Headlines across the planet are decrying the state of Cyber Security. From major companies being compromised, from the largest banks, to retail chains to government departments to ordinary people. Even police and security companies have been made targets, infiltrated and data taken. There have even been estimates that of companies with over 3000 computers 80% are currently being actively attacked and are compromised. Of these 80% only 20% are aware of it.
The average length of time between a company being compromised and determining this is three months. Most find out by a third party telling them they found data that had been extracted and for sale on the dark side of the Internet.
If your company thinks it has never been compromised then you probably are right now and don't realize it.
The attackers are varied and have many different motives and targets. There are the cyber criminals, only in it for the money. The state actors, US, China, every other country including the ones who deny it. The hacktivists, political or freedom motivated who hack to bring their cause and the freedom of the web to every one, and then the "script kiddies" who hack because they can and the "lulz".
The current situation is bad, very bad. The criminals have so much information they can't use it all. The governments of the world are hoarding data into huge data warehouses with millions of square feet of server space and can't process it all. Law enforcement cannot keep up with the amount of hacks happening. So they go after the low hanging fruit, the easy to catch script kiddies with the hope of deterring the other actors by giving the ones they catch such long sentences they don't fit the crime committed.
How did we get to this point? How does this happen and happen and happen and yet no-one seems to be able to stop it?
The leading way to break into a network is to get someone else to do it for you. This can be by getting an insider to download malware through social engineering, or a watering hole attack or find an outside company that has access to the target company but is less secure. Once inside attackers have it easy since most companies don't properly segregate their networks into zones with access controls between them. Yes it makes getting at data harder, especially for the attacke
So there you go, make sure you have the minimum
defenses in place at least, firewalls, antivirus and intrusion
detection with someone who is monitoring them 24/7. Use segementing, a
VPN, honeypots, heterogeneity and education to keep your network safe.
rs.
It's not expensive. Most of the tools out there to make a network secure are either open source or based on the open source tools in some way. Open source means free and as a bonus you get the source code so you can, if you know how and want to, verify that the software does what it says and has no back doors. And the extra bonus of you can make it better and give back to the open source project. If you come to rely on them a donation to keep them going is appreciated.
So what do you need to have. I thought everyone knew you needed a good firewall at the perimeter of your network. A single entry point that only lets through authenticated traffic. It stops random entry into your network. Add to that a VPN (Virtual Private Network) where your staff who are not inside your firewall can get in securely. Then filter all outgoing traffic to stop people from going to places where they can bring malware back in.
If you have any external entity accessing your network they must be segregated from the rest of your network. Your HVAC contractor doesn't need to be on the same network segment as your employee records or your client records or your point of sale network. These sensitive data networks should also be segregated from your run of the mill data network and if possible each other. If one part of your network is compromised make sure it isn't the important parts of the network.
Next anti-virus just to stop the threats we already know about. Anti-virus/anti-malware software works by knowing what known malware looks like and if it finds that signature blocks and removes it. But what about the stuff we don't know about? Intrusion detection works on analysing traffic patterns. If something abnormal is happening then someone gets alerted and they check it out. Other forms of intrusion detection include honeypots and tarpits. These are computers on your network who are sitting there to not do any work but be tempting targets for malware. And if they get any activity it is likely someone trying to break in. You get an alert and go see what the attacker is trying to do. There are public honeypots at honeynet.org and they have a lot of info.
If your company is industrial with computers running machines there are also honeypots for that. Put one up where you think attackers might be looking and see if they are. Try Conpot from honeynet.org.
You also need to educate your users and continuously refresh their skills. For social engineering your users are either your weakest link or you line of defense. If you don't teach them they won't be very defensive.
Another problem we seem to have in almost every computer network is that to make things simple for IT we make every computer on the network exactly the same with the exact same software and access controls. It sure makes things easy for IT and the hackers. Now your IT is a smart but lazy bunch of people, who like to script everything. SO are hackers and your 'make it easy for IT' policy is also making it easy for hackers. Networks with lots of different computers, heterogeneity, break most hackers tools. Malware that expects everything to be exactly the same breaks down when presented with many different systems all set up with different software and the software not always in the same places. A network full of carbon copy systems is a hackers playground.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment