Happy Valentines Day from the SME family. Many of us enjoy this time of the year, but did you know that hackers do too.
But what exactly do hackers love…?
Last week we posted our blog post What Hackers Love: Home Edition, where we covered a few topics that hackers typically love when attacking or breaching home networks. This week we’ll be covering a few topics that hackers love to look for when attacking enterprise networks.
These topics cover businesses of all sizes. From the small mom and pop shop, or the online business, to large organizations. What’s discussed here is applicable to any business.
Hackers Love: Unpatched Systems
Unpatched systems, and software can be a magnet for malware and viruses. Especially if it is a widely used app like Adobe Flash or Internet Explorer. A classic example is the Conficker worm on Windows that was discovered in late 2008, which took advantage of unpatched versions of Microsoft Windows.
From 2019-2020, the most exploited software applications were Adobe Flash, and Internet Explorerhttps://www.verdict.co.uk/top-software-vulnerabilities-2019/
Around 60% of small businesses get hacked every year as hackers are finding new ways to break into computer systems. As cyber attacks become more prevalent, proper network security is more important than ever to reduce, and mitigate the risk of a data breach and maintain not only your customers’ data, but their confidence in your company and your reputation.
Many companies are taking proactive security measures to lower their risk of vulnerabilities — one of the major ones being patch management. Patch management has often been ignored as part of cyber security, but its importance and the benefits it can provide shouldn’t be ignored.
Hackers Love: Lack of Encryption
Encryption is the process through which data is encoded so that it remains hidden from or unreadable to unauthorized users. Encryption helps protect sensitive data, and can enhance the security of communications between not only apps and servers, but between yourself and your customers. When data is encrypted, even if an unauthorized person or entity gains access to it, they will not be able to read it.
If you think your business is too small to benefit from encryption technology, think again. Encryption has largely been thought of as a more advanced form of data security, expected to be seen in large enterprises rather than small companies. However, cyber threats are growing among organizations of all sizes, especially small businesses, which are more likely to have fewer resources with which to protect themselves than large corporations. As the threat landscape continues to grow, encryption is becoming an increasingly critical component of any company’s security strategy.
Organizations large and small, and across industries are implementing encryption technology to protect their customers and employees Personally Identifiable Information (PII), company secrets, financial data, and more. Malware attacks, and phishing are on the rise, password protection is not enough, and even if your data is hosted in the cloud, at the end of the day, you’re still at risk.
Hackers Love: Flat Networks / No Network Segmentation
Network segmentation is the practice of breaking up a larger computer network into several small sub-networks that are isolated from one another. Network segmentation is also a key part of PCI DSS compliance requirements. The PCI Security Standards Council calls for the use of network segmentation in order to help isolate all system components that are used to store, process, or transmit credit/debit cardholder data or other sensitive authentication data.
Setting up and configuring network segmentation can be a tad bit of a hassle starting out but the benefits of segmenting your network can massively outweigh the challenges. Some key benefits of network segmentation include:
- Slowing Down Attackers, Buying You More Time. If an attacker breaches your network, and that network is segmented, then it will take some more time for the attacker to break out of that segmented portion of the network to get at the resources they’re actually after.
- Increases Data Security. Segmenting networks makes it easier to protect the most sensitive data and internally-facing network assets. This extra layer of separation between servers containing sensitive data and everything else outside of the network can drastically reduce your risk of data loss or theft.
- Reaffirms Policy of Least Privilege. Network segmentation makes it easier to restrict user access to sensitive information and systems. If a user’s access credentials are compromised—or abused, this can be invaluable for protecting that information. Essentially, network segmentation helps protect your business against both internal and external threats.
- Reduces Damage from Attacks. Because strong network segmentation can help keep attackers from breaking out of a system before you’ve contained the breach and cut off their access, it can help to minimize the damage caused by such breaches.
SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email email@example.com.