By now your organisation should know the drill. To keep your enterprise safe from unauthorised access you take the basic precautions: create strong passwords that are not re-used and are updated frequently, use updated anti-virus software, employ host and network-based intrusion detection and prevention, data encryption, etc. etc.
However, complacency has no place in cybersecurity. Hackers are working round-the-clock to outwit your most ardent security professionals. Here are a few specific vulnerabilities that require immediate and constant attention to stay safe in a hostile security world.
Protect against burst attacks
You may be aware of DDoS, or distributed denial of service attacks. In fact, Cisco writes that these online attacks — where high-volume traffic floods a system’s servers, making web traffic extremely slow — grew 172% in 2016. But in the last few years, Cisco documents how "burst attacks", a type of DDoS attack that floods traffic in short bursts at random times over a prolonged period, has skyrocketed. They claim that in one study, 42% of the companies faced a burst attack in 2017.
Burst attacks change vectors throughout an attack, making it difficult to create a signature to block the attack
According to Radware, on-premises DDoS protection needs to adapt to counter these often less than one-minute attacks. While the majority of these solutions detect burst attacks, they write that "most of them limit the rate of bad (and legitimate) traffic to a certain threshold, resulting in a high level of false positives." One big challenge is burst attacks change vectors throughout an attack, making it difficult to create a signature to block the attack.
They recommend adopting two key solutions: 1) a behavioural DDoS protection system that utilises machine learning algorithms to identify the patterns of burst attacks, and 2) measuring the degree-of-attack (DoA) surface, which looks at the bandwidth or rate of a specific type of traffic and the percentage of a given type of traffic out of the entire distribution of traffic. If an attack rates high in both the bandwidth and percentage parameters, then it gets a high DoA surface score, showing that a burst attack likely occurred.
Prioritise network infrastructure
Nefarious actors have been exploiting both enterprise level and small/home office and residential routers For companies with in-house information technology staff, network infrastructure usually gets plenty of attention. Proper configuration, maintenance and security are often key considerations for infrastructure due to its importance to the business. What about smaller entities? Do you have a small switch or router you either purchased or leased from your internet service provider? If so, when was the last time you updated it?
In Alert TA18-106A, the United States Computer Emergency Response Team (US-CERT) shares information dating all the way back to 2015 on how nefarious actors have been exploiting both enterprise level and small office/home office and residential routers and switches. If you haven’t changed passwords and updated the software/firmware on these devices yet it should be near the top of your priority list.
Hide sensitive web pages from search engines
Search engines are an easy first step for someone looking to exploit your environment. They can conduct searches of your known web presence, looking for pages which might not have been meant for the general public but are still accessible.
Using robots.txt pages can be excluded from search engine crawlers. Entrepreneur.com suggests checking out a tutorial from SEObook.com to learn more about how you can do this. Keep in mind this will only deter the most basic attackers as more sophisticated attackers will conduct manual searches.
Update passwords on your IoT devices
Data at rest is important, but data in transit is just as important to encrypt, particularly sensitive information
It is shocking how many IoT devices are used in our daily lives, such as security and video conference cameras, cars, and smart sensors, but also contraptions you probably forgot are now connected to the internet, such as garage doors, appliances, etc. Tom’s Guide gives a good list of the many things you should remember to update.
Use encryption to protect data in transit
Encryption your data at rest – when it is stored somewhere – is incredibly important. However, your encryption efforts should not stop there. Data in transit is just as important to encrypt, particularly sensitive information.
This could include communication between your websites and applications or even just communications within your company. Unencrypted information is at risk to an eavesdropper on your network. To prevent the data from being usable to potential eavesdroppers, ensure you are using encrypted connections such as HTTPS, SSL, TLS, FTPS, etc.
