No matter how hard we all try, cyber crime keeps getting faster. Just how fast can they happen, you’re wondering?
Ninety-two minutes.
On average, in 2021, attackers only needed one hour and 32 minutes – from initial access to entering other network systems. But that’s just the average. The best 36% of the attackers needed less than 30 minutes.
When attackers now clock their attacks using minutes, you no longer have the luxury of measuring response time in days.
So, what exactly are you supposed to do?
To counter such rapid attacks, you must execute the basics effectively:
- Design IT to resist attack
- Store data securely
- Plug the vulnerabilities
- Check and double-check
Regardless if your budget is large or small, effective security starts through proper execution of these fundamental strategies. And even though day-to-day stresses feel overwhelming, keeping these basics in mind forms the foundation in cyber crime prevention.
Let’s take a look at how to use them effectively.
1) Design your IT to resist it
As you add new employees or capabilities, it’s only natural for IT networks to spread organically.
But too often, these sprawling network designs rarely consider a user’s role or function.
However, modern networking equipment and software provide solutions.
These give you the option to virtually separate users into isolated network segments and security groups.
You can also deter data breaches by layering security measures such as advanced firewalls, zero-trust protocols, encrypted network traffic, and multifactor authentication into your designs.
2) Store Data Securely
Prepare for the worst, and hope for the best, right?
When it comes to slowing down cyber crime, it’s a golden rule.
One of the best things you can do is assume worst-case scenarios, like a data breach. If you start with data encryption (both at rest, and during transit), it can render seized data worthless.
But it shouldn’t end there – you also need to apply the principle of least privileged access.
While it might take you additional set-up time, using a granular approach to Active Directory and other access technologies dramatically reduces both an attacker’s access and potential for insider threat.
Backups also play a key role in secure data storage. Even if hackers can’t see the data, a ransomware attack can render your files unreadable.
A robust, redundant, and secure data backup strategy can ensure not only the safety of the data, but also the quick recovery from a disaster, attack, or even just an accident.
3) Plug the Vulnerabilities
Even the best designed architecture contains unknown flaws.
Researchers discover IT vulnerabilities frequently, and it’s important for you to know how to respond when cyber crime headlines hit the news.
For example, recently Microsoft warned about an active exploit allowing attackers to use malicious documents and websites to seize control of a PC. The vulnerability affects most users, but a patch isn’t immediately available.
Fortunately, it can be countered by using Protected View or disabling the installation of ActiveX controls.
Your team can prevent attacks by promptly sending out a notice to use Protected View and by disabling ActiveX on systems you control.
Other issues may not be so universal, but are just as critical to address. For example, just recently:
- Netgear released firmware updates to address high severity vulnerabilities to smart switches
- Zoho issued a patch for an authentication bypass vulnerability on their ManageEngine ADSelfService Plus password management solution
- Hackers leaked credentials for thousands of Fortinet VPN accounts.
If these vulnerabilities affect you, you’ll need to jump on them right away. Of course, this means you’ll need an up-to-date asset list that covers your entire business.
If you’re not sure about what you have, then it’s time for the next step…
4) Check and Double-Check
A sound design, secure data, and plugged vulnerabilities all work in theory.
However, the complexity of IT embodies Murphy’s Law – if something can go wrong, it probably will.
To slow down cybercrime, you’ll need to take a few important steps in your IT systems.
You’ll need to check them using penetration testing, vulnerability scanning, and on-going monitoring for malicious behavior. You also need to practice procedures such as data restoration or incident response protocols, to check for gaps in human-based systems.
Many teams don’t find the time to double-check, and end up regretting it when things go wrong. Don’t let that happen to you! Find the time now, and save time and money later.
The Takeaways
Cyber crime isn’t going away anytime soon.
In fact, it keeps speeding up. However, that doesn’t mean you’re powerless to slow it down.
By following these key factors, you’ll make sure you put your business in the best position possible.
Design your systems appropriately, secure your data, correct any vulnerabilities, and double-check that everything is in place.
Taking the time now is more than worth it – but only if you prioritize planning and allocate the resources. However, your team doesn’t have to do it by itself.
Ideal Integrations and Blue Bastion can provide expert assistance in design, execution, patching, and verification of IT systems for all sizes of organizations and budgets.
Alternatively, we can take over daily patch management or monitoring so that your system can focus on longer term needs.
For a risk-free quote or a brainstorming session, call us at 412-349-6680 or complete the form below. We look forward to finding a way to keep your team and your network safe and secure.