Essential Cyber Security Tactics: Prevention, Detection & Response
All good cyber security plans combine the three essential components of prevention, detection and response. It goes without saying that cybercrime prevention is better than cure but the correct tools and procedures are required to ensure a robust defence solution.
With new forms of cyberattacks being uncovered daily, it is clear that the tactics used by cybercriminals are constantly evolving, and no matter how good your defences are, it is highly likely that your data will, at some point, come under attack. Although a good cybersecurity detection system is essential to sound the alarm, in the event of an attempted intrusion, without an effective response in the face of an attack, efforts of detection may be futile.
Cybersecurity Attack Prevention
Knowledge is the most important form of defence. By understanding the threats, businesses can take steps to reduce the chances of becoming a victim of cybercrime by identifying areas on their network that are open to attack. Unfortunately, no single application or practice can completely protect your data and devices against the ever-evolving threat from cyber criminals rather, a layered approach that combines products, audits, services and practices is the best approach to cybersecurity.
In this article, we look at the most common types of cyber security threats and learn the best cybersecurity tips into how to implement a layered defence solution against cyber attacks.
Understanding the threat
Cybercrime is on the rise with increasingly sophisticated forms of attack being uncovered daily. Cybercriminals use many techniques and technologies in their assaults and the number of attacks targeting small and medium-sized businesses is on the rise. The UK Government’s Cyber Security Breaches Survey 2019 reported that around a third of businesses and over twenty percent of charities experienced attacks in the previous 12 months. Drilling into the detail shows that this figure is significantly higher for small and medium-sized businesses with 40% of small businesses and a staggering 60% of medium-sized firms reporting attacks or breaches in the same period.
Every day new malware and viruses are being discovered, and the vast majority of them is gaining access to company devices via email. An independent survey commissioned by Sophos in 2019, aptly entitled The Impossible Puzzle of Cybersecurity, looked at where attacks come from and they found that attacks via email and Web combined accounted for almost two-thirds of attacks, 23% of attacks got in via a software vulnerability and 14% via an external device such as USB sticks.
To manage the risks, it is vital that every business, large or small, is aware of the key threats facing them in this new decade as was highlighted in our article that summarized the SophosLabs 2020 Threat Report.
Phishing remains a top threat, where hackers target employees with emails that masquerade as messages from legitimate sources in order to trick people into handing over passwords or personal data. Although phishing may be a familiar term, scammers’ tactics are becoming increasingly sophisticated, for instance, Supply Chain Attacks, where coordinated attacks compromise small businesses to gain access to a larger business partner’s network. Malware can be introduced by email opening the door for additional malware to download and install directly and in this way bypassing detection.
Data security on the Cloud
In the UK, 88% of organisations have adopted cloud-based systems. For SMEs, cloud computing has rapidly become the method of choice for business data storage as it can offer cost savings and increased flexibility. In line with this shift, criminals have refocused their attentions, resulting in an upsurge in incidents of attack on cloud infrastructure.
It is important to be aware that while Public Cloud providers are responsible for the physical protection of the data center, according to General Data Protection Regulation (GDPR) the organisation that owns the data is ultimately responsible for its security. This means that, if your customer data is hacked, then it is your organisation that will have to pay the fine, making cybersecurity of company data on the cloud a top priority.
Attacks by ransomware continue to be the most common form of attack with the number of attacks growing rapidly since 2018. Ransomware penetrates the victim’s network while employing sophisticated techniques to evade detection with the aim of encrypting as many machines as possible, often including backup data. With potentially devastating consequences for any type of business, large or small, ransomware has become the greatest threat facing all organisations. What’s more, hackers see smaller businesses as a lucrative source of income as they are less likely to have the IT resource to defend themselves against attack making them an easy target.
Deepfakes – AI and Machine Learning
Criminals are now using artificial intelligence to manipulate digital content to create convincing fake video or voice recordings of a target person. This technique, known as ‘vishing’, is used to trick individuals with financial decision making power in an organisation. In a high profile incident reported in 2019, criminals used deep fake technology to impersonate a chief executive’s voice to transfer hundreds of thousands of pounds fraudulently.
As cyber criminals relentlessly strive to outwit the security measures on company networks by inventing new techniques using the latest technology it is clear that no single security measure can protect organisations against the ever-growing threat.
Cyber Security Tips – A Layered Defense Solution
We know that cybercriminals are becoming ever more sophisticated and targeted in their methods. Furthermore, IT infrastructure of businesses today is complex, including inter-connected networks of PCs, printers, mobile devices, cloud applications, servers, switches and more, not to mention the software that runs on them. This is why the National Cyber Security Centre’s recommended approach is overlapping layers of protection. This strategy often referred to as Defence in Depth (DiD), provides an in-depth defence so that if one layer of protection is breached then the second or third layer will be able to stop an attack. Here are the best cybersecurity tips to form a layered defence solution:
Endpoint security refers to all end-user devices such as PCs, laptops and mobile devices. Endpoints connected to company networks create points of entry that can be exploited by cybercriminals and in addition, employees working remotely or connecting to WiFi networks when out and about further increase network vulnerability.
Endpoint security is sometimes simply referred to as antivirus software. However, while antivirus software has been effective against known threats by using signature-based detection of known malware, it does not protect against the new, unknown threats that are increasingly prevalent in the rapidly shifting threat landscape. One example of a modern approach included in “next-gen” endpoint security software is the incorporation of machine learning to secure endpoints not only from known malware but has the ability to detect both known and unknown malware without relying on signatures.
