A Cybersecurity Cautionary Tale: Overlooked Risks & Lessons Learned
Once upon a time, it was believed that a firewall and anti-virus software were all you needed to protect your business and your data from cyberattacks.
Today, that is still an all-too-common misconception, and one that puts your business at risk.
A Cybersecurity Cautionary Tale
Take the following (real-world) story:
A business had a firewall in place. Meant to be a gatekeeper and block unauthorized access to the network, in this case, the firewall was how the hacker got in.
How did the firewall fail? The firmware wasn’t receiving security updates, and this vulnerability allowed a hacker to breach the company’s network.
Once inside, the hacker was able to connect to the company’s server and gain access to their data. The hacker remained on the network for a while, quietly exploring, learning about the company’s systems, and planning the attack.
The business didn’t know there was a problem until the hacker initiated the attack, encrypting all of the data files and demanding a significant ransom to release the files back to the company.
What Happened? Identifying Vulnerabilities
When we were called in to help the organization respond to the attack and recover their data, we discovered numerous vulnerabilities that enabled such a thorough attack.
First, of course, was the unsecured firewall. Additionally, we found that…
- Breached corporate passwords were listed on the dark web.
- A single password was in use across multiple administrative accounts.
- The backup system lacked the redundancies, retention, and security measures needed to withstand the attack and offer true data protection
Together, these vulnerabilities allowed the hacker into the organization’s network, server, databases, and backup, with no indication that anything was amiss.
Lessons Learned
Preventing the breach
Keep your firmware patched and up to date. It’s predicted that 70% of organizations without a plan to upgrade their firmware will be breached by 2022 due to firmware vulnerabilities.
If you connect it, protect it. Every device connected to your network represents a potential entry point for hackers. Are your devices receiving regular security patches and updates? Overlooked, outdated firmware and software are open doors just waiting to be exploited.
Implement password policies. Up to 73% of passwords in use are duplicates. That means that a data breach from one company can compromise every account that reuses the breached passwords. Password policies set organization-wide rules about password strength, complexity, and the frequency at which end users are required to change their passwords.
Enable multi-factor authentication. One simple and highly effective way to prevent hackers from exploiting breached passwords is to turn on multi-factor authentication (MFA). Also known as two-factor authentication (2FA), MFA requires multiple forms of verification in order to sign in to an application or account. For example, in addition to providing your username and password, you may also be required to enter a one-time passcode sent via email, text message, or push notification.
In the story above, MFA would have prevented the hacker from using the breached password to access the company’s network in the first place.
Mitigating the risk and avoiding the ransom
Ensure that your backups are secure. Data backups often provide a false sense of security, as simply having a backup doesn’t always mean your data is truly protected. In the story above, because credentials were reused across the IT environment, the hacker was able to access the company’s backup and erase all of their seemingly secure data.
How confident are you in your data backup? Are you sure it works? How often is data backed up? Where are your backups stored? How quickly can you recover your data from your backup?
These are some of the questions we ask when we help organizations develop their business continuity plans. We recommend your backup to be performed every 30-60 minutes—and then we test it to ensure it works. We also recommend a secure, off-site backup location that can’t be accessed from within your network or with breached credentials.
With a comprehensive business continuity and disaster recovery solution, data could have been restored from a secure off-site backup.
Detecting and responding to the breach
Don’t forget detection and response. Time is a dangerous gift to give a hacker. No one wants to experience a breach, but the damage can be minimized if a breach is caught early. When you rely on firewalls and anti-virus software alone to protect your data, you have no way to know that a hacker has found a way into your network and no way to contain the threat before it spreads.
Managed detection and response (MDR) solutions identify breaches in real-time and isolate the affected device(s) to protect the rest of your network.
The (Often-Overlooked) Key to Your Cybersecurity
A cybersecurity plan is incomplete if it overlooks your end-users and the role they play in keeping your organization safe from cybercriminals. Cybersecurity awareness across your organization is key to ensure that end-users know how to spot and avoid common cyber scams intended to trick them into giving up their passwords (remember all those re-used passwords?) or downloading malicious files.
Nearly one-third of data breaches involve phishing scams, which try to lure unsuspecting users into providing sensitive data that hackers then use to breach your systems or network. Do your end-users know how to spot an email scam?
We provide cybersecurity awareness training to our customers to help their employees understand cybersecurity basics and best practices. We then reinforce that training through activities such as phishing simulations, which test users on their vigilance in identifying suspicious emails.
Don’t let your company’s tale be a tragic one. Equip your business—and your employees—with the solutions and know-how to stay safe from cybercriminals, and avoid the costly disruptions of downtime or, even worse, a ransom for your data.
Do you know where your cybersecurity vulnerabilities are? As your managed security service provider, Prosource will identify your risks and work with you to implement best-in-class solutions to prevent, detect, and respond to internal and external threats—from dark web scans and phishing simulations to network and endpoint monitoring, business continuity and disaster recovery, managed detection and response, and more.