Is your organisation cyber-secure? 4-step systems maintenance checklist
Thu 6 Feb 2020 | John Salazar
One, two, three, four, keep the hackers out the door
It takes a serious amount of training and experience to get systems maintenance right. And once you’re already in the IT scene, it’s hard to keep up to speed with important cyber security trends. Engineers must constantly be studying best practices and the new types of risks that are out there. Here are some glaring cyber security holes engineers can not afford to miss in their maintenance.
How often do you check your systems?
A lack of cyber security monitoring can leave your network and systems open to hackers. Hackers only get access to systems that they find vulnerabilities in, and you can stop them from doing so by actively monitoring your systems. Always perform IT security and asset audits as well as a full cyber security assessment to identify vulnerable areas and then address them immediately.
Cryptojacking can be one devastating consequence of not checking your systems properly. If your systems aren’t secure, hackers can bypass your systems and piggyback on your processing power and use it for their own mining. This costs you valuable IT resources. And, if your company is reliant on crypto mining, it effectively “steals” profit that should’ve been yours.
How secure are your software and service offerings?
It is also important to check if your software or services are up to date. Poor updating and debugging habits can result in compromised systems and software.
Create and follow a consistent patching schedules to limit the potential of attacks penetrating through your systems. If possible, do security checks, scans, and updates twice a month to improve overall security.
Third-party partners, contractors, and vendors have also become more susceptible to cyber attacks. If your service or device is connected to third-party partners, ensure these partners have stable and functional security systems.
It’s been noted that 60-percent of data breaches actually involve third parties, and only 52 percent of companies have measures to deal with third-party contractors. This can pose a huge threat to your systems, as hackers using third-party services can hijack your networks by using the third-party’s access.
Do you have preparations for direct attacks?
Hacking today usually is sneaky and clandestine, often striking at the last minute. Others, though, opt for a more offensive approach and try to disable your systems.
Distributed denial of service attacks, or DDoS attacks, overload a company’s network to the point that it can no longer process information. These usually happen to websites, but can also happen to on-site networks. In the worst case scenario, a DDoS attack can severely disrupt operations. For those in the manufacturing or energy sector, this translates to a significant loss in productivity.
Brute-force attacks have become less prominent in today’s era of more advanced security measures, such as advanced behavioural analytics. But they still present a considerable threat to systems that lack advanced protections. If you fall prey to a brute force attack, hackers can not only access and gain a foothold in your environment, but a perform DDoS attack and lock out legitimate users.
How protected are your employees from cyber security threats?
It doesn’t matter how secure your systems are if your employees aren’t cyber smart, or if security teams haven’t helped them by implementing cyber security measures.
Ransomware, whereby malicious code encrypts and locks companies out from databases, is still one of the biggest threats to the security and stability of an organisation. Unless firms have remote data backups, good employee education, and strict resource access policies, a ransomware attack can be fatal to operations.
Additionally, social hacking such as phishing and financial texting is one of the main sources of cyber incidents. And unfortunately, the majority of these vulnerabilities come from employees who fall prey to phishing tactics and other strategies that can be traced back to employee mishaps, malicious links, and random emails.
Phishing emails contain links that can install malware on your device and acquire sensitive information – and yes, this is prominent in multiplayer games, banks, and other popular services. Worryingly for businesses, phishing has become harder to detect. Hackers have begun using machine learning to craft more realistic and convincing messages for consumers. As such, companies are advised to tell consumers what emails and websites of theirs can be considered trustworthy and legitimate.
Tags:brute force DDoS phishing ransomware
Security Mon 13 Jan 2020CISO Interview: Does ‘breach normalisation’ have its be...
Security Tue 14 Jan 2020New year, new habits? Why this CISO reckons you need to...
Security Mon 27 Jan 2020One step ahead — Cloudsec is leading security inn...