Ransomware is a particularly devious form of cyber attack, and is one that is made possible when a file somehow penetrates your network security, and then encrypts all of your data so that it can’t be used. The cyber attacker will then offer to decrypt your data, or provide you with a key that will accomplish the decryption, after a sum of money is paid.
This has become a very popular form of cyber attack, because there are very few alternatives available to the victim, especially if the company being victimized does not take daily backups of its data.
As a company, it’s very important that you take every step possible to prevent the penetration of malicious files like this which can cause such widespread damage to your business. In general, there are two kinds of action that every company should take to prevent cyber attacks such as ransomware from succeeding.
The first set of actions involves taking a proactive approach to instruct employees about the need for maintaining security at all times, especially with regard to emails, the social media, and even using devices which have company data stored on them. The second approach is to automate as many processes as possible, so as to minimize the potential for human error, whenever those processes involve sensitive data owned by the company.
Emails and Downloads
It is known that most ransomware attacks occur because humans have made simple errors that allowed a malicious file to gain entry into the network, and to subsequently lock up company data. Training staff to avoid such mistakes can go a long way toward eliminating all these casual cyber attacks, for instance those which gain entry to the network via emails.
All staff members should be thoroughly indoctrinated about not clicking on email attachments, and not divulging company information via emails to anyone claiming to be a company official. All it takes is one ill-advised click on an email attachment, and a ransomware file could be downloaded into your system, with disastrous results.
Another very likely candidate for data breaches are downloads which company personnel carry out from the Internet. For the sake of company security, it’s best that the majority of employees do not have the capability to download executable files like games and other applications. Because the user is initiating the download, it would pass right through a company firewall, so this is something that should be restricted to only a few people, with actual need for downloading specific files.
Promote Data Security as a Culture
The most determined hackers will research a company and its personnel for hours on end, probing for weaknesses and opportunities to develop phishing campaigns. Some of these cyber criminals will go to great lengths, monitoring social media, reading company blogs and press releases, and learning as many clues as possible about the nature of the company.
This makes it extremely important that all staff members contribute to a culture of data security, so that it’s always uppermost in everyone’s mind, and the likelihood of a lapse is significantly reduced. Part of this data security culture should entail reporting all suspicious activities noticed by individuals, including emails which seem odd, and files which cannot be identified.
With a regular meeting scheduled weekly to discuss security issues, data security will become part of everyone’s thinking process, and it will become a part of company culture. If necessary, you can even incentivize the process to where safe practices are rewarded, and any insecure practices which are identified, can be pointed out and corrected.
Automating Processes for Reduction of Human Error
The first thing you should undertake in this area is to make sure your data is backed up to the cloud. This will give you the option to access your data, even if a cyber criminal successfully penetrates your system and locks up the data for ransom. If you have full access to yesterday’s data, that data can then be restored to your system with minimal loss of business activity.
Another good process to automate would be to block all .exe files from email attachments, so that employees can’t accidentally click on them, and trigger the loading of malware into your network.
As soon as you receive updates and security patches, they should be installed right away, so as to catch the very latest Internet threats and protect you against them. If you can automate this process, it would be even better, because your protection would start much sooner.
Make sure that antivirus software is installed at all user-facing portals, and also at endpoints on the network, so that threats can be identified and thwarted. You might not catch every single snippet of malware, or every single virus coming through the system, but it will block the majority.
It goes without saying that you should also have a good firewall installed, in addition to threat detection systems which are behavior-based. Once you get all these protections in place, it’s a good idea to conduct your own version of penetration testing, which will identify any weaknesses in your overall security scheme, and will also point up any threats which could be carried out against your network.
In the constant cat and mouse game between cyber attackers and cyber security professionals, new areas of focus come into play every few months or so. Hackers continually probe for new weaknesses, and security personnel counter those moves by shoring up defenses in those same areas.
Since antivirus software has become so good at protecting networks and computer systems, hackers have had to find other ways to breach systems and carry out their insidious attacks. File-less malware has undoubtedly been developed by hackers in response to the efficiency and effectiveness of traditional file-based software and security measures. With this relatively new threat poised to run rampant, here are some things you can do to counteract infection by file-less malware.
What Fileless Malware is
Traditional malware made use of executable files that would attack computer networks, primarily by delivering executable files through phishing attempts and specific hacking efforts against systems. To counteract this, companies were forced to implement cyber security training for their employees, and to ensure that the latest antivirus software was always being installed to catch any attacks being made.
File-less malware completely bypasses the security protocols in place for an organization, and instead relies on manipulating macros in existing software applications used by a company. Powershell and other programs which have scripting capabilities are ideal, because executables can be hidden within such applications, and manipulated by hackers for their own intentions.
