Most IT management decision makers need to rotate so many plates at the same time that there is always a risk that one of them will eventually fall to the floor and break.
About the author
Peter Mackenzie, Sophos Incident Response Manager.
The problem is that just because you participated in a cybersecurity issue or decided that it wasn’t relevant to your business doesn’t mean you can forget it all. With the sophistication and determination of attackers and the ever-evolving types of threats, we cannot afford to be vigilant in every aspect of security.
Maintaining IT security is an increasingly difficult task, but a good place to start is the many common misconceptions encountered within different organizations when investigating and neutralizing attacks over the past year. Is to avoid it.
Misconception 1: We are too small to be targeted and nothing is worth stealing
It’s easy to assume that an attacker may be targeting a fish that is larger than the tissue. Or you are in a low interest rate sector and don’t have any assets that could catch the attention of passing cybercriminals. But our experience tells us that this is not the case. If you have the processing power and digital presence, you are a potential target.
Even if hackers from North Korea and Russia make headlines, it is worth remembering that most attacks are not made by the nation-state, but by opportunists looking for a simple prey. .. Therefore, regardless of the size of your business, if you have weaknesses in your defenses, such as security gaps, errors, or misconfigurations, you can easily move on to the next step.
Myth 2: You don’t have to install advanced security technology everywhere
Some IT teams believe that endpoint security software is sufficient to thwart all threats and then does not require server security. A big mistake. Unlike in the past, any misconfiguration, patching, or protection makes the server the primary target.
A list of attack techniques designed to bypass or disable endpoint software includes human-operated techniques that exploit social engineering, malicious code that is inserted directly into memory, and reflective DLLs (dynamic link libraries). Includes “fileless” malware attacks such as, and attacks that use legitimate remote access. Agents like Cobalt Strike and everyday IT management tools. Unfortunately, basic antivirus technology has a hard time detecting and blocking such threats.
Even the assumption that protected endpoints can prevent intruders from breaking into unprotected servers is going in the wrong direction. Recent experience has shown that servers are currently the primary target, and attackers can easily find a way to use stolen access credentials.
Most modern cybercriminals have a deep understanding of Linux machines. In fact, an attacker could hack into a Linux machine and install a backdoor to hide and maintain access to the network. If your organization relies solely on basic security, it is not too difficult for an intruder to circumvent the defense in this way.
Misconception 3: A robust security policy is already in place
Yes, it is important to have application and user security policies. But once you put them in, that’s not the end of the problem. As new features are added to networked devices and cyberattackers’ strategies become more sophisticated, these policies should be constantly checked and updated.
Organizations should regularly test their cyber security policies using techniques such as penetration testing, tabletop exercises, and trial runs of disaster recovery plans to ensure that defenses are incredibly robust.
Misconception 4: Employees Understand Security
According to Sophos State of Ransomware 2021, 22% of organizations expect ransomware to hit within the next 12 months because it is difficult to prevent end-user security breaches. Training is useful, but the messages you learn are quickly forgotten.
What’s more, finding social engineering tactics like phishing emails is getting harder and harder. Messages are often handmade, accurately written, compelling, and carefully targeted.
Cyber criminals are constantly looking for new ways to catch end users unnoticed. As they intensify their efforts, you also need to increase your efforts. Educate your employees on how to find suspicious messages and what to do when they receive them. Be sure to give the contact details of the appropriate people in your team, and be notified immediately so that other employees can be alerted.
Misconception 5: Incident response teams can recover data after a ransomware attack
Unfortunately, your confidence in the resilience of the response team is going in the wrong direction. Attackers today are more “professional” than ever. With fewer mistakes and improved encryption processes, we can no longer rely on responders to find a way to undo the damage.
Automatic backups such as Windows Volume Shadow Copy are also removed by the latest ransomware. In addition to overwriting the original data stored on the disk, this makes recovery impossible if you are not ready to pay the ransom. And yet, only 8% of ransom-paying organizations can successfully obtain all the data.
As we’ve come together, IT decision makers and complacency aren’t in harmony. Too many organizations that believed it would never happen now count the costs after it happens.
Instead of sitting down and assuming everything works, you need to have full control over your business operations before anyone else does.
Five Common Misconceptions About Business Cyber Attacks
Source link Five Common Misconceptions About Business Cyber Attacks