Decades ago, strong IT security meant a strong firewall plus antivirus.
Today however, while firewalls and endpoint protection remain basic requirements, they no longer provide sufficient security.
Unfortunately, many time and budget-strapped organizations haven’t caught up to the reality of the times.
Once an attacker penetrates your firewall or disguises their attack from endpoint protection, your organization is wide open to attack.
Now, firewalls are a great place to start. But, a false sense of security often leads organizations to delay updates and ignore vulnerabilities in devices behind them.
All it takes is a single bad click to render these fragile older defenses useless.
It’s important to recognize that many newer attacks easily bypass these defenses, requiring further layers of protection to keep your business safe.
Firewall Fast Lane: Downloads and Phishing
While your firewalls might inspect packets for known malware, many can’t inspect emails or encrypted web traffic flowing through authorized ports.
This open door explains why so many attackers use phishing as a first step.
Fortunately, your email programs work hard to block phishing attacks.
In fact, Microsoft alone intercepted 35.7 billion phishing emails in 2021. That being said, many attacks still make it through.
Users still fall for a variety of attacks including:
- Links to various phishing sites and scams
- Legitimate looking, but malware-laden ‘safe’ file formats
- SEO ‘poisoning’ to trick users into corrupted installers
It’s important to educate your teams on the latest phishing sites and scams. With proper training, most can be avoided.
But what do you do when malware hides behind a legitimate façade?
For example, to bypass security scans, hackers have used seemingly harmless CSV text files, Power Point files, Adobe app installers, networking video installers, notepad++ installers, and Chrome browser plugins.
Though sometimes these arrive through phishing emails, installer attacks typically use SEO to rank highly in web searches for popular applications. From there, they use legitimate-looking websites to deliver malware-laden installers.
Fortunately, most of these attacks require a user to enable macros or intentionally click the link to download the app or plugin.
However, unless carefully inspected, these malicious sites and files seem legitimate. In fact, the corrupted installers even install the software you wanted in the first place.
Once enabled, these attacks might drop malware, such as Emotet or BazarLoader. Though they might be caught by endpoint protection, many recent attacks use methods that bypass this security.
Activities that bypass endpoint security include:
- Stealing browser passwords or banking information
- Corrupt the Windows Update client
- Change file attributes
- Execute PowerShell Commands
Unfortunately, sometimes you don’t even need to be involved to fall victim to attack.
Recently, vulnerabilities were detected in millions of printers and universal plug-and-play routers. While hundreds of thousands of these devices could be detected as ‘vulnerable’ though the web, thousands of them were already detected as ‘infected’.
Though hardware attacks happen constantly, device owners react so slowly that thousands end up infected with malware. This leaves vendors compelled to force-install updates.
Hardware devices can be infected by simply by leaving them exposed to the internet.
In other cases, they’re the easiest target to hit following a breach in your firefall.
Layering on the Defense
In January, the Office of Management and Budget issued a memo outlining the U.S. government adoption of Zero-Trust Architecture to improve national cybersecurity.
Fortunately, there are plenty of other steps you can adopt, far more budget friendly than buying the latest available technologies.
For example, you can:
- Disable macros by default, and require elevated rights to enable them
- Disable software installation by default, and require software installation requests to go through IT for approvals and installation
- Keep all devices patched, updated, or isolated from the rest of your network
- Lock down email server settings
- Add additional security to your most valuable resources:
- Endpoint Firewalls
- Restricting user access through user groups
- Use port knocking to hide resources
- Use company specific security postures
- Use professional services
- Cybersecurity Monitoring
- Email filtering and security services
As cyberattacks continue to evolve, it’s important to recognize their growing dangers.
What once worked in the past, just doesn’t cut it any more, as criminals grow bolder and develop more devious methods of attack.
Avoid the dangers of falling complacent, just because you have a firewall and a few basic protections in place.
Layer your defenses, and take care to keep your team trained on the importance of security.
If you’re feeling intimidated in any way by the sheer number of options, there’s no reason to be concerned – it’s completely normal.
All you need to do is reach out for a little help.
For an easy first step, contact Ideal Integrations at 412-349-6680, or complete a short note in the form below.
Our experts will set up a no-obligation meeting to explain these and other options in as much detail as you like.
We’ll be happy to provide a complete, customized list of options and prices to protect your business and keep it safe!