Hackers have also been writing more efficient code which does not drag down system resources to give itself away, through slowed performance. These kinds of in-program malware scripts have capabilities that are extremely versatile, and which can be manipulated by a hacker to collect data, to infiltrate secure or sensitive data, to monitor user behavior, and to escalate privileges, so as to make traditional hacking methods easier to implement.
Once scripts like these are in place, data can be hijacked outside the network, with no real traces of the activity which caused the hijacking. Since files are not altered in any way, the attacks very often go unnoticed, because file scanning software will not detect them. Even worse, some file-less malware operates in such a stealthy way that no immediate damage is caused to any system, but enough doors are opened for future incursions, that a longer-term weakness can be exploited sometime in the future.
Example of a Fileless Malware Attack
Reducing Your Risk of Fileless Malware Attacks
First of all, you should review your current malware detection software as well as your antivirus software, and even all email systems within the company. It could be that you encounter settings which automatically disable macros in any files which are received in. You should also check to determine whether software can use behavior-based detection methods to identify possible breaches.
To the greatest extent possible, you should shore up your endpoint security, meaning that every connected device which touches the Internet has all security patches applied and that all software is updated against attack.
The exploitation kits which are developed by hackers run in browsers, and are all hosted on websites where they have taken a great deal of time to create, which means that they seldom move around. This means that they can be avoided, so by using your antivirus capabilities to block specific websites, you can go a long way toward eliminating the possibility of having exploitation kits infect your network.
Another good measure to take in the fight against file-less malware is to make sure all staff members are aware of the best security practices. By keeping your staff alert to security possibilities, phishing attacks can be reduced or eliminated, and the risk of file-less malware attacks right along with them. Make sure your staff members understand that it’s better to speak up, when any kind of security issue may have arisen, than to be silent and allow a breach to be exploited by hacker.
Whatever kind of software you might currently be using, you might be able to emphasize the visibility of any system weaknesses you have through logging efforts. Logging might be tedious and a hassle to review every day, but it can point out unusual activity that’s worth investigating, so that any kind of breach attempt can be thwarted. Your IT team and your cyber security team can monitor all logging files created, so that any suspicious activity carried out on your network is spotted immediately, and hopefully halted before a penetration occurs.
Keeping your network safe from potential attacks by cybercriminals is a top priority for any business owner or manager who wants to avoid the disasters which might develop if a network were compromised by a clever cybercriminal. As the Internet, itself has grown, and businesses around the globe have increasing tied their fortunes to it, so too has criminal activity increased, because there are so many more opportunities to exploit businesses for monetary gain.
With every new safety measure developed by security experts, determined cybercriminals learn ways of circumventing those new safeguards, so that they can continue their money-making schemes by living off businesses developed by others. There is no such thing as an entirely safe business enterprise these days, simply because there are so many cybercriminals plying their trade, and because so many of them are extremely clever and skilled at what they do.
However, there are a number of precautions you can take which will at least limit your exposure to such attacks, and give you fighting chance of avoiding disaster by having your data, applications, or network infrastructure breached by a cyber-attack. Of course, there are some very expensive security measures you can have installed for extra protection on your network, but even those are not guarantees of safety. That being said, here are some very common precautions you can take, which will increase the likelihood that you can avoid the depredations of a cyber-attack.
Do Regular Backups to Stop Cybercriminals
One of the best things you can do to avoid having your data or applications held hostage, is to back up your data files and your applications every day. If a cyber-attacker should somehow gain access to your data and encrypt it so that it is unusable unless you pay for an encryption key, you would have no recourse but to pay the ransom amount, unless you had been backing up your data every day.
A recent survey conducted on the question of backups discovered that only 50% of small businesses routinely back their data up on a weekly basis, and that percentage shrinks to less than 23% for daily backups. When you have a backup of yesterday’s data, that insulates you against a hijacking of your data today, because all you have to do is restore yesterday’s backup and you have current data again, minus any transactions which may have occurred today. A cyber-attacker would be defeated.
Check Backup Processes Regularly
Having a regular backup routine is great, but in order for it to have any value, you have to be sure that it’s doing what you intended it to do, i.e. saving all your important data to a storage medium, from which it can be readily retrieved. Many small business managers have found that their backups weren’t really functioning properly when the time came that data needed to be restored.
When a data restore becomes critical is not the time to find out that you’ve had a problem for several weeks or several months, because crucial data may have been lost. You should also make a point of having a full understanding of exactly what is getting backed up. Obviously, the focus should be on business-critical data, but these days it’s sometimes also important to backup data which is resident on employees’ laptops because that can be just as important to business operations.
