Some of the most common vulnerabilities that hackers exploit are from a lack of prevention rather than reaction. As your IT architecture changes, new applications and websites come online, end users and IT team members come and go, diligence is key to maintaining your cyber security posture.
With the added disruption of the current COVID-19 healthcare crisis and the hurried modifications recently made to your network architecture, evaluating cyber security couldn’t be more important.
Here are 6 real-life cyber security exploitation scenarios that we see again and again with some tips on how they can be mitigated.
Cyber Security Vulnerability 1: Exposed External Websites or APIs
How secure is your business at www.yourbusiness.com? Have you ever had the website tested to ensure that visitors can only connect to the site and your services securely? When the website was originally designed, was a web application firewall (WAF) discussed and enabled? Have you looked at those WAF configurations lately? Here are a few approaches to evaluating your websites and APIs for potential vulnerabilities:
- Complete a proper OWASP evaluation test to identify any bugs.
- Host the application / API on a secure compliant framework (WAF, 2FA, IAM, etc.).
- Conduct a thorough log analysis to detect any abnormalities or breaches – either manually or via an automated AI/ML security platform like Cybraics nLighten™.
Cyber Security Vulnerability 2: Misconfigured DNS
When was the last time you checked your DNS settings? If you are hosting your DNS server- is it fully patched and is your team following proper patching guidelines? If hosted externally, are you immediately notified of any DNS changes? DNS scanning is where most hackers will start. They search an organization for their IP subnets to discover any weak VPNs, misconfigurations or unprotected development environments and more. Here are a few DNS related activities to reduce your risk:
- Employ proper DNS change management and enforce a policy to periodically evaluate user access.
- Prevent outdated Windows servers from hosting DNS, and potentially migrate those servers to the cloud.
- Create a separate DNS identity from the corporate identity (e.g – business.com and 2business.com) to make it more challenging for hackers to uncover your IT network and development architecture.
- Employ a proper (IDS) Intrusion detection system / (SEIM) for threat detection.
- For the next level in response, employ an automated security response system that will automatically respond to and resolve vulnerabilities and threats.
- Conduct regular and thorough log identification and analysis.
Cyber Security Vulnerability 3: Splatting / Social Engineering
Splatting is a dark term used for total takeover scenarios. This could involve a range of nefarious social engineering attacks including targeting an employee of value, sending email campaigns and SMS messages with malware, mailing USBs with a false offer and malware to unsuspecting employees, using coasting to get into a building along with an authorized employee, or even using skimmers that can copy badges. Social engineering targets our human psychology to find and exploit our weaknesses. Here are some tips to reduce the potential of your employees falling victim.
- Administer regular security training and cyber security awareness programs for all employees and require the completion of this training as part of their employment.
- Employ secure email and Multifactor Authentication for your email policies.
- Implement strong physical security controls for your facilities including access control (smartcards, RF tags etc.).
- Complete a physical cyber security analysis to assess any physical vulnerabilities (server room, physical building security, device tagging). Prioritize and resolve any known issues immediately.
Cyber Security Vulnerability 4: Insecure Security Frameworks
Examples of insecure security frameworks could be a domain controller that is minimally administered, insufficient IAM Identity Access Management, or unauthorized IPs accessing the outside internet from a LAN or internal environment. Here are some key methods to ensure you are secure.
- Maintain a secure computing environment – Cloud based environments can be of help here vs. taking on the added risk of managing on-premise systems.
- Conduct regular vulnerability scanning of existing outward facing IPs (websites, VPNs, firewalls, etc.). Emtec recommends Digital Defense’s Frontline Vulnerability Manager™.
- Run consistent vulnerability scanning of IOT devices and internet IP networks.
- Check validity and function of encryption systems and ciphers (certificates, layered security, quantum resistance, lattice encryption).
- Implement proper network controls such as firewalls, reverse proxies, network rerouting, load balancing and assess them often.
Cyber Security Vulnerability 5: Lack of Proper Data Compliance
Does your organization have existing compliance frameworks you maintain (i.e. SOC, HIPPA, PII, ISO)? Are those frameworks being audited? By whom? How often? Proper data compliance is key to ensuring you don’t become the next security breach headline.
- Ensure you have proper handling and a chain of custody for data that has been classified as: private, sensitive, secret, top secret etc. to maintain compliance with regulations.
- Ensure you have data storage and classification policies in place, and they are enforced.
- Regularly evaluate data for what should be purged. Check for any data remanence after removal or destruction.
Cyber Security Vulnerability 6: Poorly Coded or Maintained Applications
Are you running your business on custom-built applications? Have you ever tested the code for vulnerabilities? Are you using packaged applications but have neglected to complete the recommended periodic upgrades?
- Validate that the applications you have purchased and the third-party components they use – are secure with your partners.
- Ensure any custom-built applications were built with secure code and don’t allow for infiltration. Emtec’s partner Veracode offers a suite of applications that help organizations safeguard their applications.
Ignorance is not Bliss when it comes to Cyber Security
What you don’t know will hurt you. Understanding your threat landscape begins with understanding your risk. To properly evaluate your risk, regular threat assessments or risk analysis should be conducted.
A risk analysis generally includes a proper asset valuation with detailed reporting as well as the identification of proper security control frameworks and ongoing activities to both measure and monitor your environment over time.
Our Emtec team offers a full suite of managed cyber security services to help organizations understand their threat landscape and mitigate their risk by:
- Ensuring full visibility into every asset that need to be monitored and protected
- Uncovering any vulnerabilities that exist
- Helping to sift through the noise of the vast cyber security tool/vendor ecosystem
- Administering real-time AI driven security tools that detect unknown threats, abnormal application and employee behavior that other approaches miss
- Identifying and removing external and insider threats automatically
- Cyber security resources to help supplement your IT team
We hope these tips serve useful to you and your IT team. If you need some additional support in the area of cyber security, please don’t hesitate to reach out.