DEFENSE AGAINST THE “DARK ARTS”

You CAN defend yourself against cyber threats!

In our last article, we looked at some of the most common threats to your network security. Cyber threats and cybercrime are an unfortunate fact of life but take heart. You are not defenceless. We promised we would follow up with solutions to the threats we described. This article will give an overview of the defences you should have in place to protect your network.

Common cyber threats

Among the threats we discussed were malware, including ransomware; DDOS attacks; IoT security gaps; Man-in-the-Middle attacks, phishing, poor patch management; form-jacking; and human error/weakness (our innate vulnerability to social engineering).

Social engineering (phishing)

Some of these risks can be mitigated quite simply. Let’s take phishing first. Train your staff. Then train them some more. We all know someone smart who has been a victim of a phishing attack. As we’ve said before, cybercriminals are also smart, and they are one step ahead. Just as you constantly innovate in your product development, so do they. It’s worth remembering they are in business, albeit an illegal one. So it’s not enough to provide a once-off training and hope your employees will feel confident in spotting a phishing attack. If you have the IT resources, it’s a good idea to send out regular “phishing” emails, i.e. examples of what a phishing email might look like. Set up a phishing email address staff can forward these to, and reward them for spotting the phish. Victims often insist that the email looked legitimate. It is only through constant exposure to these apparently valid examples that employees will learn to recognise the red flags.

Patch management

This is well within your control. Keep your systems up to date. Apply software manufacturers’ patches as they are released. This will not protect you against every eventuality, but it is a key component of your cybersecurity strategy. Out-of-date systems or security gaps left unpatched leave you vulnerable.

Malware

You already have this in place, we’re sure, but it bears repeating. Use reputable anti-virus software and a firewall. Keep your security software up to date. Beware of fake software and ensure your defences come from a dependable company. Remember, India’s high proportion of companies affected by ransomware attacks? This was attributed to poor cyber hygiene, in other words using unlicensed or under-the-counter anti-virus software.

Employ content scanning and filtering on your mail servers. Scan inbound emails for known threats and block attachment types that appear to be risky.

MITM attacks

The most primitive man-in-the-middle attacks happen when using unsecured public WiFi networks. You can protect yourself from these MITM attacks simply by not doing this. If you have to, perhaps because you are in an airport, be sure to connect to your network using a VPN (a virtual private network). Use encryption on all your devices. Patch management and phishing training will also help to prevent MITM attacks. The security of cellular connections is a challenge, but technologies are being introduced that can reduce the risk for your connected devices.

DDOS attacks

There are a number of defences against a DDOS attack. Simple hardware configuration changes will help, and you can install anti-DDoS hardware and software modules. DDOS protection appliances can be purchased from cybersecurity vendors, and it’s a good idea to spread your servers across multiple data centres.

IoT weaknesses

The Internet of Things (IoT) is a new and rapidly expanding category of connected devices. Cybercriminals have been quick to exploit the security gaps that are, unfortunately, widespread across the IoT. Fortunately, cybersecurity experts are also innovating quickly. NEWORDER represent Securolytics™ within the EMEA region to specifically address these risks which very few other vendors can. The Securolytics™ Security Cloud can identify unknown IoT & medical devices within a network environment and provide you with an inventory. Securolytics™ will enable you to:

  • Know what IoT devices are on the network by discovering and accurately identifying IoT devices by category, type, make and model, as they connect to the network.
  • Know what IoT devices are vulnerable, including coverage for the OWASP IoT Top 10 (the most critical security risks to web applications), in real-time and as devices connect to the network.
  • Know where vulnerable IoT devices are. Track vulnerable and unpatched IoT devices, even as they move around the network or get new IPs.
  • Protect IoT devices that can be compromised through device-specific profiling and behaviour monitoring.

Ordinary network scanners often don’t detect IoT devices, or they don’t tell you exactly what the device is. They don’t look for IoT-specific threats, like outdated components, and they can actually cause your IoT device to crash. The Securolytics™ technology will not interfere with or interact with devices.

Securolytics™ is a cloud-based solution with a “sensor” within the network environment that collects specific information for processing and correlation. The only information visible on the cloud platform is:

  • Device IP address
  • Device MAC address
  • Device DNS name
  • Vulnerability information associated with the device

The remainder of the enriched information uses proprietary patented technology by Securolytics™ to determine the actual device make, model and manufacturer. Securolytics™ can instantly block or segment devices it determines to be at risk, giving you peace of mind that your network is secure.