Keep Virus Protection Updated
Your first line of defense against cyber-attack is generally your firewall, so make sure your firewall is functioning properly and that it’s always enabled so that it can deflect any casual cyber-attacks. It’s also very important to make sure that your protection against viruses is as current as possible. Every time you get a security update from a software vendor, or from your operating system provider, those updates need to be applied promptly.
Since many of those security updates include protection against newly discovered viruses and security threats, they need to be applied to your system as soon as possible. Updating employee passwords regularly is also a good idea because passwords which go unchanged for long periods of time become vulnerable to interception by cyber attackers.
Check Your Transaction Logs Regularly
You should always make a practice of checking transaction logs daily for any unauthorized activity, either internal or external. It happens frequently enough that businesses which have suffered a cyber-attack could have prevented the fatal breach by regularly consulting transaction logs to discover previous break-in attempts. This should be done as a matter of routine just for normal business operations, but it can also be your first warning of an impending major cyber assault.
Indoctrinate Your Employees
It has rightly been said that in many cases, your employees are your weakest link in the security chain because they are the most exploitable. Employees who are not trained to use safe business practices and avoid security breaches are constantly being targeted by cybercriminals who are aware of the potential for exploitation.
Employees should be trained to be very cautious about opening email attachments, about providing passwords or other important company information in emails or via the social media, and they should be encouraged to change passwords monthly to protect against interception.
If you’ve been thinking that phishing attacks only happen to someone else and that the employees of your company are relatively immune from such attacks, you might want to reconsider, because phishing attacks can and do happen in the real world to companies of all sizes, and in all industries.
In fact, criminals who carry out these phishing attacks have begun focusing more on small to medium-size businesses recently, simply because there are so many more of them, and because employees at small businesses may be more vulnerable to exploitation. Large corporations tend to have programs in place which indoctrinate their employees about the dangers of phishing and other social engineering attacks, and that training helps to minimize the number of successful phishing attempts.
Small businesses, on the other hand, tend to have the attitude that they are flying under the radar and that they are not suitable targets for cybercriminals. It’s this kind of indifference and unpreparedness which makes many small businesses ideal targets for phishing attempts.
What Exactly is Phishing?
Phishing is a form of social engineering in which emails are used most commonly to obtain personal information from employees, by some individual who is posing as a manager or other person known to the company and is considered to be a trustworthy source. By impersonating a known company employee or manager, or some other company which does business with your own company, some level of trust is established as a basis for extracting information.
The object of a phishing attack is to dupe the email recipient into taking some kind of action as directed by the attacker, for instance providing login information or passwords, and sometimes even sensitive information about the company. Once the desired information is obtained, it is then used by the attacker to carry out some other malicious attack on the company which results in a monetary gain.
A Typical Real-World Phishing Attack
In a typical real-world phishing attack, a cyber-criminal might send an email to a company employee which directs that employee to pay an invoice amount to a company which has recently done business with the original company. It looks completely legitimate because an invoice would be attached, and the invoice would include details of products or services that your company would legitimately deal in.
The email is also signed by a manager or other employee who actually does work for your company, and who might typically be expected to send such emails requesting payment of certain invoices. An unsuspecting employee would, of course, be drawn in by the legitimacy of having a real-world supervisor request this invoice payment, and would then open up the invoice attachment to begin the process of arranging a payment.
In the meantime, the act of opening up the attachment could very well trigger the release of some virus which infects the employee’s computer, and by virtue of that computer’s connection to the network, the virus then is released into a much wider area, where more important information can be obtained. Of course, it would be an added bonus if the employee actually does send out the payment requested to the bogus company listed on the invoice, and that check would then be cashed by the cyber attacker who organized the phishing attempt in the first place.
How to Avoid Phishing Attacks
As you can see from the above, there are some real-world dangers associated with phishing attacks, and the harm they cause can be more far-reaching than an embarrassment to a single employee. The fact that an entire company can be affected if a virus does get installed and becomes enabled, should be all the justification you need for implementing procedures to guard against phishing attacks to whatever extent is possible.
Here are some of the best ways to protect yourself and your company against phishing attacks by cybercriminals:
- don’t use departmental emails – it’s never a good idea to use departmental emails such as Payroll Dept, Human Resources, or Accounting Department. Using these email ID’s allows the cyber-attacker or to know that the emails are being sent to the right person and that it’s much more likely the phishing attack will be successful.
