IT Best Practice Recommendations for Cybersecurity - Intrusion Prevention

‍

In today's increasingly interconnected digital world, cybercrime has become a pervasive and persistent threat. Year after year, hackers relentlessly target vulnerable business systems, leading to a surge in successful cyber attacks.

But what motivates these cyber criminals to engage in such illicit activities, and how can organisations like yours protect themselves from such threats?

In this blog, we'll take a close look at the motivations behind cyber attacks and explore some of the essential cybersecurity practices that will help to safeguard your business.

Motivations Behind Cyberattacks

Cyberattacks are executed with a myriad of intentions, with some of the most common motivations being:

• Financial Gain: Perhaps the most notorious motivation, cybercriminals often seek financial gain. Ransomware attacks, in which hackers encrypt critical data and demand a ransom for its release, are a prime example of this.
• Exploitation of Personally Identifiable Information (PII): PII, when stolen, can be sold on the Dark Web, leading to identity theft and a host of fraudulent activities.
• Intellectual Property (IP) Theft: Businesses invest heavily in research and development. Hackers may target IP to gain a competitive edge or sell it to the highest bidder.
• Geo-political Gain: In state-sponsored attacks, hackers target foreign institutions to gain a political advantage, access sensitive information, or disrupt operations.

Most Common Cyberattacks:

Understanding the motivations behind cyberattacks is crucial, but it's equally important to be aware of the methods hackers use to achieve their goals. Here are some of the most common cyber attacks:

• Malware: Malicious software designed to harm operating systems and networks is a prevalent threat. Malware can infiltrate systems, steal data, or disrupt operations
• Denial-of-Service (DoS) Attacks: These attacks flood a network with data packets, overwhelming it and disrupting services. E-commerce websites are often targeted in these attacks
• Phishing: Cybercriminals use various channels, such as email, SMS, phone calls, and social media, to trick individuals into taking actions that are detrimental to them or their organisations
• Spoofing: In this technique, hackers disguise themselves as trusted sources, making it challenging to identify malicious activity
• DNS Tunnelling: Leveraging Domain Name System (DNS) queries and responses, hackers can bypass security measures and inject malicious code into a network
• Man-in-the-Middle (MitM) Attack: Hackers insert themselves between two parties engaged in a data transaction, allowing them to filter and steal data
• Compromised Username/Password: Cyber criminals obtain user account credentials and gain unauthorised access to corporate networks or cloud-based systems

Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a corporate network. Cyber security mitigation techniques are available to reduce the risk associated with all types of cyberattack vector.  

Key Cybersecurity Failings

To effectively combat cyber threats, organisations must be aware of and address the key cybersecurity failings that hackers often exploit, these include:  

Remote access, lack sufficient controls to prevent unauthorised individuals - During recent years, cybercriminals have been targeting remote access technologies in order to compromise a network. Hackers will acquire a set of legitimate user credentials and get direct access to a corporate network (typically via RDP).

Outdated Software - Unpatched software may allow an attacker to exploit publicly known vulnerabilities to gain access to sensitive information, launch a denial-of-service attack, or take control of a system. This is often the first attack vector cybercriminals will explore when looking for ways to compromise an organisation.

‍Strong password policies are not implemented - Cyber actors use brute-force attacks to exploit weak passwords, particularlytargeting Remote Desktop Protocol (RDP) and cloud-based applications.

Phishing attacks – One of the most common ways in which a fully-fledged cyber attack can begin is through simple human error. Cyber criminals initiate attacks by tricking unsuspecting users into revealing sensitive information, such as their username and password or perform an action which is not authorised, for example transfering money or handing over confidential information.   

Inadequate Backup Strategies: Organisations often struggle to recover from cyberattacks due to poorly managed backups, data corruption, or the absence of backups for critical assets.

Mitigation

To strengthen network defences and mitigate cyber risks, organisations should consider apllying the cybersecurity best practices listed below. Please note, many of the below recommendations require no additional cost to implement and should be seen as IT security best practices which are operationally managed, they include:

Adopt a zero-trust security model which means always assuming a login attempt could be malicious whether on the corporate LAN or remote access. Best practice implementation involves always checking authentication, preferably at multiple levels (e.g. end user credentials and device authentication). Access to all network points, applications and devices should always be designed to request authentication before access is granted.

Limit the ability of a local administrator account to log in from a remote session (e.g., deny access to this computer from the network) and prevent access via an RDP session. Meaning accounts with administration privileges can only be used on the corporate network or from a device which has a legitimate VPN. As an additional measure, dedicated administrative workstations for privileged user sessions can be implemented to further limit exposure. Accounts with admin privileges should also ideally be standalone accounts (no user accounts should be assigned admin privileges).

Control who has access to data and services as an extension to zero-trust. This means giving personnel access only to the data, rights, and systems they need to perform their job. This role-based access control (RBAC), should apply to both accounts and physical access. If a malicious cyber actor gains access, RBAC limits the access any hacker has to the network to the individual account that has been compromised.  

Regular patching for externally-facing software. Unpatched software has within it known code vulnerabilities which can be seen by hackers and therefore exploited. Any externally facing software should be ideally patched within 14 days of the vendor releasing the vulnerability patch, (if operationally feasible). The longer software remains unpatched, the higher the likelihood it will be exploited by malicious actors during a cyberattack.  

Implement MFA on all VPN connections, external-facing services, and privileged accounts at a minimum. This is the most cost-effective way to significantly improve overall cybersecurity posture.  

Change default passwords of equipment and systems upon installation or commissioning

Verify that all machines, do not have open RDP ports by placing any system with an open RDP port behind a firewall and require users to use a VPN to access it through the firewall

Ensure backups are immutable, stored off-domain and off-network, meaning backups cannot be deleted and are located in a repository which is completely separate to the production infrastructure. This approach is critical in preventing cybercriminals from damaging backups should they penetrate the corporate network

Implement password policies that require a minimum of 15 characters, preferably containing alphanumerical and special characters. Administrators should also enforce account lockouts after numerous failed login attempts

Implement a cyber awareness and phishing training programme, this will increase the vigilance of the workforce to be able to identify when they are potentially being targeted by a phishing attack

Implement DMARC policies on email which is a default configuration within an email system. Domain-based Message Authentication, Reporting, and Conformance (DMARC) can automatically block or quarantine emails from potentially malicious sources

These mitigations are not exhaustive, but will significantly enhance any organisations cyber security posture when correctly implemented.

Still concerned about your vulnerabilities – Get the Facts About Your Cyber Security today.

Test your security posture against the latest cyber threats with a FREE Cyber Risk Assessment from TIEVA.

A risk assessment will show how susceptible you are to modern-day cyber attack techniques to help you prioritise improvements and develop a roadmap for strengthening your security posture.