It only takes one misstep to leave your data vulnerable to cyberattacks. New vulnerabilities have emerged as companies adopt new technologies and new workplace practices. Remote work, lazy password practices, and cryptocurrencies have created a perfect storm as they fight to protect their businesses.
Ransomware is the most prevalent threat to companies in this new environment. Ransomware targets your sensitive data, holds it hostage, and demands a ransom (usually in the form of cryptocurrency) in return for your data. Companies that have fallen victim to ransomware face downtime, public disclosure on shaming sites (where their data is leaked), deleted backups, and infected systems.
Other cyberattacks include electronic payment fraud and cardholder data breaches.
Electronic payment fraud has been around for years, but hackers are now targeting email takeovers to manipulate messages on the fly to capture payments. In addition, cardholder data breaches are common, often the result of skimming on ecommerce and online payment sites.
As the threat landscape evolves, so do the cybersecurity controls required to protect your business.
Doing the basics well builds a solid foundation for cybersecurity. This includes:
- Multifactor Authentication (MFA) for email and remote access
- Requires users to provide two or more identity verification methods when accessing data
- Commercial anti-virus installed everywhere
- All systems in your company must have anti-virus. You’re only as strong as your weakest link; if you have a computer left unprotected, it becomes a target for attackers.
- Patch management for operating systems, browsers, and firewalls
- Fixes vulnerabilities in the system’s software and applications
- Log retention
- Keeps track of activity on your system across all devices. This can help identify when and how the attacker got in.
- System hardening
- Minimizes the attack surface in your system to lower the risks of an attack.
- Phishing awareness exercises
- These bring awareness to what phishing attacks look like and lower the potential that your employees fall for the attack.
- Cyber liability insurance
- Provides businesses with coverage in the case of a cyberattack.
Emerging Cybersecurity Controls
To take the next step, companies can embrace the next generation of cybersecurity controls to keep their businesses safe:
- Protective DNS Services
- Enhanced MFA such as Conditional Access and Number Matching
- Perimeter Filtering Controls
- Endpoint Detection and Response Applications
- Log Analytics with SIEM and MSSP
- Cloud Backups
Control No. 1: Passphrases
The traditional way of creating “secure” passwords is outdated. Computers can now guess complex 8-character passwords such as “5p@rt3n5!” in less than 48 hours.
Using passphrases is more secure and often easier to remember for users. An example of a passphrase is “flying purple snail gallon.” Using a computer to try and guess a passphrase can take over 1,000 hours. Passphrases may reduce the risk enough that frequent password changes are unnecessary.
Here’s an example where this is effective:
Password spraying is a brute force attack using common passwords stolen from the web—often released via the dark web—to attempt to log into accounts until it finds a match. Using passphrases reduces password re-use and weak passwords, which can be especially vulnerable to a brute-force attack. Passphrases don’t require combinations of cases, numbers, and symbols to be strong.
Control No. 2: Protective DNS Services
Protective DNS services scrutinize the reputation of the server you are attempting to connect to. If the website seems dangerous, the protective DNS will return you with a “server not found” message.
Here’s an example of where these are effective:
Hackers count on users becoming numb to multiple verification steps every day to access their accounts. In a Man in the Middle attack, hackers use fake websites to mimic login screens to steal login information. Protective DNS Services prevent that from happening, blocking the fake sites from loading.
Control No. 3: Conditional Access and Number Matching
Controlling how and when an MFA method is sent to users reduces the chance that they will look past the attempt to log in.
- Conditional Access Control
- Systems realize when you actively use your accounts and only request MFA if it seems unusual.
- Number Matching
- Instead of clicking “yes” to get past MFA, the MFA will ask for a number on both ends.
Conditional access and number matching is especially effective when attackers bombard users with hundreds of MFA notifications hoping that the user will acknowledge the MFA to get rid of it. This attack relies on the traditional MFA of simply clicking “yes” to approve the login.
Control No. 4: EDR Applications
Endpoint detection and response (EDR) applications provide advanced firewalling, application whitelisting and host intrusion monitoring.
This software uses behaviors to identify potential hackers. Behaviors include attempts to run suspicious scripts, elevate privileges and exfiltrate data. EDRs stop and detect hackers with a small foothold on your network poking around looking to lock you out of your applications and data.
Here’s an example of where these are effective:
In a Living Off the Land attack, hackers use features in legitimate software such as Windows to attack instead of viruses. This avoids and bypasses anti-virus software. The goal is to blend into the network. EDRs can detect this unusual activity and shut it down.
Control No. 5: Perimeter Filtering Controls
Perimeter filtering controls allow users to implement and configure a next-generation firewall to control outbound traffic. Perimeter filter controls include:
- Blocking malware command-and-control protocols
- Content filtering, to block links to malicious websites
- Default-deny strategy for non-business protocols, which allows the bare minimum required traffic for the network
- Geographic blocking, based on region
- Remote-host reputation analysis
- Threat analytics, which provide insight into active threat actors, new attack techniques, vulnerabilities and more
Here’s an example of an attack in which perimeter filter controls are effective:
In a command-and-control server attack, hackers take control of an infected machine or network channels through a backdoor or covert channel. By doing so, they can send commands deleting backups or even shutting down networks. Command-and-control attacks are usually launched with malware installed through phishing or other common cyberattacks.
Control No. 6: Log and Event Analytics
Log and event analytics can be used to sift through data to identify potential deviations from normal activity, such as those in command-and-control attacks.
A Security Information and Event Management System (SIEM) collects and stores logs from servers, workstations and network devices. It monitors network traffic and mines the data in real time to identify suspicious events such as password guessing, scanning and suspicious applications.
Partner with a Managed Security Service Provider (MSSP) such as Sikich for upkeep of your system and security in the cloud. An MSSP offers 24/7 live review and can escalate alerts.
Control No. 7: Protection against Encryption or Destruction of Backups
Attackers will often target your backups to ensure that you don’t have access to the data they are trying to steal or lock you out of. Investing in systems such as cloud-based backups that require MFA and traditionally won’t let users delete an entire backup with a few keystrokes is a must to protect your business. Another option is to move on-premises backups to a “hardened enclave” protected from the rest of the network.
Contact Sikich to learn how we can help you protect your business. We offer a free 30-minute consultation to:
- Review your performance on the basics
- Prioritize new cybersecurity controls
- Discuss risks that have your leadership worried
- Compare your security posture with like organizations