The nature of attacks is changing, too. In the past, hackers typically targeted companies in order to acquire information, such as credit card numbers and account logins. Computing resources themselves have, however, now become common targets as hackers try to gather up clock cycles for cryptocurrency mining. This means a company can no longer simply assume that signs of a breach will become evident once one has occurred, and that makes it more important than ever before to implement best practices to deal with inside and outside threats.
Many organizations already take steps to address what are traditionally thought of as common hacking threats coming from external sources. Setting up strict login requirements, two-factor authentication systems and firewalls all have served to make life harder for a hacker. The response by the bad guys, though, has been to get increasingly clever. In order to get ahead of threats, companies are starting to take much more active measures.
One way to keep ahead of exploits is to keep all critical software fully updated. Companies that are heavily security-focused should have systems in place that regularly update and patch systems. It’s wise, however, to not lean entire on the automatic update method. For example, users of CCleaner, a commonly used tool to clear computers of unused files, was hacked in 2017 by way of its automatic update system. Keep an eye on update logs, and also stay current with industry news in order to rectify problems that require human intervention.
A traditional firewall system can only accomplish so much. A web application firewall is designed to actively scan for common attacks. For example, companies that utilize outward facing databases can configure their WAFs to scan incoming and outgoing packets for indication of SQL injection attacks. WAFs also are designed to check for attempts to gain root access, escalate privileges and push malicious uploads. With the spread of cloud-based technologies, it’s also worth the time many companies put into finding solutions that handle queries coming and going from their cloud applications.
Holes often appear in systems simply because vendors are unclear on what a company’s security protocols are. If an internet appliance is brought into a work site, it’s important that it will be preconfigured to conform to your operation’s cyber security requirements. This means there should be a clear outline provided to all vendors explaining what antivirus and firewall programs will be installed. Vendors should also be clearly informed about what role a device will play in an organization in order to catch problems prior to delivery.
There’s a tendency among cyber security professionals to think of all problems as having external origins. Some of the most dangerous hacks, however, come from the inside. It’s easy to picture how internals actors can compromise systems intentionally, but well-intentioned individuals can also accidentally track malicious hardware into locations. The Stuxnet worm, for example, was tracked into an air-gapped Iranian nuclear lab by a worker who brought in a USB drive.
Emphasizing the importance of particular policies in critical. If a system is intended to be completely cut off from the outside world, that serve no purpose if employees are undermining the process by bringing drives in from home. Policies should be clearly posted, and refresher sessions should be conducted to ensure everyone is on the same page about the risks.
Whenever companies come together, there’s often a gap between their cyber security practices. A thorough audit should be conducted on all assets to ensure that unexpected holes aren’t being exposed by connecting one operation’s systems to another’s. Many enterprises employ change management software to conduct scans across wide networks, ultimately identifying all operating devices and providing profiles for them.
Employees come and go within a business, and it’s wise to see that people aren’t accidentally left with privileges that allow them to do harm. When new hires are brought in, admins should assign them the absolute minimal level of privileges required to do their jobs. When folks are fired or choose to retire, a process should be in place to ensure their privileges are revoked as early as possible.
Cyber security is a largely policy-driven undertaking. Companies that are committed to thoroughness and have clearly stated processes in place typically run into fewer challenges. By preparing in advance and staying diligent, an organization can lower many of the risks it faces.
By Kevin Faber
Kevin Faber is the CEO of Silver Summit Capital. He graduated from UC Davis with a B.A. in Business/Managerial Economics. In his free time, Kevin is usually watching basketball or kicking back and reading a good book.
Follow him on Twitter: @faber28kevin