4 Tips to Help Keep Hackers Out Featured

4 Tips to Help Keep Hackers Out
The most effective hackers keep things simple, something organisations must bear in mind.

Organisations continue to learn the hard way that when it comes to IT security, the simplest things often cause the biggest problems. A network is only as secure as its weakest link, so hackers don't need to spend the time and money it takes to develop advanced persistent threats or zero-day attacks; they just need to focus on finding the easiest ways of getting in. In other words, the most effective hackers keep things simple, something organisations must take into account.

With that in mind, here are four basic principles that attackers exploit and companies need to stay on top of in order to secure their network.

1. People Are Seen As A Weak Link
Hackers looking for a way to infiltrate a network often start with the vulnerabilities of key users — 81% of hacking-related breaches leveraged either stolen and/or weak passwords, according to last year's Verizon Data Breach Investigations Report. Worrying statistics like this should remind us that people are often the hardest part of the security equation. People are fallible and emotional, which is why even regular security awareness training has its blind spots.

Think about it — how easy is it to make somebody's emotions take over in today's world? In the age of connectivity and social networks, it's easier than ever to find professional, personal, or political information that can allow an attacker to craft personalised lures that trigger a response. Inducing such feelings can often lead to irrational behaviour, which in return can be something that can be exploited digitally. Additionally, as the lines blur between personal and professional communication platforms, it is important to make sure that security awareness training, especially when it comes to phishing, translates into the new mediums.

2. Flaws Remain Unfixed
Vendors and researchers don't always have the same goals or objectives, and security suffers as a result. There have been many cases where a researcher is forced to publish a legitimate vulnerability publicly because a vendor recognises it as a true security issue when the matter is brought to its attention privately. This leaves gaping holes for attackers to exploit.

Similarly, when the company in charge of updates is not the owner of the piece of code exhibiting a vulnerability, flaws can remain for an extended period. For example, it can take a long time for a mobilke phone provider to push an update to users after Google fixes an Android security flaw in the OS. Flaws like this will always be present, providing an entry point for even the least-sophisticated attackers to access a network.

Advertisement 
Daily Steals Up to 95% Off!

3. If There's a Mistake, It Will Be Found 
As automation continues to be a key outcome of digital transformation, the "good guys" aren't the only ones to benefit. Attackers are taking advantage of today's automated world and can easily scan for vulnerabilities. There are numerous public and paid services that allow users to explore the Internet pretty much anonymously, looking for misconfigurations that exist on anything from Internet of Things thermostats to government cloud instances.

It's no longer a question of if somebody will discover your mistake, but when (and more importantly, how long after it's been exposed). This story played repeatedly in the breaches of 2017. Amazon Web Services' S3 breach is one example. Attackers found a misconfiguration in AWS's storage buckets, which allowed public write access, enabling attackers to launch silent man-in-the-middle attacks and other hacks on a company's customers or internal staff.

It's important to remember that misconfigurations extend beyond just missing patches and default settings to things like network paths that don't need to exist, giving sweeping landscapes to monitor.

4. There Is a Big Security Workforce Shortage
In 2019, there will be a global shortage of 2 million cybersecurity professionals, according to ISACA, a nonprofit information security advocacy group. To compound the challenges caused by this lack of skilled analysts even more, the ones who are on the front lines are asked to do the impossible. They can't keep up with the barrage of alerts that come from so many sources. The flow is simply too great, and incidents are missed.

Advertisement 

When an event is investigated, security teams are using so many internal and external tools, scripts, and conversations to get the relevant context that each investigation is a long and tedious process. This combination of factors is leaving security teams burned out and companies vulnerable.

Once again, hackers are acutely aware of these challenges that organisations face. They know that simple techniques of attack will fly under the radar and may not be scored as a "priority" because analysts are too busy spending their time looking for larger, more complicated threats. It's why attackers will try to live off the land more and more, using underlying sysadmin tools preinstalled with the operating system.

What Does It All Mean?
In the end, understanding the basic principles that hackers are using to infiltrate your network is an important part of staying one step ahead of them. But remember that even the basics will change over time. The most effective thing you can do to overcome these simple, yet evolving threats is to focus on the people protecting your organisation.

These people need to understand their role in securing the environment and the overall impact of the decisions they make. Make sure analysts know what they are protecting and ensure the right controls are in place to stay focused. Finally, be certain that the security teams have the visibility and the tools they need to detect, investigate, and respond quickly and effectively.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Popular Cyber News

Top Tips to Protect Your Business Against Social Media Mistakes

Top Tips to Protect Your Business Against Social Media Mistakes

11 May, 2019

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or ...

Study Shows Extent of Cyber Risk

Study Shows Extent of Cyber Risk

10 May, 2019

A new study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well. ...

How to Secure your Azure Storage accounts

How to Secure your Azure Storage accounts

14 May, 2019

Enterprise data is growing exponentially and becoming more complicated, making it harder to manage, and an even bigger c...

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

Vodafone is Challenging Huawei Report of Telnet 'Backdoor'

01 May, 2019

Vodafone is challenging a Bloomberg report that security vulnerabilities and backdoors within Huawei networking equipmen...

Malware: Doesn't need to be new to cause serious damage

Malware: Doesn't need to be new to cause serious damage

05 May, 2019

The good news is: The development of new malware exploits has slowed significantly.

Microsoft adds Plug and Play to IoT

Microsoft adds Plug and Play to IoT

03 May, 2019

Microsoft just announced that it wants to add the advantages of Plug and Play, which allows you to plug virtually any pe...

Twitch streamers take action to secure their accounts against hacks

Twitch streamers take action to secure their accounts against hacks

30 April, 2019

Twitch has an account hacking problem.

Over 22 billion IoT devices are out there

Over 22 billion IoT devices are out there

20 May, 2019

Enterprise Internet of Things (IoT) remains the leading segment, accounting for more than half of the market, with mobil...

Lessons learnt from cyber attacks

Lessons learnt from cyber attacks

07 May, 2019

Communication about cyber attacks emerged as another key theme in the panel discussion. The SingHealth data breach under...

Categories

Home Tech Reviews UK

Mobile Tech Reviews UK

×

Sign up to keep in touch!

Be the first to hear th latest Cyber and Tech News straight to your mailbox.

Check out our Privacy Policy & Terms of use
You can unsubscribe from email list at any time