Modern endpoint protection solutions, such as Sophos Intercept X, encompass a combination of traditional capabilities such as antivirus/anti-malware, web control and application lockdown along with modern techniques like machine learning. This type of solution uses deep learning to detect never-before-seen malware, includes anti-ransomware technology and signatureless exploit prevention. As well as the ability to detect threats, insight into threats can be analysed and malware removed instantly.
In addition, Endpoint Detection and Response (EDR) can be combined with endpoint protection to stop breaches before they start. Powered by machine learning, EDR emulates the job that is usually carried out by a skilled analyst by automatically detecting and prioritising potential threats ensuring a rapid and focused response to attacks.
Servers often hold an organisation’s most valuable and sensitive data making them a highly prized target for cybercriminals. While a successful attack on a single laptop can be very frustrating for that employee, an attack on a company’s server running business-critical applications can be devastating for the whole organisation. Whether you run your own server on-premises, host your data in the cloud or have a hybrid of these, effective server protection is vital to protect your business.
Modern server security software includes many features to defend against unknown threats, exploits, and hackers. These features combined act to prevent, detect and respond to attacks:
|Web filtering to block malicious web sites||Ransomware protection||Threat chain visualization|
|Peripheral/device control||File integrity monitoring||Threat Hunting|
|Machine learning malware protection||Anti-Hacker protection||Integration with firewall|
|Data loss prevention|
Next Generation Firewall
Network security is the foundation of every layered cybersecurity solution but the changing tactics of hackers in recent years has demanded a change in the role of the firewall. The threat has shifted from the intrusion of the company network perimeter to attacks by malware and the exploitation of vulnerabilities in applications. To combat these new types of threat modern firewalls, such as the Sophos XG Firewall, combine traditional firewall functions along with visibility and control over users and their applications.
Not only does a next-generation firewall continue to form an essential barrier to protect the company network from external hacks, but as defined by Gartner is a “deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall”.
Mobile Device Security
Attacks against mobile devices have rocketed as hackers have turned their attention to attacking both Android handsets and smartphones. Furthermore, a study by Verizon confirmed that people are much more susceptible to phishing attacks on mobile devices highlighting the importance of securing mobile devices that have access to company networks and sensitive data. Today 85% of organisations support a BYOD (bring your own device) policy and although this can reduce a company’s infrastructure cost it will introduce an increased security risk. Cybersecurity tips to ensure that your organisation’s mobile devices are secure include:
- Update your OS and apps without delay to avoid hackers taking advantage of vulnerabilities.
- Be aware of using free WiFi in public spaces as it is often not secure.
- For remote workers, a business Virtual Private Network (VPN) should be considered to ensure safe remote access to company servers and networks. A VPN is a secure tunnel that is used to establish an encrypted connection over the internet between your device and the server. It encrypts data from your mobile phone or PC that is travelling over the internet.
- Install mobile security software that monitors the device continually checking for suspicious activity and takes action to mitigate the risk of attack. Software such as Sophos Intercept X for Mobile can be configured and monitored centrally to allow your company’s whole defence to work as one coordinated system.
Business communication relies heavily on email, a fact that cybercriminals are all too aware of. Sometimes endpoint protection cannot prevent an employee from opening an infected email or clicking on an attachment but by filtering emails at the gateway the risks of attack can be reduced.
What’s more, emails leaving your company server are vulnerable to being intercepted by cybercriminals, opening up the possibility of a potential breach of sensitive data. Email encryption can convert either the complete email or an attachment only, into an unreadable format allowing outbound messages to be sent securely.
Many mobile workers carry laptops that contain confidential and important company data and although passwords offer the first line of defence they do not provide complete data protection. In the event of a stolen or lost laptop not only will your business be exposed to a data breach but, as part of the compliance requirement, you may also need to provide proof that the missing devices are encrypted. An encrypted hard drive renders the data unreadable therefore making it useless should it fall into the hands of a criminal.
Protection of company data on the cloud requires not only the ability to detect, respond and prevent breaches but also to plug any compliance gaps.
As cybercriminals look to exploit vulnerabilities such as misconfigurations, gaps in security responsibilities, user access roles and permissions, an increased level of visibility and automation is necessary to protect company data. The key to effective cybersecurity across public cloud platforms from Amazon Web Service, to Microsoft Azure and Google Cloud Platform, is to ensure your environment is configured correctly and you have clear visibility into your architecture and most importantly who is accessing it. A cloud security solution such as Sophos Cloud Optix protects against attacks by providing security, compliance and configuration monitoring for all cloud assets enabling continuous visualisation and security of you company’s cloud infrastructure.
Firstline IT can help you to secure your business
Above are the most prevalent current cyber security threats and a general outline of some of elements of a layered security solution. However, as we all know, every SME is different with each one requiring a different approach and that is why we will work with you to understand your business, what your staff do and how they do it so we can put together a bespoke cyber security solution that suits you and your budget.
We are Cyber Essentials Certified
Cyber Essentials is a government-backed, industry supported scheme to help business of all sizes to protect against the ever evolving threats from cyber crime. As a Cyber Essentials Certified organisation you can trust Firstline IT to provide clear and expert guidance on the cyber security controls needed to make sure your systems and business data are secure.
We Partner with Sophos
In conjunction with our partner Sophos, we can deliver a best in class cyber security solution that is managed from one central management platform. In addition, Sophos Managed Threat Response provides 24/7 threat hunting, detection and response experts who can alert and respond to threats at any time of day or night.
To find out more about how to protect your business against cyber security attacks, please see our cyber security solutions. Or, if you’d like to talk to us about how we can protect your business, we welcome you to contact us today.