Let's say a short story of a smaller company from Western Slovakia, which has up to five employees. In addition to the current web page, it had an older version on its server. New was in Wordpress, older in Drupal. Both are among the most widely used publishing systems in the world. However, the company has forgotten to uninstall the old one after launching a new version of the site. For several months, the old system was not updated, but it was still running on the sub-page, because it was online and on an active server. He was found by hackers.
Of course, the leaky system of some small Slovak company did not look deliberately. They did it for them by their bots - small software codes that are thousands on the internet, and that scan the internet for different purposes - sometimes good and sometimes bad. Thus they also found an unpublished publishing system. They made it "their" place - one of the many points on the Internet that they used for further network attacks. Like a huge hacker cloud. Not only did the server of the company become one of the hackers in the hacker chain, there was another thing. Through the old system, the attackers got into the directory of the new site and infected it with their code so much that the company website and its small e-shop stopped working. Suddenly, day to day. In the company, they noticed that they had stopped ordering and had taken a few days, and it cost a lot of money until they got all right.
How to defend yourself
The example above is just one of many that happen every day in the online space. Even according to one of the cyber security surveys conducted by SMB Group, approximately 70 percent of hacker attacks target small and medium-sized businesses. It is also interesting to note that 60 percent of small and medium-sized businesses that hack will end up in business within half a year.
If you want to keep your business in the online space, you need to become an online pessimist at the management level. Keep in mind that something can happen and adapt the company's IT structure accordingly. It's as if you were fighting in a small war without knowing where the attack might come from.
1. Map the battlefield
You need to know what devices are connected to your corporate network. The word "device" is used intentionally because it is not just a computer. The Internet of Things is a phenomenon of today. Almost every newly manufactured electronic device can connect to the Internet and the fact that most of them have poor or no security at all, making Trojans for external attack. Ideally, only network devices and computers running the same operating system are connected to the network - you better place security patches in one system than when you have computers running Windows, Mac, and Linux.
2. People's Approaches
Giving employees access to all places on the network is not just a sign of trust and corporate transparency, but also a great risk. An employee may not want to harm consciously, but if he or she plugs an infected key into a USB computer or opens an e-mail with malware, he / she will do the wrong business. And that's not what the lawyers got to say ... Imagine that sensitive employee data stored on your computers escapes out and gets to the public. Maybe they won't do any harm, but a member of your staff will file a lawsuit for it. Did you keep his data legally? Did you have systems secure, as needed? So you have a minimal reputation problem on your neck.
If we stay compared to the battlefield, any soldier also has no access to any weapons at any time. Everyone knows what to do and what powers it has for the army not to be damaged from within.
3. Plan for the crisis
Maybe you're just a small business, maybe you employ hundreds of people. However, you need a crisis plan for a digital problem. Take the example of the company described above. What would you do in that case? Do you know who to call? Who, even at night, starts to deal with your infected servers? How fast can you fix it and who will do it? You may never use the crisis scenario. But if a problem happens, it can save your reputation, money and data.
How it looks in practice
To speak not only on a theoretical level, we also talked to a cyber security expert. Questions answered by Vladimír Frčo, network and telecommunications security specialist from Orange.
What is the greater risk for businesses? Bad software or negligent employees?
It depends on the level of risk. There is no need to underestimate either area. For each security measure, you also think about its effectiveness, and whether the effort to deploy it is equal to the risk and potential damage. Anyway, it is good to have employees with higher security awareness. The security department will thus relieve you from solving less serious problems. Negligence can often be ignorant, so we also try to educate employees and lead to some security independence.
Say it on an example.
A good example is a salesperson. From a layman's point of view, he may be uninteresting, but he has great power in terms of personal data protection or customer asset protection. For example, one authentication error when replacing a SIM card could cost someone a bundle of money. If you have a payment authorization set via SMS, consider changing it. Abroad, SIM card swap scams are common.
In the world, social hacking is said to be more successful than technological attacks when it comes to data misuse. Does this also apply to us? For example, there are more frequent technological attacks in Orange, or an attempt to obtain sensitive data, eg. impersonating another person on a hotline?
If the walls are too strong, you have nothing more to do than build a 'Trojan horse'. And literally. If the firm has enough perimeter protection, the attacker must find another way to penetrate the inside. Important is the attack vector and the area that an attacker can hit. If a company has only one static website on the Internet, it will be difficult to access valuable information through it. It will be easier for an attacker to find employee email addresses and send malware to them. The attack area is definitely greater than one web server IP address.
And that social hacking?
To impersonate someone else is not so common with us. Rather, the attackers prefer non-personal ways. If a leak also occurs, it is through a person who has authorized access to the data and does it consciously.
Which places in the company are most vulnerable to security?
The technologies are legacy systems, and systems that should not have worked long ago were discarded, but someone forgot to disconnect them. Also included are services whose patching cycle is too long and do not reflect the current situation.
From the point of view of employees, attacks are most often targeted at the customer center, financial and IT departments. However, this does not mean that they are also the most vulnerable. Employee vulnerability depends on several factors, and sometimes even the best employee makes a mistake.
Articles marked with the TREND WE KNOW HOW logo are prepared in cooperation with commercial partners. The editorial staff is not their author, although they may be beneficial to the reader
Source: www.etrend.sk