Most IT management decision makers have to rotate so many boards, each and every one at the same time, that there is always a risk that one of them will end up falling to the floor and breaking. About the Author Peter Mackenzie, Incident Response Manager, Sophos. The downside is that just because you've dealt with a cybersecurity issue or decided it's insignificant to your business doesn't mean you can just forget about it. With the increasing sophistication and determination of attackers, and the ever-evolving genre of threats, you can't afford to let your guard down with any aspect of security, even for a moment. Although maintaining IT security is becoming increasingly difficult, a good place to start is to avoid a number of common misconceptions, all of which have been encountered in a wide range of organizations when investigating and defeating attacks. throughout the past year.
Misperception 1: We are too small to be purposeful and truly have nothing worth stealing
It's easy to think about attackers targeting fish bigger than your organization. Or that you're in a low-interest industry and simply don't have any assets that might attract the attention of a passing cybercriminal. But our experience tells us the opposite. If you have processing power and digital presence, that's a potential purpose. It should be remembered that while North Korean and Russian hackers grab the headlines, most of the attacks are not done by nation states, but rather by free riders seeking simple prey. So, no matter the size of your company, if you have weaknesses in your defenses, such as security holes, bugs, or misconfigurations, you could easily be next.
Misperception 2: We don't need advanced security technologies installed everywhere
Some IT teams still think endpoint security software is enough to thwart any and all threats and therefore don't need security for their servers. Big miss. Unlike in the past, any misconfiguration, patch, or protection makes servers a prime target. The list of attack techniques designed to bypass or otherwise disable endpoint software includes those exploited by humans exploiting social engineering, malicious code injected directly into memory, "fileless" malware attacks, such as DLL files. reflectors (library of active links) and attacks using lawful shadow access. . agents like Cobalt Strike, as routine IT management tools. Unfortunately, basic antivirus technologies are going to have a hard time detecting and blocking such threats. Even the assumption that protected endpoints can prevent intruders from accessing unprotected servers is incorrect. Recent experience teaches us that servers are now a prime target and that attackers can easily find their way using stolen credentials. Most of today's cybercriminals have a solid understanding of Linux machines. In fact, attackers can hack and install backdoors into Linux machines to hide and maintain access to your network. If your organization relies only on basic security, intruders won't have too much trouble getting around your defenses in this way.
Misperception 3: We already have strong security policies in place
Yes, it is essential to have security policies for applications and users. But when you have them on your site, that's not the end of the topic. These policies must be continually reviewed and updated as new features and functionality are added to network-connected devices and as cyber attackers' strategies become increasingly complex. Your organization should regularly test your cybersecurity policies, using techniques like penetration testing, table top exercises, and testing your disaster recovery plans to ensure your defenses are as strong as you'd like them to be.
Misconception 4: Our employees understand safety
According to Sophos State of Ransomware XNUMX, XNUMX% of organizations think they will be hurt by ransomware in the next XNUMX months because it is hard enough to prevent their end users from compromising security. Training helps, but learned messages can be quickly forgotten. On top of this, social engineering tactics such as phishing emails are becoming increasingly difficult to spot. The messages tend to be handcrafted, precisely written, persuasive, and carefully targeted. Cybercriminals are continually finding new ways to trick end users. As they accentuate their sacrifices, you must accentuate yours as well. Educate your employees on how to report suspicious messages and what to do when they receive them. Make sure they have the contact details of the right person on their team to notify, and that they do so immediately so other employees can be alerted.
Misperception 5: Incident Response Teams can recover my data after a ransomware attack
Unfortunately, his confidence in the response team's restoration powers is imperfect. Today's attackers are more "professionals" than ever. They make fewer mistakes and the encryption process has improved, so you can no longer trust your responders to find a way to fix the damage. Automatic backups, such as Windows Shadow Volume Copies, are also suppressed by most modern ransomware. Aside from overwriting the original data saved on the drive, it makes restoration impossible if you're not already ready to pay the ransom. And also, even then, only eight percent of organizations that pay the ransom successfully recover their data. As you understand, IT decision makers and complacency don't mix. Too many organizations that thought it could never happen to them now count the cost once it happened. Instead of sitting back and accepting that everything is going to be okay, you need to take full control of your business before someone else does.