Targeted and recurring attacks on a victim system are in vogue. Specialised hacker groups find access to corporate networks and leave severe damage in their wake.
Contrary to what might be expected, not always particularly complex, secret or cutting-edge security vulnerabilities are exploited. Much more often than thought, there are simply poor or even missing security standards in use. A joint publication by cyber security authorities from North America, New Zealand, the Netherlands and the United Kingdom aims to actively counter this circumstance and provide concrete information about this problem. [1]
What are particularly popular targets?
As a rule, cyber criminals focus on the following areas of a company and the vulnerabilities that exist there. The goal is to gain unauthorised access to the victims’ IT systems with as little effort as possible:
- Targeted attacks on publicly accessible applications such as websites or data platforms
- Exploitation of vulnerabilities in remote access systems such as VPN or any remote desktop solutions used
- Too much trust in partner companies and their external system landscape
- Stealing valid user accounts and targeted phishing attacks on users
Those responsible for security should therefore place special focus on these sub-areas. Even simple improvements can lead to an optimised security level with reasonable effort.
Most frequently found errors in security concepts
When it comes to the actual underlying technical vulnerabilities and problems in the existing IT environment, the technical details listed are not surprising:
- Lack of software updates and poorly configured platforms with too many accessible services on publicly accessible systems
- Poor passwords, default identifiers and lack of multi-factor authentication
- Too many user rights and insufficient delimitation and division of roles
- Lack of phishing protection and advanced virus protection on endpoints
- Cloud systems that are inadequately protected and monitored
Adjust these areas gradually if necessary and raise them to the current state of the art as quickly as possible. The Paper by the Joint Cybersecurity Advisory lists more detailed procedures and concepts to be used, which can allow for a quick derivation of initiatives and projects and can result in a guideline for action.
Which solutions are generally recommended?
The quite pragmatic approaches to improving IT security are often not newly invented and obvious. However, it is essential to create awareness in order to actively ensure a secure IT environment and to make resources available accordingly:
- Controlled access to one’s IT network and systems is particularly important and should be closely monitored. Strong user authentication and comprehensive logging are crucial.
- The use of strong anti-virus software as well as support for the rapid detection of attacks and intruders is recommended.
- All software must be up to date at all times and only necessary functions should be activated and used.
Conclusion: A technically up-to-date and modern level of IT security is not free, but it is readily achievable – and it is certainly cheaper than a possible cyber-attack. Minimal precautions on the organisational and technical level should no longer be missing in any company.
Recommended:
Identities in the focus of cybercriminals
Resources: