Cyberattacks on businesses are often perceived as occurring due to threat actors discovering arcane methods of entry into enterprise networks utilising complex hacks. This may be true for some cyberattacks, but reality is rather mundane for most threat activity – enterprises are often compromised due to easily avoidable security gaps:
- The WannaCry ransomware, that took just 4 days to impact 250,000 devices across 116 countries, spread through a vulnerability that had a patch available; more than 95% of affected devices ran unpatched versions of Windows 7
- The state of Colorado in the USA had to declare a state emergency following a ransomware attack that occurred due to a temporary server going live without any standard security controls
- Hackers who compromised The InterContinental Hotels Group were able to access the most sensitive parts of the group’s computer system because a password vault used by 200,00 employees had Qwerty1234 as its password
- The LastPass cyberattack was possible due to a senior engineer connecting to restricted work areas through a home computer that ran a media server which had an exploit that was addressed 75 versions ago
- The Colonial Pipeline attack, which disrupted fuel supply in the USA, was caused by a reused password
It is clear that small (but critical) security gaps can have big consequences and, therefore, big consequences can often be avoided by following simple yet highly effective cybersecurity best practices.
Cybersecurity Essentials for Businesses
Before you begin worrying about the consequences of a cyberattack or investing in big budget solutions, ensure that these cybersecurity measures haven’t been overlooked:
- All Endpoints Must Be Protected – As seen from the example of Colorado, discussed above, one unprotected device can result in a highly disruptive cyberattack. All endpoints that connect to your business network must be secured with robust endpoint protection such as K7 Endpoint Security which even protects devices running on legacy platforms. If you are not sure of how many endpoints connect to your network, consider performing a cybersecurity audit to identify all devices that are accessing your business network
- Install All Patches – When a vendor releases a patch, threat actors immediately become aware that the hardware or software has a vulnerability that requires patching and they look for organisations that use such hardware or software to exploit the vulnerability before the patch is applied. Attacks on users of JetBrains TeamCity began just hours after vulnerability information was revealed, indicating that patches must be applied as soon as they become available to avoid attacks
- Enforce Password Hygiene – Passwords are the keys to your enterprise’s digital assets and, like any other key, they cannot maintain security if compromised. We know that passwords should be long and a mix of different characters, and must never be reused or recycled. Enforcing these rules is critical to preventing cyberattacks
- Deploy MFA – Multi-Factor Authentication (MFA) adds an additional layer of security to credentials, and enables the business to remain secure even if a password is compromised. The Change Healthcare cyberattack, which disrupted healthcare across the USA, could have been prevented if a server had the additional protection of MFA. All critical information assets should be protected through MFA
- Enforce Least Privileged Access – A user should have the least access privileges they require. This ensures that even if the user’s credentials are compromised, the attacker will have limited access to enterprise resources. If a user requires additional privileges occasionally, the special privileges should be granted only when required and removed as soon as the task is completed. Users who require elevated privileges frequently present an even greater risk: the attack on CPI, which resulted in the payment of about $500,000 as ransom with only a quarter of the company’s computers functional 6 weeks after the attack, was caused by a domain admin clicking on a malicious link while logged in. Administrators should have 2 user accounts: an administrator account with administrator privileges which they use only for tasks that require elevated privileges; and an account with restricted privileges that they use for all other tasks
- Deactivate Old User Accounts – User accounts that are no longer in use due to the user leaving the organisation should be deactivated as part of the user’s exit procedures. Threat actors can compromise and use dormant user accounts to launch attacks as such accounts are usually not monitored for unusual activity, and threat actors may specifically look for such accounts as organisations are known to have dormant but active user accounts
- Secure APIs – APIs that are open, with no authentication required for API requests, allow any user, including a threat actor, to access confidential information or exploit vulnerabilities. Vulnerability Assessment and Penetration Testing (such as K7 VAPT) can be used to identify such open APIs
- Harden the Firewall – A network firewall controls the flow of data in and out of the enterprise network and, therefore, an incorrectly configured firewall can lead to a data breach. Threat actors are known to look for open ports and even modify firewall rules to enable data exfiltration. The Medibank cyberattack, that is expected to cost $40+ million to remedy, was partly caused by a misconfigured firewall. Firewall hardening customises the firewall configuration to suit the requirements of the organisation, ensuring that business needs are met while malicious data traffic is blocked
K7 Security provides comprehensive enterprise cybersecurity solutions including endpoint security products, network security devices, and cybersecurity services, to secure enterprise operations. Contact Us to know more about how we can help you protect your IT infrastructure against devastating cyberattacks.