Gone are the days when organizations thought that if they installed and regularly updated end-user antivirus software, they were secure. Cyber criminals and target attackers always find ways to install Trojans on your network.
Recently, in one of the attacks, a cyber espionage group installed a RAT (Remote Access Trojan), which is weaponizing malware that payloads with 0-day exploits. This sort of APT (Advanced Persistent Threats) has caused the enterprises across globe to revisit their border security and envisage the internal security. It’s been proven that no organization is 100% secure and getting away from zero day attacks isn’t possible. Some say it’s like a cat-mouse race.
Organizations should not be unfazed by reality. They should no longer believe their security is tight and attackers aren’t smart enough to invade their environments. To counter and reduce the attacks, there are certain areas where enterprises should focus and be vigilant.
Here are 7 effective ways to secure your end points:
1 – Password Security: Enterprises have to monitor the security logs of users. At the same time, clipping levels have to be set. An effective password management tool, which not only improve the productivity, can have significant roles in reducing operations costs. However, organizations can dive further while taking steps like the integration of “top 10” forgotten passwords, violated users etc. with internal monitoring systems. We’ve heard of Adobe’s data breach in 2013, where ~150 million encrypted passwords were leaked, creating one of the biggest crossword puzzles of all time. It didn’t take long for a cyber attacker to crack it, and, within no time at all, a list of the 100 most commonly used passwords were released.
2 – Training and Phishing Awareness: Phishing is one of the most common ghosts, being popular for long time – particularly in money laundering schemes. However, it’s been observed that disgruntled employees and cyber attackers use various techniques including shoulder surfing, dumpster diving and social engineering etc. prior to an attack. To counter these sorts of attacks, enterprises can test fake phishing attacks on victims, based on various anomalies. Once the results are analyzed, users may be trained and educated on potential threats and how to curb attacks.
3 – Mobile Devices: Enterprises want applications to be available to users around the clock and users want to access through handheld devices like Smartphones. This not only provides effectiveness and improved productivity (shorter response times), but it creates many loopholes that are inviting to cyber attackers. It’s paramount to protect the data lying in handheld devices by implementing a BYOD policy, preventing local storage of secure corporate data on personal devices (containerization), and protecting data-in-motion with some form of encryption.
4 – Connectivity Security: WiFi security is very vulnerable to attacks, whether employees work from home, the office or even a local coffee shop. It’s imperative for end users to understand the risks associated with wireless networks, particularly “evil twin” and “war driver” attacks. To defend attacks and create secure access, SSL/TLS VPN’s with additional layers of security, must be used. The encryption prevents the war driver from reading your communications, and thus secure the information.
5 – Data Protection: With companies using more outsourcing in their core operations, there’s an increase in temporary staff. This, in turn, results in greater movement of data and higher risks of security compromises. Of late, the next challenges are with disgruntled employees, who steal and then sell the sensitive data in black market. It doesn’t stop here: non-adherence of compliance can lead to hefty penalties and defame a company’s brand name. It’s imperative to use tools and technologies, such as DLP’s, to counter defend.
6 – End Point Hardening: End Points are most vulnerable to attacks if they’re not hardened properly. To counter defend, end points have to be updated with service packs and hotfixes. Companies must enable security settings, use with fine-tuned security policies and provide continuous auditing. The kind of threats posed by uncontrolled end points in an enterprise network are often ignored because most people aren’t really aware of the security risks involved. Therefore, educate employees and administrators – and hopefully, the risks will be reduced.
7 – Proactive Response and Investigation Teams: Last but not the least – the war room of any organization is the Security Operations Center (SOC). The SOC is responsible for the day-to-day security operations and, at the same time, responsible for investigations in case of disaster. Here, I suggest you have three layers of security. The first is the Monitoring and Management team, who will adhere to SOD (segregation of duties). While the Monitoring team will have L1 sorts of resources, they will be primarily responsible for monitoring the security logs and well-equipped with SOP’s (Standard Operating Procedures). Subsequently, this will enhance productivity, while enabling focus on identifying the critical logs based on various parameters and reduce false positives alerts. The next layer is L2, which will be responsible for configuration, change, incident and problem management. The last layer in the team is L3, which will be responsible for troubleshooting and vendor case locking. I believe this will not only ensure smooth operations, but assist in pro actively response to alerts.