This is one of the most talked about topics in the media and in boardrooms in recent years. It is a major problem and challenge for many organizations. The average dwell-time (average time before a company detects a cyber breach) is more than 200 days, highlighting this as an area where companies do not do well. This is because not all cyber breaches are destructive in nature.
Many companies are not proactively looking for cyber breaches and only when they detect ‘smoke’ do they realize the company has experienced a cyber breach. Ransomware forexample makes the critical data on systems unavailable until the victim pays a financial fee, typically bitcoins to get the key that unlocks the data.This type of cyber-attack is easily detected, like DDOS attacks (Distributed Denial of Service), as it makes part of the company’s service immediately unavailable. Ransomware threats have been on the increase and are about to pass 1 billion dollars in cyber crime.
Many cyber attacks are far less conspicuous in their destruction
Not all of the cyber threats are so apparently destructive and due to this many companies do not see smoke at all. Therefore they assume that everything is okay and nothing is at risk. However, the reality is that a hacker or cyber criminal is already on the network, waiting, watching, stealing data, and committing financial fraud; typically using the credentials and accounts of a trusted insider. This is because hackers and cyber criminals for whom the motive is financially motivated or intelligence focused, the key to their hacking activities is to remain hidden. To stay undetected, and hide any trace or footprint of their activities. These types of hacking techniques make it difficult for companies to recognize and combat cyber crime. They are difficult to detect because everything appears to be working normally.
So what can companies do to recognize and combat cyber crime and improve their cyber hygiene? Here are some tips and best practices that will help you and your company recognize cyber crime and combat the threats.
- Education and Cyber Security Awareness
This is one of the most effective cyber security countermeasures, and an instant win.
Educate employees to avoid and prevent suspicious activity on their computers:
- Detect suspicious applications running, popups, warning messages, etc.
• Flag suspicious emails (emails with attachments, sender unknown, hyperlinks and unusual requests)
• Be vigilant when browsing websites
• Stop and think before clicking on links or ads
• Ensure websites are trustworthy before entering credentials
• Limit activities when using public insecure Wi-Fi networks or use a VPN
By educating employees on what to look for will increase the company’s ability to recognize cyber crime early and in many cases prevent cyber crime. This should also be communicated and it will not only help the company’s cyber hygiene but will help the employee keep their own personal data secure.
Training should start at the top of the organization, working down. It is recommended to appoint a cyber security ambassador within each department to assist in the detection and incident response for potential cyber security threats and risks. This helps expand the efficiency of any IT security team while ensuring that there is someone in the organization who is responsible and accountable for implementing and maintaining cyber security measures.
- Collect security logs and analyze for suspicious or abnormal activities
An important activity and best practice for companies is to make sure security logs are being collected and analyzed for suspicious activities. In many situations looking at security, logs will likely identify abnormal action. For example, look for credential logins or application executions that occurred during non-business hours. Not only can collecting security logs help detect cyber criminal activities, but they also become hugely important when dealing with digital forensics to determine root cause analysis and help with future prevention measures.
- Keep systems and applications patched and up to date
Keep systems and applications up to date and apply the latest security patches—this will keep most hackers and cyber criminals from gaining access to systems by using known exploits and vulnerabilities. This is not a full proof counter measure, but it will make a successful breach more difficult for cyber criminals.
- Use strong passwords and keep privileged accounts protected
When choosing a password make it a strong password, unique to that account, and change it often. The average age of a social password today is years, and social media does not do a great job alerting you on how old your password is, how weak it is, and when it is a good time to change it. It is your responsibility to protect your account so, protect it wisely. If you have many accounts and passwords, use an enterprise password and privileged account vault to make it easier to manage and secure. Never use the same password multiple times.
If your company is giving employees local administrator accounts or privileged access then this seriously weakens the organization’s cyber security. This can mean the difference between a single system and user account being compromised and the entire organization’s computer systems. In all Advanced Persistent Threats, the use of privileged accounts has been the difference between a simple perimeter breach and a major data loss, malicious activity, financial fraud, or worst case scenario: ransomware. View an on-demand ransomware webinar
Organizations should quickly ensure they continuously audit and discover privileged accounts and applications that require privileged access, remove administrator rights where they are not required and adopt two-factor authentication to mitigate user accounts from easily being compromised.
Your privileged accounts are a favorite target of hackers.
Free Tool: Discover and secure ALL your Windows privileged accounts fast.
Assess the Risk
- Do not allow users to install or execute unapproved or untrusted applications – stop malware and ransomware at the endpoint
Another major risk that organizations run as a result of providing users with privileged access is that the user has the ability to install and execute applications as they wish, no matter where or how they obtained the installation executable. This can pose a major risk allowing ransomware or malware to infect and propagate into the organization. It also allows the attacker to install tools enabling them to easily return whenever they wish. When a user with a privileged account is reading emails, opening documents, browsing the Internet and clicking on numerous links, or when they simply plug a USB device into the system, they can unknowingly install infectious or malicious tools. This enables an attacker to quickly gain access and begin the attack from within the perimeter, or in the worst case scenario, encrypt the system and sensitive data—then request a financial payment in return to unlock them.
Organizations must implement security controls that prevent any application or tool from being installed onto the system by using Application Whitelisting, Blacklisting, Dynamic Listing, Real-Time Privilege Elevation, and Application Reputation and Intelligence. This is one of the most effective ways to prevent being the next victim of cyber crime.
6 Be deceptive and unpredictable
It’s crucial to be deceptive, be unpredictable. Most organizations look to automation to help assist in their cyber security defenses, but in many cases this lends itself to predictability: scans are run at the same time every week, patches take place once per month, assessments once per quarter or per year.
Companies that are predictable are vulnerable, so should establish a mindset in which systems are updated and assessed on an ad-hoc basis. Randomize your activity. This will increase your capacity to detect active cyber attacks and breaches.
These best practices and tips will help companies reduce the dwell time of cyber breaches as it makes it difficult for hackers and cyber criminals to remain hidden and increases the likeness of detecting active cyber attacks. It also raises awareness in the organization, and engages employees in becoming an important role in detecting suspicious activities.