Recent large security incidents like the Microsoft Outlook breach and the SolarWinds hack are putting cybersecurity in the public eye and prompting government intervention. Highly funded and persistent threat actors are a serious concern, but in many cases, a breach can be prevented if the proper security measures are in place.
Preventing a data breach is far better than cleaning up after the fact, and sometimes it can be frustrating knowing a simple solution or a more proactive plan could have stopped a breach. If we want to start preventing and mitigating attacks more effectively, the IT community must answer an important question: What can we learn?
There are at least three helpful principles that organizations can act on to keep their systems, data, and personnel safe from cyber attacks.
No one is immune.
It is important to have a realistic view of cybersecurity threats. The nature of technology is constant change. Attackers find new vulnerabilities, these vulnerabilities are fixed, and the cycle continues. This is why companies should have versatile security programs that can be adapted to address new threats; policies, risk mitigation plans, and software solutions should be scalable and responsive. This is also why regularly patching and updating systems is crucial. As time goes on, flaws on specific versions of apps and operating systems become more well-known and therefore more likely to be exploited.
Large-scale security breaches are a sobering opportunity for companies to evaluate their security posture and fix any issues. If a tech giant like Microsoft can be compromised in a cyber attack, then it can happen to anyone. This should be a wake up call not just for companies that have obvious security gaps, but also for large enterprises with stricter security. Big targets might be more difficult to infiltrate, but it is clear that there are entities with the motivation and resources to do so.
DriveStrike
Data Breach Protection
Big gaps might have simple fixes.
Some of the most detrimental security vulnerabilities can be solved in relatively simple ways. A big vulnerability in many businesses is a lack of security awareness among employees. Attackers can bypass many technical security provisions if they can get employees to disclose login credentials by impersonating someone they trust. The SANS Institute breach that occurred last year demonstrated the effects of just one employee being tricked by an attacker.
Social engineering attacks can often be thwarted through clear policies and frequent training, which are far easier to implement than breach containment and recovery. Here are other simple security measures that organizations can start implementing immediately to close gaps:
- Complex passwords
- Multifactor authentication
- Session timeout
- Disable unnecessary network ports
- Mobile Device Management
- Frequent patching & updates
- Clean Desk policy
- Principle of least privilege
- Encryption
Prevention must be multifaceted.
When protecting an organization, it is important to consider every attack surface. Networks, communications, devices, physical records, and everything else that contains confidential data must be secured. The goal is to find and fix any vulnerabilities before they can be exploited. An attack could come from anywhere, so a well-rounded program will likely involve policy, training, and several different solutions.
While attack methods vary widely, there are some common motives which can give us a clue about which areas of a company might be at the most risk. Most attackers are after some kind of private data, so any organization that collects or processes private data must take serious measures to protect it. All types of sensitive data — credit card numbers, social security numbers, medical history, passwords, proprietary information, or a multitude of other things — are valuable to malicious actors and are at risk for compromise.
The best place to start increasing protection is wherever the biggest weaknesses are. It might be solved with one of the implementations listed above, or it might require something more intensive like securing the supply chain. At the end of the day, security needs to be a top priority for any organization hoping to avoid the immense consequences of a data breach.
About DriveStrike
DriveStrike provides device & data protection for all major operating systems. The main features — Remote Wipe, Lock, and Locate — enable companies to protect sensitive data on devices that are stolen or otherwise compromised. DriveStrike also integrates BitLocker encryption for Windows machines, as well as advanced Android EMM capabilities.