- change payment language regularly – when requests for payment are issued between company personnel, the language used should be slightly altered periodically, with important keywords being subtracted out or added in. Department personnel can then be instructed to never carry out any fund transfers unless the expected keyword is contained within an email message. Since successful phishing attacks are all designed to catch an employee off guard, this kind of focus on keywords within the text will derail any phishing attempt.
- use anti-phishing software – there are a number of good anti-phishing tools available which you should consider implementing at your company. The way some of these tools work is that you can send fake phishing attempts to employees all around the company, so as to identify who is most vulnerable to falling prey to phishing attacks. This can let you know the scope of the problem you may have and can alert you to the necessity for conducting widespread training so that your employees are less susceptible to phishing attacks.
The Truth About Phishing
The unpleasant truths about phishing attacks are that they are successful far more often than they should be, and the reason for that is that the human element in any company is usually the weakest element. Businesses need to adapt to these real-world situations, and train employees to spot such phishing attacks, and to alert the appropriate personnel when one is identified. When company employees become aware of the possibility of phishing attacks, they are far less likely to be caught off guard and then become victims of those phishing attacks.
The importance of cyber security is now being stressed to the point where pretty much everyone these days is aware that there is an urgent need for it, and that literally, every company connected to the Internet could be subject to an attack. The types of attacks carried out against company networks and databases have been found to fall into several predictable categories, for which some fairly effective defenses have been developed.
This doesn’t mean that companies are now safe from cyber-attack, but it does mean that more companies are availing themselves of the right kinds of security measures because they understand what the consequences might be if they fail to do so. This being the case, many cyber attackers are now turning their attention to a more exploitable link in the security chain for companies around the world, which is the human element.
For some time now, there has been an increasing development for company employees to become the focal point of criminal attacks, because they are not usually equipped with the same kind of defenses that hardware and software can be. Humans can be tricked into making security mistakes, which can then be exploited by the criminal-minded for their own monetary gain.
Since humans do constitute another link in the corporate chain of security defenses, that is definitely an area which every company needs to consider, in order to protect itself against the threat of cyber-attack. The actions taken should include a combination of systematic education and campaigns to raise awareness, as well as encouraging employees to behave in a more secure manner.
Here are some of the ways that companies can help to make their employees less of a security risk, and instead become one of the strong links in the defense against cyber-attack.
It will be worth the time and effort it takes to canvass the entire company so that potential entry points for malicious software can be identified and remediated. One of the most obvious entry points, of course, are emails coming into the company, and this calls for thorough training of employees, so as to spot potential risks such as those emails which ask you to click on the attachment.
There are also malicious emails sent to employees where the sender impersonates a company official and asks for some payment to be sent to a vendor at the address on an attached invoice. Other impersonation attempts could be from companies which the email recipient supposedly does business, asking for payment on a recent purchase.
Whatever the weak points might be around the company for potential exploitation, these need to be identified in a campaign which seeks them out, and these should then be used as examples to employees of what to avoid.
Raising Employee Awareness of Security
Another track that your security assessment campaign should take is to evaluate the culture of your business, in terms of how effective training is, how often it’s conducted, and how it can be tailored to your company environment. When that understanding has been achieved, a suitable training program should be implemented, so that your employees are constantly thinking about cybersecurity.
The educational components should include all those possibilities which constitute cyber-attack risks, and what actions employees should take when suspicious activity is identified. Most importantly, employee training should not be a one-time operation, but should instead be something which is updated every six months to a year, and at that time, new training sessions should be initiated, so that updated material can be conveyed to employees.
There are always new and more malicious methods being devised by the criminal-minded, so that means training of employees has to be adapted periodically as well, to include all those new threats.
All usage of the company network should be periodically analyzed and evaluated to determine whether or not there has been any malicious activity occurring. Transaction logs and other sensing software should be assessed for anything that looks like a preliminary attempt at a data breach.
Things to look for in particular might be employees who are attempting to access the company network after hours, extremely large downloads of data files, and possibly individual employees spending unusual amounts of time accessing sensitive company data. Any such digital trails which strike the evaluator as being out of character for normal company business should immediately trigger a red flag, and possibly an action by a response team.
Top Management Support
It’s essential for any cybersecurity program in a company to have the full support of upper management, which means it should be more than lip service and should be a legitimate effort, which is appropriately funded and supported. When employees recognize that top management is in earnest about cybersecurity issues, they will be much more likely to adopt the necessary measures themselves.
There should also be a dedicated cyber security manager or officer within a company because this is the type of program which requires full-time implementation and monitoring. If there are multiple individuals involved in the cybersecurity program, there should be a clear hierarchy, with well-defined roles for each person in the group.
