicious software, or a link that downloads malicious software.
- Social Engineering: Posing as a customer, employee, or other individual associated with a particular company to exploit user naivety and goodwill to gain access to private information.
- Water Holing: Compromising a specific group of end users by infecting websites that members of the group are known to visit with malware.
- Worms/Viruses: Malware computer programs that replicate themselves in order to spread to other computers.
- Trojan Horses: A malicious computer program that misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it.
- DDoS: Distributed denial-of-service attacks are attempts to consume one or more finite resources on a target computer or network of computers.
- Ransomware: Malicious software designed to block access to a computer system until a sum of money is paid (a.k.a. extortion).
- MitM: Man-in-the-middle attacks occur when the attacker secretly relays and possibly alters the communication between two parties.
What are the targets?
- People: Executives are popular targets, so much so that some organizations restrict what they can access. People in technical roles are targeted less frequently than those perceived as easier targets.
- Process: High-priority processes can be hacked because it is common for employees to expose them without realizing it.
- Technology: Technology is potentially the easiest to exploit because it is easy to incorrectly configure or deploy. Large Fortune 500 companies aren’t the only targets—smaller companies are often easier to breach.
- Change defaults: A lot of attacks are automated and simply changing defaults can defeat them.
- Be proactive: Get ahead of enterprising attackers with patches. Proactive customers have patches applied without needing to request it (e.g. when Poodle/GHOST came out all proactive customers were protected the first day).
- Backup your data intelligently: For example, don’t backup a directory somewhere else on the same server.
- Defense in depth: A hardware firewallautomatically blocks malicious traffic and provides rapid response to emerging threats before they impact your server.
- Avoid cross-pollination: Do your best not to mix home and work technology.
- Implement policies: Have policies and procedures in place for attacks (e.g. a disaster recovery plan), data breaches, etc. and conduct drills—the time to learn is not when an attack is underway.
- Act like the world really is out to get you: These are not theoretical threats – these are just an example of one type of attack that is underway as you’re reading this.
- Be aware of the not-so-obvious: Not every attack is obvious. We’re all somebody else to somebody else. Some attacks are overt while others just want a compromised host through which to proxy traffic quietly.
- Stay up-to-date: Regularly check forums and industry publications/lists for new exploits/vulnerabilities.
- Perform regular scans and review logs: Who is knocking on the front door?
- Be vigilant: Sometimes an obvious attack is just a distraction for a more sophisticated attack.
- Establish processes: Develop procedures to assess and address whether, when, how, and the extent to which personal information is shared outside the organization as part of cybersecurity information sharing activities.
- Conduct a privacy review: Implement a process to review your cybersecurity mitigation efforts.
- Communicate: Always communicate recovery activities to your customers. An IBM-funded study conducted in 2015 reported that the average cleanup cost for a data breach is $3.8 million.
Security isn’t a state you reach, it’s a continuous process. The NIST framework should be used to determine where you are, what is at risk, and what you should do to address threats and prevent liability. Choosing a hosting provider with the necessary knowledge, skills, tools, and established processes to safeguard your environment is an essential piece of the security puzzle. Their security and technical teams must keep pace with today’s relentless cyber attackers by undergoing continuous training, and conducting regular drills to identify, protect, detect, respond, and recover.
Finding a hosting partner with the right combination of security expertise, tools, and systems can be a daunting task, especially for startups, small and medium-sized businesses (SMBs), and mid-market companies without the resources to develop these skills and systems internally. Codero continues to protect these businesses and their environments with the highest level of security expertise and service.
Our experts never take their fingers off the pulse of today’s rapidly evolving threat landscape – subscribe to the Codero blog for the latest tech tips from our experts and keep abreast of the latest security alerts and developments.