Hacking incidents we’ve documented in the past show a common strategy used by attackers: finding a vulnerability and exploiting it. Whether it was the New York Times or small businesses in Asia, the starting point was found to be a compromise caused by a vulnerability. This vulnerability may either have been technical (vulnerable software), or non-technical (an uninformed employee).
This finding highlights the need for a comprehensive defense against such attacks. As one of our researchers, Jim Gogolinski, said in a previous report, companies are not helpless from targeted attacks. However, building a solid defense strategy will require resources as well as diligence from the organization itself.
For hacking attacks in particular, keeping a company’s network secure will require both proactive and reactive security strategies. Below are some tips that may help IT administrators keep their company’s site secure.
Proactive Steps Against Hacking Attacks
- Implement a program to regularly test and deploy updates, especially security update.
- Check that the installed software on all endpoints and servers are updated.
- Make sure that security software is present (and in use) across the board. These should also be configured to detect and prevent phases of an attack, as well as observe indicators over the network, on disk, and in memory.
- Processes and standard operating procedures (SOPs) should be built with security in mind. This applies to not just to employees, but to partners, contractors and customers as well.
- Investigate any anomalous network and system behavior. Attacks are known to begin with reconnaissance, and such suspicious activities may be the first sign of an attack.
- Continuously plan or review your incident response procedures with all necessary parties (not only IT groups). Jim also discussed how to implement these procedures in his earlier report, How Can Social Engineering Training Work Effectively?
What to Do in Case of an Attack
In the past, some attacks have been “announced”. Details of the attack – such as when it will happen and who the targets are – are released to the public beforehand, In such circumstances, the most important step a company may take is to make sure that all proactive defense actions (such as those listed above) are in place, and to exercise a high level of awareness of their network and their logs.
Announced operations, with their relatively open disclosure of tactics, tools, and procedures are golden opportunities for evaluation and improvement of countermeasures in real world scenarios. Taking advantage of these opportunities helps train people, process, and technology to recognize signals of a targeted attack regardless whether it is publicly disclosed or covert.
However, whether there is increased risk brought on by an announced attack or not, it is important for companies to always have their defenses up. In the end, the costs of keeping networks secure may prove to be minimal as compared to mitigating a successful breach.