One of the most urgent priorities for all businesses connected to the Internet is making sure that all employees and staff members are trained to avoid the possibility of data breaches. The following guide will include some of the specific practices which all employees should be trained in or which they should put into practice, in order to bring about desired results.
Get Employee Buy-in
There are, of course, some things you can do to deflect viruses, and there are software measures which can be taken to take advantage of the latest security protections. However, the most effective tools at your disposal for maintaining cybersecurity are those used to obtain employee buy-in for security measures.
It’s essential for you to convince your employees of the need to be vigilant against the possibility of cyber-attack because it will impact them personally. Employees need to understand that they could have their own data compromised and that if serious harm is done to the company, that could result in an interruption of work, if not a total cessation.
If the company’s reputation is damaged by a security breach, that could lead to declining fortunes of the company and in a worst-case scenario, even bankruptcy. Making employees understand how all this affects them personally is a very important point to use as a means of obtaining their buy-in to cybersecurity.
Make Sure Employees Understand Their Roles
Employees need to understand that the majority of cyber-attacks these days are perpetrated against humans, and not through the exploitation of weaknesses in firewalls or other preventive measures. Humans can easily be duped by phishing attacks and other social engineering techniques which seek to exploit their general unpreparedness against security breaches.
Train all employees to avoid sending sensitive emails to external sources, not clicking on files which are un-validated, being tricked by phishing attempts, using the social media carelessly, and connecting to Wi-Fi with a work laptop.
Implement Digital Precautions
If your company deals with financial transactions, these should always occur with safety in mind, and every possible means of data protection should be implemented. First of all, transactions need to be conducted over a secure network, rather than using open source software for transaction processing, since you can’t be sure of software security.
If any devices or appliances in your office workplace are connected to the Internet of Things (IoT), make sure that passwords are regularly changed, and that these are strong passwords. Already, numerous attacks have been made on devices connected to the IoT, for instance transforming them into gateways to company networks.
Keep antivirus subscriptions up to date, as well as any malware subscriptions you have, and as soon as you are supplied with patches by your vendors, make sure that those patches are scheduled for the application.
Everything possible should be done to make access to your data files extremely difficult, especially information which is considered a business-critical or high priority. Create an environment where it’s easy for your employees to report suspicious activity, such as emails that don’t seem legitimate. By encouraging an open environment which emphasizes security, you can have all of your employees on the alert, and inclined to report anything suspicious at all.
Employee training should be conducted at least twice a year so that all the information provided is reinforced constantly. It may seem like a bore to employees, but that repetition will be well worth it if it thwarts a serious cyber-attack. Make sure no one is exempted from the biannual training, and that it’s tailored to specific groups within the company that has specific responsibilities because these could be subject to different kinds of security attacks.
Try to keep training sessions simple, so that they become very memorable to employees, and so the practices become more implementable. In between formal training sessions, it’s a good idea to post safety reminders at strategic locations throughout the company.
Cyber Security Reviews
It’s a good idea to review communication processes used by the company every three months or at most every six months and make sure that all company employees are receiving the security messages which are being broadcast. Make sure that you have a reporting system which identifies any security breaches, and is sure that the statistics are trending in the right direction.
There can be a lot involved with keeping employees trained to avoid cyber-attacks, and all the work involved should not be left up to the I.T. department, because typically these individuals already have plenty on their plates. If the training program is to be successful, there should be dedicated personnel to conduct the training, and there should be a formalized plan which covers several years.
In the first year of the training program, it might be advisable to keep things simple and just get training guides issued and implemented. The next year, a deeper cut can be made at instructing employees, possibly by tailoring security content to specific groups of employees and individual departments.
After those initial years, your training program might focus on quality control, obtaining employee feedback, and developing more sophisticated methods for delivering your safety messages. Throughout the entire training process, for as long as it’s conducted, all changes in the cybersecurity environment should be monitored, and it should be verified that training is kept current.
If you can provide this kind of in-depth training to your employees on a regular basis, and make sure that the content is actually useful and relevant, you will go a long way toward protecting your computing environment from attack by the criminal-minded.
Having the right connection to the Internet can be a crucial consideration for your business since both wireless and ethernet connections have advantages and disadvantages. Both of these connection technologies have their own specific levels of security, and both can provide a stable environment for your company. In choosing which one is better to implement for your particular circumstances, you should consider the advantages and disadvantages wired versus wireless security described below, before going one way or the other.
Ethernet connections are characterized by the cables which connect them to switches and routers in your network, and they allow for local area network access by all your employees. One of the advantages provided by ethernet connections is that they are recognizably faster than wireless connections because cables are less prone to any kind of interference.
