Just last night, I resumed my studies again for studying in
the “Certificate In Cybersecurity” exam.
It is an entry level certification, and is a new one that is being hosted
by the ISC2, one of the top testing vendors globally.
In fact, they are the ones that also host the CISSP, which has
basically become the gold bar now in the Cyber industry (like how the MCSE was
back in the 90’s, during the Internet Bubble).
One of the topics that I ended up studying was about Incident Response
Planning.
Sure, I thought this topic would be easy enough, because I
have written on it so many times in the past. No that the material was hard by
any means, but the terminology was a little bit more than I had realized.
One term that I came across which I probably have used a
hundred times over as a writer was “Breach”.
I scratched my head, and thought, “OK, what really is a breach? What technically causes it to happen?” According to the study materials that I have,
it was defined as the point where the Cyberattacker actually decides to break through
your perimeter defense.
Now what happens after that was not mentioned. But that is how it is interpreted. But as this term is applied into the real world,
security breaches are really nothing new.
We see them happen all of the time, some of them are small cases, or
some of them can be very large, such as the Solar Winds hack. But in the end, something is stolen (no
matter how long it takes), and it is of high value and pertinence to the business.
According to a recent research study conducted by Crowd
Strike, it was technology that succumbed most to security breaches. From 2021 to 2022, there were well over
77,000 breaches that have occurred and witnessed by their researchers (however,
this number does not include other kinds of breaches that have occurred to
other victims).
More info about this study can be seen here at this link:
https://www.crowdstrike.com/resources/reports/overwatch-threat-hunting-report/
Here are some of the key highlights from this report:
*The Cyberattacker of today is moving away from using malware-based
attacks. According to their research,
71% of the security breaches that they witnessed did not even include
malware.
*Between 2021 and 2022, more than 30,000 vulnerabilities. Now according to my study material there is a
distinction here: Vulnerabilities are simply
a weakness in which a Cyberattacker can penetrate through, such as a backdoor
that was still left open in the software development lifecycle. The breach actually occurs when the
Cyberattacker actually penetrates through this weakness.
*Sometimes, a Cyberattacker may not even enter through the vulnerability
to break in. They might just simply deploy
a malicious payload such as a “Web Shell”.
These are malicious scripts that allow the hacker to take over a
particular Web Server and cause more damage from that.
So what can an SMB, or even a Fortune 500 company do to stop
the rising trend in security breaches from happening? Keep in mind that these tips will only help you
to mitigate, or decrease that risk. It
is not a 100%, absolute guarantee. Here
we go:
1)
Review the basics:
At this point the thought of
investing newer security seems to be the answer. The harsh reality of that is actually a
resounding “no”. You really do not need
anything. You can probably make so with
whatever you have in place. It just all
needs to be realigned again to give you the maximum protection that is possible. For instance this means conducting a brand-new
risk assessment to see where your most vulnerable assets lie at. It also means reviewing your security policy
and other important docs to see how well prepared you are to handle a security breach
should it happen to you. It also means
that your employees are obeying proper password hygiene habits. It also means that your are applying software
patches and upgrades as they come out.
More can be added, but you get the idea.
2)
Keep an eye on your remote services:
This is starting to become a newer
type of vulnerability, and something that the Cyberattacker will take complete advantage
of whenever and wherever possible.
Probably one of the most broken remote services is that of the Remote
Desktop Services, or also known as RDP from Microsoft. This is a specialized kind of protocol that
lets you log into remotely another workstation or server. It has been hammered many times by
Cyberattackers in the past, and truthfully speaking, I don’t how actively it is
even being used even more. In fact, the Solar
Winds hack occurred because of weaknesses that were found in one of their remote
services, that thousands of clients became highly dependent upon.
3)
Privileged Access:
These days, the Cyberattacker is
not so much after the passwords of just your regular employees. Rather, they want the higher-level privileged
accounts, so they can get to the crown jewels even quicker than before. So, make sure those Privileged Accounts are
as secure as possible, by making use of the principles of Privileged Access Management,
or also known as PAM for short. This is
starting to become a hot area now in Cyber, especially with SaaS based
deployments into the Hybrid Cloud. I am in
the process of writing a ton of articles about PAM for a client, so hopefully I
can get those uploaded to my site soon.
4)
Watch for Social Engineering:
Many Cyberattackers of today are
even dissing the notion of using digital threat vectors. Instead, they have a new ally on their
side: Social Media. A hacker can quickly build up a profile based
upon what people post, and from there, they can launch laser pointed Social
Engineering attacks against them in order to gain access to privileged
information. Also, they can use what is
known as Open-Source Intelligence, or OSINT for short. This is all mostly free stuff that is available
on the Internet that gives details about other people and businesses.
My Thoughts On This:
Here are some of the quick tips that you can use to keep your
business at bay from security breaches.
It is by no means an exhaustive list.
But it is designed to get you and your CISO thinking about things
again. Remember, new does not always equate
to security success. Simply building a better mousetrap with what you already
have is usually the best way to go.
No comments:
Post a Comment