Cyber hacks are the worst! A successful hack means that not only has your information left the secure perimeter of your organization (a security incident) it has also found its way into the hands of a hacker (a breach). Hacking is what keeps CISOs awake at night. Let’s look at some of the most prevalent hacks of 2019.
1. Stolen Credentials
Stolen credentials are a nightmare for two reasons. The first is that stolen credentials are generally preventable, and the second is that finding these attacks are terribly hard to do. Let’s dig deeper.
I say the stolen credentials are generally preventable, but in reality, this may be one of the hardest things a security practitioner can tackle. The easiest and most common method of stealing credentials is phishing, and the most common target is everyone in the company with an email address. As you can see, the attack surface can be very large, and the tech savviness needed for this attack is very little.
The most common method of harvesting credentials via phishing is to send users to a fake login site that prompts for credentials. The site commonly looks like an enterprise product’s login site (think Microsoft, Adobe, DocuSign) and prompts your users to log in. Your users will enter their identity and passwords and the site will record it.
You can prevent this by making sure your users have regular training on phishing. Remember though, even the best trained staff may occasionally fall for a phishing email.
I suggest that if someone reports to you that they may have fallen for a phishing scam, change their credentials immediately and make sure they change credentials for any other services using the same credentials. And if they are using the same credentials across multiple services. they should stop. I would also consider establishing Multi-Factor Authentication (MFA) for critical services as MFA is among the best methods of remediating the risk of stolen passwords. Finally, many services can report or block abnormal logins, like those coming from other countries or at odd hours. Consider activating this capability.
Backdoors are entry points into networks or applications that are left open by developers or IT personnel. They are usually either a forgotten artifact from development or a part of a contingency plan for regaining access to assets if there is an outage.
Generally, an actively monitored back door is of less risk than the backdoor developers installed and forgot. However, both are a risk. Hackers can use back doors to attack your system, and if you are not monitoring the back door, it can be their exit route when stealing information. Particularly nefarious hackers will use backdoors to install other backdoors so that once you close one and think you are safe, they just open the other.
Like stolen credentials, backdoors are terribly hard to detect. The single best thing you can do to protect yourself from back doors is put everything behind a firewall, and actively monitor the firewall. Adding intrusion detection and intrusion prevention capabilities further strengthen your defenses. Monitor what ports you have open and ensure that you know why you have each port open.
3. Vulnerability Exploitation
Vulnerability Exploits are just plain scary. Enterprises have to manage vulnerabilities in bulk. We run vulnerability scanning tools that search for known vulnerabilities, but in large companies, hundreds of new vulnerabilities may pop up each week.
This is one of the many areas that the cybersecurity deck is stacked toward the hacker. Cybersecurity practitioners have many vulnerabilities that get disclosed each week that they have to respond to and remediate, where a hacker just needs one un-remediated vulnerability to make everyone’s life miserable.
The solution to your vulnerability woes is to automate as much as you can. Make sure you are actively scanning your environment for vulnerabilities at least weekly. Employ automated configuration management and patching tools to ensure your assets are updated in a timely fashion. For critical systems, set up a test environment to test patches before releasing them on production systems. Finally, establish target goals for remediations. For instance, high vulnerabilities may be required to be remediated in 3 days, while medium risk vulnerabilities should be remediated in a week.
Are you terrified yet? Hopefully, the solutions detailed here arm you with actionable steps and guidance about how to do cybersecurity and privacy in your environments. If you’re looking for a way to pinpoint and mitigate risk in your third-party cyber ecosystem, we can help.