If yours is a business which routinely deals with high volumes of data transmission, or if that data is deemed to be extremely critical, an Ethernet connection may be the better choice for you. Ethernet is also very reliable, or at least as reliable as all the hardware components in the network, and the Internet provider whom you are associated with.
One of the disadvantages of Ethernet is that it relies on cabling, which must be implemented all throughout your office environment in order to reach and connect every workstation which needs access. Every one of these cables must somehow reach the server room, where the Internet connection is. Needless to say, making these kinds of cabling runs can be fairly expensive, and if there are ever any kind of changes which need to be implemented, there can be another heavy expense in a re-cabling, or adding cables to the existing wiring runs.
Another downside posed by the huge physical presence of cabling is that there’s a possibility that they pose a safety threat to employees, especially when there are any cables situated within high traffic areas, or in locations where cables are not well secured, and away from common pathways.
Wireless Internet Connections
With regards to wireless security, a new set of considerations must be made. When using wireless Internet connections, the switches and routers are used to broadcast data signals, rather than using the cable connections in an Ethernet environment. Any employees needing access to the network must have approved credentials and must have authorized access to the network.
One of the great advantages of wireless connections is that they offer more flexibility than ethernet connections do. Computers in a wireless environment need not be slaved to cables, which means they can literally be taken anywhere in the company building, where the signal can still be sent and received.
Since there’s no physical connection requirement, all your mobile devices can be used to connect to the Internet in locations where a Wi-Fi signal is in effect. This, in turn, generates a great many opportunities for conducting business in the modern business environment. One of the big examples of this is the Internet of things, where literally millions or billions of devices around the globe can all be connected to the Internet without the use of any cabling, so that backend analysis and recommendations can be forwarded to the connected devices for self-improvement.
It might take more upfront time to implement a wireless network, but once it has been set up, it’s much quicker to achieve your business objectives wherever you might happen to be. This means that you can send emails while you’re on the road, rather than needing to get back to the office to access your workstation, connected to the network.
In a factory environment, decisions can be made much more quickly, because mobile access is possible from wherever a device owner happens to be, rather than having to get back to an office and get connected.
One of the downsides to wireless connections is that they are not completely reliable in all settings. They are more subject to background noise and interference, and they can experience interruptions by large buildings or other objects, which interfere with the line of sight.
This means that it may not be a good idea to implement wireless connections when your company routinely transmits large volumes of data, or when it transmits extremely sensitive data to other locations. It should be noted that these kinds of disruptions are not frequent and that they certainly don’t detract from the reliability of wireless connections, but as compared to ethernet connections, they do occur more frequently.
Wireless Security Versus Wired Ethernet Security
In terms of security for the Internet, wireless connections would have to be considered slightly less secure, even though there are a great many actions which can be implemented which will improve wireless security, and make it more robust against potential cyber-attacks.
There is also a greater possibility of users being exploited when connecting to Wi-Fi networks because they might take their laptops to hotspots in cafés or other public places, where there would be a potential for data hijacking by cyber attackers.
This, of course, could be counteracted by not allowing company laptops outside the building, but that would restrict the productivity of employees who might want to work at home, or of those who need the mobility of being able to work on the go, for instance when visiting clients.
Ethernet is simply the more secure option because data which is transmitted over cables cannot be intercepted or hijacked as easily as it can be in a wireless environment. While Ethernet is not entirely secure, e.g. phishing attacks can still be made against off-guard employees, it must be regarded as the more secure of the two connection options when compared to the factors pertaining to wireless security.
It seems that more and more these days, there are major headlines announcing the fact that another giant corporation or huge agency has suffered a breach resulting in data loss, and that thousands, if not millions of clients have been affected. This in itself can be pretty frightening for everyone who is a subscriber or a client of one of these companies, because it means that your personal data can be in the hands of a criminal seeking to use it for personal gain.
For executives of these giant corporations and agencies, it can be a nightmare as well, because it’s a huge blow to the credibility of the company, conveying the notion that inadequate security measures were being used, and that customer data was not afforded proper importance. When companies suffer a loss of credibility and reputation, that usually translates to a loss of business as well, as clients abandon the company for theoretically safer places.
Then too, there can be a much more bottom-line effect which results from a data breach, and that can be expressed in dollars. In some cases, a cyber-attacker will hold the data hostage from a corporation, and he/she will demand some ransom amount for the safe return of the data. If that business-critical data has not been properly backed up on a regular basis, the company might have no recourse whatsoever, other than to pay the demanded ransom figure, so that data can be recovered.
