Each day, the world becomes increasingly globalized. As technology use continually evolves, so do the tactics used by cybercriminals to wreak havoc on businesses’ day-to-day operations. According to the Verizon 2022 Data Breach Investigation Report, as of this year, more than 832 incidents have occurred. Of those, 130 involved confirmed data disclosure. System intrusion is among the top cybercrime patterns, which represented 98% of security breaches. The primary motive of cybercrime is financial. To keep security breaches and their long-term adverse effects at bay, businesses must be vigilant in securing their information and networks.
At a minimum, antivirus protection is a step in the right direction. However, endpoint detection and response (EDR) software are more advanced options and better positions businesses to protect themselves from security breaches. The advanced machine learning capabilities of EDR enable it to automatically respond to threats and within seconds notifies security personnel. This capability to contain threats in real-time restricts the time an attacker has to do damage before they are stopped in their tracks. The most significant benefit of EDR software is that it provides advanced protection features that the standard anti-virus products do not offer.
A business class firewall that is correctly installed with active subscriptions is an important part of securing business information and systems. Sometimes CMIT Solutions is asked to audit network firewalls. As a result, we routinely find and correct mistakes that effectively have left a back door open for Internet hackers to enter the network. Sometimes these back doors are open due to human error and others are intentionally setup without the knowledge of business owners who should be deciding the risk vs reward to their business.
Firewall configurations should be reviewed on a scheduled basis and especially after network changes. Access that is no longer needed can be removed and network performance as well as security configuration details can be validated. If firewall rules and configurations are not checked consistently, systems are more vulnerable to security breaches. Regular reviews increase the probability of uncovering weaknesses in network security and resolving them in a timely manner.
Most computer breaches are the result of hackers taking advantage of security holes or tricking someone with access to unknowingly allow the hacker access to their business systems. Intrusion detection is required to alert security teams when a hacker manages to get past one or more security controls. It is comparable to living in a gated community, with locks on your doors and windows, with a security system that detects motion, all backed up by a monitoring service. Good design includes multiple layers and, equally important, monitoring of those layers to sound the alarm when a hacker attempts to move from one system to another.
Another key principle of good security design is to remove extraneous services from systems to reduce the points of entry available to a hacker. One example is using remote desktop services (RDP) that can be used by your IT staff to log into servers from within your “secure” network. This same technique is employed by hackers to move from computer to computer, searching for data to encrypt with ransomware or copy to the dark web to sell to the highest bidder. There are ways to secure remote desktop services but until you do, it is best to disable this and any other access that is not absolutely necessary.
CMIT Solutions has the professional expertise to design and manage secure information systems for businesses. If you’re less than confident your systems are securely designed and managed, contact CMIT Solutions today.
