It would be strange to write a post on cyberattacks without referring to the current global situation. For the first time, we are facing two parallel wars: tanks and guns on one front and cyber weapons on the other. Right now, it seems that one side is mainly attacking with physical force, while the other is attacking with digital manoeuvres. We have no intention to discuss the traditional type of warfare in this report. We are more interested in the issue of cyberattacks. What are we going to do about them? How are we going to deal with them as a society?
Just over a month ago, Slovenia was hit by a cyberattack that could not go unnoticed. The attack on the media house had an immediate impact on end-users, as the broadcasting of programmes was disrupted. We could feel the effect of cybercrime on a massive scale; the kind of cybercrime usually hidden from the eyes of the public and resolved within targeted organisations.
We should be aware that hackers usually do not enter an organisation by brute-forcing their way into the core infrastructure. On the contrary, they are typically friendly virtual colleagues, employees in IT departments, even superiors. Most of the time, they enter the company through a malicious link in an email message sent to thousands of addresses. The odds that at least some of them will get trapped are pretty high.
Message #1: Anyone can be a victim of cyberattacks
Regardless of your position, what industry you’re in, how big your company is or how many branches you have. There is always a chance that a cyberattack will hit you. However, some industries are more vulnerable than others. The level of exposure is often related to the situation in everyday life and the value of the data that organisations store. Healthcare institutions have been the hardest hit since the beginning of the Covid-19 pandemic, and tensions between Russia and Ukraine have pushed the energy and financial sectors higher up the risk scale.
The most common attacks that we experience in real life are:
- identity theft,
- spear phishing,
- malicious spam,
- malicious websites and applications that allow an attacker to enter a user’s device.
There has also been a shift in attack vectors in the era of the Internet of Things and the integration of businesses through cloud services. Whereas hackers used to focus on victims within the company they wanted to attack, they now scan the entire supply chain before launching an attack. As smaller companies typically have fewer mechanisms to manage cyber security, attackers may primarily target this part of the chain of connected companies. Afterwards, they move up the chain to the company they really want to attack.
Message #2: Everyone can get protected
Fortunately, there are many tools for (automated) protection against attacks. Monitoring potential threats in this way can significantly improve the efficiency of your IT team. Some mechanisms are easier to implement; others, such as SIEM and DLP, require strategic planning and represent a major intervention in the IT infrastructure.
We recommend that you implement at least the following two solutions, which usually do not require a major financial investment but can certainly significantly improve your cyber security:
- Implement multi-factor authentication and a strict password management policy
Enforce strong passwords for business applications; passwords should contain upper and lower case letters, numbers, special characters and should be adequately long. Wherever possible, implement two-factor or multi-factor authentication for accessing business applications. A password known to the user should be complemented by a second factor: either fingerprint authentication, facial or voice recognition, or a one-time password from a dedicated authenticator. As a last resort, if there is no other way, implement at least an additional password sent by SMS, although even SMS passwords can be misused.
- Ensure ongoing social engineering training for employee
Given that social engineering attacks are the most successful method of gaining entry to a business network, employee training is undoubtedly one of the most reasonable investments in the IT field. The best training programs test your users with various simulated authentic attacks and provide reporting and statistics for completed training sessions. This offers you an opportunity to monitor your employees’ progress and identify areas where improvements are still needed.
Message #3: Get the most out of cyberattacks
The fact is that you can be a victim of a cyberattack despite all the implemented security solutions. In recent times, you are most likely to fall victim to ransomware. In this case, you will either be left with no data or pay a hefty ransom. Neither of these is pleasant, and it certainly contributes to a certain amount of instability in the organisation. Therefore, you shouldn’t pretend nothing has happened but address the situation accordingly. Since entrepreneurs are driven by resilience and determination, you can also learn a lot from a hacker attack.
It is crucial to investigate and understand why the attack happened. Your IT department will retrace the attack path (independently or with the help of external experts) and investigate where the attacker entered the system. This path will reveal specific vulnerabilities in your system. But not all of them.
Once you have remediated the immediate consequences of the attack and restored the system to normal operation, you should undertake a thorough review of your entire IT environment.
- Review your internal policies on cybersecurity management, update them if necessary or introduce new ones.
- Test the resistance to hacker attacks with a penetration test. If your IT system includes web or mobile applications, make sure these are tested as well.
In all areas of life, prevention is better than cure. In the cyber world, even more so. Regularly testing your cyber security will protect your IT system from intrusion before a cybercriminal exploits its vulnerabilities.
When automation offers support …
Luckily, state-of-the-art tools are available on the market that can help you check for vulnerability resilience and validate cybersecurity. One of them is Pentera security validation platform that runs automated penetration tests and regularly validates your security posture.
A penetration test helps identify vulnerabilities and offers the foundation for ranking vulnerabilities and giving recommendations.
Since users are the most vulnerable part of IT systems, regular security awareness training is crucial for a stable security posture.
Automated penetration testing with Pentera assures daily security validation of exposed networks, users, devices and applications.