Small Business Attacks
All this is pretty disconcerting in and of itself, with weekly or monthly attacks garnering national attention. However, the attacks which don’t make headline news are much more common, albeit perhaps not quite so spectacular, in terms of dollar amounts and in terms of numbers of customers affected. Many cyber attackers have eschewed attacks on corporate entities because they tend to be well protected, and instead have turned their attention to the endless number of small businesses operating in the country, simply because there are so many inviting targets.
While the profits to be earned from attacking small businesses aren’t quite so impressive, the sheer number of possible targets makes up for it, in terms of volume. It has been estimated that a small to medium-sized business which has suffered data loss to a cyber-attacker will typically lose about 25% of its daily revenue, one week after a loss. One month after a data loss, the estimated daily revenue losses will have climbed to around 40%, which is more than enough to cripple most small to medium-sized businesses.
Data maintained by the National Archives and Records Administration (NARA) reveals that when small to medium-sized businesses suffer a significant data loss, which triggers a period of downtime lasting at least 10 days, more than 93% have had to file bankruptcy within a year of the incident. Even more startling, more than 50% of those companies didn’t even waste a year’s time, and they had to file bankruptcy immediately after the data loss.
Records kept by the same NARA agency in Washington, D.C. show that small to medium-size businesses with no data recovery plans, go out of business at a rate of 43% following any significant data loss. All these facts and figures should point up the critical need for data backups and data recovery plans. Those companies which think they will never be the ones impacted by cyber-attack, and which don’t take the necessary steps to prevent disaster resulting from such attacks, are the companies which very often are forced to file for bankruptcy.
There is simply no substitute for being proactive about your data protection processes, and for having a formalized plan for backup and recovery. More than this, these processes should be periodically tested to ensure that they are still valid and that they are providing maximum effectiveness against data loss. Failure to implement such safety procedures can make it much more likely that a small to medium-size business will end up as one of those statistics regarding the fate of companies experiencing significant data loss.
How to go About Protecting Against Data Loss
Data backups should occur either daily or weekly, depending on cost-effectiveness and on the volume of transactions your business accumulates in a single day. If you have a high volume of transactions every day, chances are you’ll need to have daily backups, because if your backups are no more current than last week, you will have lost a tremendous number of transactions, if you have to restore from a week ago.
Make sure that your data backups are actually saving the data that you need, and also make sure that the restore process functions as it should, in the event that you have to carry through on it, to retrieve business-critical data.
Regarding the data to be backed up, you should have a prioritized approach, which assigns the most resources to the most important data. Your business-critical data is comprised of all the customer data that you store for clients, all personal data, and all data necessary for daily operations. Company managers can determine this priority scheme with I.T. personnel so that if you do have limited resources for data backup and recovery, you can always be sure that the most important data is saved, and can be restored whenever necessary. With this approach in mind, you will ensure that any possible data loss will not be irrevocable.
An Endpoint Protection Platform (EPP) is an enterprise solution typically comprised of capabilities such as port and device control, a local firewall, and anti-malware software. One of the things which most strongly characterizes an EPP is its ability to provide anti-malware scanning, based on detection methods which rely on known signatures, in other words antivirus software.
Advanced Endpoint Protection Platforms
Some EPP platforms go a bit further than this, providing detailed monitoring of endpoint file activity, as well as the detection of suspicious or malicious behavior from such files, which may be completely missed by other layers of security. Going one step further, when this kind of suspicious activity is detected, some EPPs even provide the means of managing it.
This can be an extremely important part of any security system. The truth is that it’s impossible to be 100% protected from malware attacks, and some will break past your firewall and your antivirus software. When they do, having such monitoring of file activity on your endpoints can provide just the kind of alert that you need to spot an attack, before malware has a chance to do any serious damage.
What is Endpoint Detection & Response?
By contrast, Endpoint Detection & Response is a security system comprised of at least four major capabilities:
- the detection of security incidents
- the localization of any incidents right there at the endpoint of detection
- the ability to conduct a full investigation of any potential security incidents
- and the restoration of endpoints to their original status prior to infection.
From this it can be seen that the difference between EPP and EDR is that EPP tends to be more of a front-line defense and EDR tends to be more of a second or third line of defense. While the hope is that any Endpoint Protection Platform will detect almost all malware attacks, the EDR security provides many more tools for managing attacks which have been identified, and have already been carried out to at least some extent.
Hybrid EPP and EDR Systems
It was inevitable that security vendors would develop a package that includes elements of both an EPP and an EDR system to provide the ultimate security system. The market for such products is definitely there, because there are many small businesses and large corporations which have woken up to the dangers of ignoring security, and have now swung their security pendulums entirely to the opposite side.
