By Rachael Nagrowski
Director of Business Sales at Verizon and Tech Alpharetta Board Member
Since the beginning of the global health pandemic in March, cybercrime has skyrocketed as hackers and bad actors continue to prey on vulnerable organizations that were thrust into remote workforce settings without proper equipment or training. Exploiting home Wi-Fi and unsecured devices are among the easiest targets.
Also contributing to the rise is the increased adoption of the cloud and web applications. According to Verizon’s 2020 Data Breach Investigations Report , attacks on web apps were a component of 43% of all breaches, more than double the results in 2019. The report also shared that the most common methods of attacking web apps are using stolen or brute-forced credentials (over 80%) or exploiting vulnerabilities (less than 20%) in the web application to gain access to sensitive information.
The greatest protection a company has against potential threats is education. It’s critical that key stakeholders have a clear understanding of the infrastructure and any latent vulnerabilities, as well as offer proper training to all employees, to identify possible risks. Most companies, particularly small to mid-size, benefit greatly from bringing in third-party consultants to run a thorough check of the system and recommend the most appropriate safeguards to have in place. Basic protection can eliminate the vast majority of threats. Some of the most common technologies being used today are VPN, Mobile Device Management, Duel Authentication and End Point Protection.
Our dependence on devices has led technology to become the new bank. Today, hacking is much more profitable than robbing a bank. Here are some common best practices for companies of all sizes to consider to keep their systems and data safe:
- Continuous Vulnerability Management – Use this method to find and remediate things such as code-based vulnerabilities; also great for finding misconfigurations.
- Secure Configurations – Ensure and verify that systems are configured with only the services and access needed to achieve their function.
- Email and Web Browser Protection – Lock down browsers and email clients to give users a chance against the dangers lurking in the internet.
- Limitation and Control of Network Ports, Protocols and Services – Understand what services and ports should be exposed on your systems, and limit access to those.
- Boundary Protection – Go beyond firewalls to consider things such as network monitoring, proxies and multifactor authentication.
- Data Protection – Control access to sensitive information by maintaining an inventory of that sensitive information, encrypting sensitive data, and limiting access to authorized cloud and email providers.
- Account Monitoring – Lock down user accounts across the organization to keep bad guys from using stolen credentials. Use of multifactor authentication also fits in this category.
- Implement a Security Awareness and Training Program – Educate your users on malicious attackers and on accidental breaches.
The full Verizon 2020 Data Breach Investigations Report is available at www.verizon.com/dbir. To learn more about cybersecurity best practices, join my colleague, Jamie Hampton, along with other local experts, for Tech Alpharetta’s Virtual Speaker Series on Cybersecurity, taking place on Thursday, Sept. 17, 2020 at noon ET. For more information and to register, visit https://www.eventbrite.com/e/cybersecurity-best-practices-during-uncertain-times-tickets-114531290172