Call : ‪(704) 269-8354‬ info@topgeekllc.com

How to prevent cyber-attacks:

 

According to a 2021 Verizon report, more than 80% of global data breaches are financially motivated. Now more than ever, individuals and businesses must proactively maintain an aggressive cybersecurity posture because the cost of a cyberattack can run well into the millions — a price few are able or willing to pay.  

Here are some ways to protect you and\or your business.

Legacy Software

Software that hasn't been updated to reflect the most recent security protocols.

Encryption

Unencrypted communication allows attackers to use tools to reveal usernames and passwords

Unpatched Vulnerabilities

Vulnerability management will help your organization maintain compliance across industry regulations using vendor provided patches to close know vulnerabilties.

Network Segmentation

Hackers can easily access systems if not firewall features fail to detect or block malicious activity.

With cyber-attacks becoming the norm, it is more important than ever before to undertake regular vulnerability scans and penetration testing to identify vulnerabilities and ensure on a regular basis that the cyber controls are working.
 
Vulnerability scanning examines the exposed assets (network, server, applications) for vulnerabilities – the downside of a vulnerability scan is that false positives are frequently reported. False positives may be a sign that an existing control is not fully effective, i.e. sanitizing of application input and output, especially on web applications.
 
Penetration testing looks at vulnerabilities and will try and exploit them. The testing is often stopped when the objective is achieved, i.e. when an access to a network has been gained – this means there can be other exploitable vulnerabilities not tested.
 
Organizations need to conduct regular testing of their systems for the following key reasons: 

  • To determine the weakness in the infrastructure (hardware), application (software) and people to develop controls
  • To ensure controls have been implemented and are effective – this provides assurance to information security and senior management
  • To test applications that are often the avenues of attack (Applications are built by people who can make mistakes despite best practices in software development)
  • To discover new bugs in existing software (patches and updates can fix existing vulnerabilities, but they can also introduce new vulnerabilities) 

If people are attacked through social engineering these bypasses stronger perimeter controls and exposes less protected internal assets.
 
The worst situation is to have an exploitable vulnerability within infrastructure, application, or people that you are not aware of, as the attackers will be probing your assets even if you are not. Breaches, unless publicized by the attackers, can go undetected for months.”
 
Vulnerability scanning and penetration testing can also test an organization’s ability to detect intrusions and breaches. Organizations need to scan the external available infrastructure and applications to protect against external threats. They also need to scan internally to protect against insider threats and compromised individuals. Internal testing needs to include the controls between different security zones (DMZ, Cardholder data environment, SCADA environment etc.) to ensure these are correctly configured.
 
How often do you conduct pen testing?
 
Pen testing should be conducted regularly, to detect recently discovered, previously unknown vulnerabilities. The minimum frequency depends on the type of testing being conducted and the target of the test. Testing should be at least annually, and monthly for internal vulnerability scanning of workstations, standards such as the PCI DSS recommend intervals for various scan types.
 
Pen testing should be undertaken after deployment of new infrastructure and applications as well as after major changes to infrastructure and applications (e.g. changes to firewall rules, updating of firmware, patches, and upgrades to software).