Recognizing and combating cyber crime is one of the most talked about topics in the media and in the boardroom in recent years. It is a major problem and challenge for many companies with the average dwell time (average time before a company detects a cyber breach) being more than 200 days’ highlights this as an area we do not do well. This is because not all cyber breaches are destructive in nature.
Many companies are not proactively looking for cyber breaches and only when they detect smoke do they realize the company has a cyber breach due to some of the cyber threat’s destructive nature. For example, Ransomware makes the critical data on systems unavailable until the victim pays a financial fee, typically bitcoins, to get the key that unlocks the data. These types of cyber attacks are easily detected like DDOS attacks (Distributed Denial of Service) as they make part of the company’s service unavailable. Ransomware threats have been on the increase this year and are about to pass 1 billion dollars in cyber crime.
But not all of the cyber threats are destructive and due to this many companies do not see smoke, therefore they assume that everything is okay and nothing is at risk. However, the reality is that a hacker or cyber criminal is on the network, waiting, watching, stealing data, making financial fraud typically using the credentials and accounts of a trusted insider. This is because hackers and cyber criminals in which the motive is financially or intelligence focused one of the main hacking activities is to remain hidden, stay undetected and hide any trace or footprint of their activities. These types of hacking techniques make it difficult for companies to recognize and combat cyber crime, as they are difficult to detect when everything appears to be working normally.
So what can companies do recognize and combat cyber crime and improve their cyber hygiene? Here are the tips and best practices that will help you and your company recognize cyber crime and in combating these threats.
#1 Education and Cyber Security Awareness
This is one of the most effective cyber security countermeasures and an instant win. Helping employees recognize suspicious activities on their computers such as:
• Detecting suspicious applications running, popups, warning messages, etc.
• Flagging suspicious emails (emails with attachments, sender in unknown, hyperlinks and unusual requests)
• Being vigilant when browsing websites
• Stopping and thinking before clicking on links or ads
• Ensuring websites trust before entering credentials
• Limiting activities when using public insecure Wi-Fi networks or use a VPN
By educating employees on what to look for will increase the company’s ability to recognize cyber crime early and in many cases prevent cyber crime. This should also be communicated and it will not only help the company’s cyber hygiene but will help the employee keep their own personal data secure.
Training should start at the top of the organization, working down. It is recommended to appoint a cyber security ambassador within each department to assist in the detection and incident response for potential cyber security threats and risks. This helps expand the efficiency of any IT security team while ensuring that there is someone in the organization who is responsible and accountable for implementing and maintaining cyber security measures.
For more information on staying safe online, Stop.Think.Connect – Top 8 Cyber Security Best Practices You Can’t Ignore.
#2 Collect security logs and analyze for suspicious or abnormal activities
An important activity and best practice for companies are to make sure security logs are being collected and analyzed for suspicious activities. In many situations looking at security, logs will likely identify abnormal activities. For example, looking for credential logins or application executions during non-business hours. Not only can collecting security logs help detect cyber criminal activities, but they also become hugely important when dealing with digital forensics to determine root cause analysis and help with future prevention measures.
#3 Keep systems and applications patched and up to date
By keeping systems and applications up to date and applying the latest security patches will keep most hackers and cyber criminals from gaining access to systems using known exploits and vulnerabilities. This is not a full proof counter measure but will make it more difficult for cyber criminals.
#4 Use strong passwords and keep privileged accounts protected
When choosing a password to make sure to choose a strong password, unique to that account, and change it often. The average age of a social password today is years and social media does not do a great job alerting you on how old your password is, how weak it is, and when it is a good time to change it. It is your responsibility to protect your account so make sure to protect it wisely. If you have many accounts and passwords, use an enterprise password and privileged account vault to make it easier to manage and secure. Never use the same password multiple times.
If your company is giving employees local administrator accounts or privileged access then this seriously weakens the organization’s cyber security. This can mean the difference between a single system and user account being compromised and the entire organization’s computer systems. In all Advanced Persistent Threats, the use of privileged accounts has been the difference between a simple perimeter breach and a major data loss, malicious activity, financial fraud occurring, or worst case Ransomware.
Organizations should quickly ensure they continuously audit and discover privileged accounts and applications that require privileged access, remove administrator rights where they are not required and adopt two-factor authentication to mitigate user accounts from easily being compromised.
#5 Do not allow users to install or execute unapproved or untrusted applications – Stop Malware and Ransomware at the endpoint
Another major risk that organizations have resulting from providing users with privileged access is that the user has the ability to install and execute applications as they decide no matter where or how they obtained the installation executable. This can pose a major risk allowing Ransomware or malware to infect and propagate into the organization as well as allow the attacker to install tools, which allows the attacker to easily return whenever they wish. If a user with a privileged account is simply reading emails, opening documents, browsing the Internet, and clicking on numerous links or them simply plug a USB device into the system this can quickly install infectious or malicious tools that allow an attacker to quickly gain access and begin the attack from within the perimeter or in a worse case scenario encrypt the system and sensitive data requesting for a financial payment in return to unlock them.
Organizations should implement security controls that prevent any application or tool from simply being installed onto the system by using Application Whitelisting, Blacklisting, Dynamic Listing, Real-Time Privilege Elevation, and Application Reputation and Intelligence. This is one of the most effective ways to prevent being the next victim of cyber crime.
#6 Be deceptive, Be unpredictable
A very important recommendation is to be deceptive, be unpredictable. Most organizations look to automation to help assist in their cyber security defenses, but in many this lends itself to predictability: scans are run at the same time every week, patches take place once per month, assessments once per quarter or per year.
Companies that are predictable are very vulnerable, so should establish a mindset in which systems are updated and assessed on an ad-hoc basis. Randomize your activity. This will increase your capability in detecting active cyber attacks and breaches.
Many of these best practices and tips will help companies reduce the dwell time of cyber breaches as it makes it difficult for hackers and cyber criminals to remain hidden and increases the likeness of detecting active cyber attacks. It also raises awareness in the organization, engages and involves employees at becoming an important role in detecting suspicious activities. Helping companies recognize and combat cyber crime.