You can never have too much security in place at an organization, and anything which provides a full toolkit of options is a good idea when it comes to security. For that reason, some companies now provide hybrid systems which include features of both an EPP and an EDR, so that threats can not only be identified, they can also be dealt with right on the spot.
Here are some of the features you might find in a hybrid security platform:
- threat identification using signature-based methods
- ‘sandboxing’ capabilities that perform on-the-spot analysis of files against hundreds of known behavioral indicators, to detect suspicious activity
- malware detection and blocking, using techniques such as signature matching and fuzzy fingerprinting at the endpoint prevent network breaches
- when potentially harmful files slip past the front line of defense, the secondary features can be invoked. That means a continuous analysis of files that enter the network, regardless of what their status is. If later analysis should indicate suspicious behavior, an alert can be sent to the security team, along with the recorded history of file activity thus far. Your team will have a full understanding of where such files came from and what it’s been doing once it entered your network. You’ll then also have the capability of controlling it and deciding what to do with it.
Which is Best for Your Enterprise?
Deciding which approach your company should take to protecting its valuable data assets and network infrastructure will depend on a few things – but one of them should NOT be that you’ve been immune from attacks in the past. That’s the kind of mindset which can easily make your company next on the list for a harmful cyberattack.
Instead, you’ll probably have to take cost into consideration, especially if your security budget is somewhat limited. Then too, you should consider the offerings available from a short list of vendors which you’ve prepared, or which you have been advised about by a security consultant.
Don’t forget to take into account what you already have in place, so that you won’t have to gut the system and completely replace it. Whatever you end up with, make sure to use all the information provided to you, keep it as current as possible, and back up your data files.
It’s safe to say that your API keys represent the keys to your cloud kingdom. Anyone in possession of these API keys can access your applications, hardware, and other software in a given cloud environment.
API keys, or access keys as they are sometimes known, are necessary in today’s computing environments. They provide the means to pass credentials between a cloud provider and an enterprise.
Potential for Harm When Access Keys are Stolen
Access keys are created when an organization is first setting up its cloud management services, and a great deal of damage can be done if they fall into the wrong hands. This is not just a possibility; this scenario has happened several times in the past. A cyber attacker breached OneLogin’s databases after gaining access to a set of Amazon Web Services (AWS) API keys.
There is a definite need for collaboration between organizations and cloud providers. The benefits offered in such arrangements are powerful business enablers and can help keep enterprises afloat in a very competitive landscape. That being the case, there needs to be a very solid approach to securing API keys, so that they can’t be stolen and used in criminal ways.
Some companies have learned that hard-coding API keys into their applications is a big mistake, because these can easily be intercepted. Access keys can be coded directly into applications and scripts and then forgotten about. Then they are left sitting in the applications, available to the first clever cyber attacker.
Securing Your Company’s API Keys
Here are some of the best ways to secure your company’s access keys against criminal attack:
- Identify and list all keys – there are some very good discovery tools available, which can scan your entire cloud environment for any and all API keys that may have been left unprotected. After enumerating all these access keys, you should then check any infrastructure weaknesses which may exist, and gather together all audit information relative to key usage.
- Eliminate embedded access keys – after having found all hard-coded access keys stored in your executable scripts and software applications, remove them so no one can access freely them. It’s a good idea to also cut all direct access from your own employees.
- Make your API keys secure – protect your access keys by storing them in a secure data vault with strong access controls, so that only authenticated users and authenticated applications can gain access.
- Rotate API keys – change your access keys every so often so they don’t remain static for a long period of time.
- Apply least privilege principle – use the principles of least privilege in granting access to your secure API keys. Grant access only to those entities that need them to carry out their normal functions. Also, cut any redundant permissions which were set up for the account role associated with the API key.
- Automate securing your credentials – to avoid direct access by employees, make sure that all API key access to your digital vault is automated by whatever tools and scripts are necessary to carry the process out securely. Guarantee that API access to applications is secure by using application authentication and machine IDs where appropriate.
API Keys are Necessary, but Keep Them Secure
Securing access keys may seem like a hassle, but it should be remembered that there are enormous benefits to cloud computing. It should also be kept in mind that by establishing that kind of setup with a cloud provider, a greater attack surface is made available to criminal-minded individuals on the Internet, and great care must be taken to deter their efforts.
If a cyber attacker were to gain control of your company’s access keys, they could control your entire cloud infrastructure. That would allow this person to disable any security controls and steal any sensitive company data or customer data.
Your company can avoid this doom-and-gloom scenario by following the steps listed above. When access keys are properly managed and kept as secure as possible, you can have peace of mind about the threat of cyber attackers, and can focus on leading your business to sustained growth and success.