Cyber criminals are clever people. Moreover, they are not hoodie-wearing loners in basements. This character sketch is entirely misleading to the real threat that cyber criminals are. They are organized, syndicated, and global. Their motivations are many. They may be simply after money. They may be paid by your competitor to destroy your business. They could be out to wreak havoc on a society for political purposes, and destroying your network might be the collateral they need to make their point. Hackers naturally seek workarounds for blocks that stand in their way. So, if cybersecurity finds a solution to block a known attack vector, cyber criminals immediately set about solving the problem to find another way in, to circumvent the block or to devise a new, accessible target that will bring about similar results. Cyber criminals collaborate. They innovate.
Case in Point: A Recent Malware Innovation
Danny Palmer of ZDNet just published a story that introduces us to a new kind of malware, dubbed Xwo. This malware scans web-based networks looking for vulnerabilities, particularly password credential vulnerabilities. It is still not entirely clear how this new breed of malware operates, and how it manages to lurk while scanning internet-connected networks. What is clear is that this malware is meant to do surveillance and hone in on vulnerable systems for future attacks. For cybercriminals, Xwo is a malware tool that increases the probability of future success in cyberattack endeavors, and likewise it dramatically increases the probability that your system will be a target for attack if Xwo detects vulnerabilities in your network.
The new threat defense model means to plan that your business will be a victim of an attack. Equip your business for the eventuality of it, and use the tools that will keep up with threats as they evolve.
Securing Your Network: Before the Attack
Here is a list of the safeguards you can have in place that will prepare your business and network from a cyber attack:
Training End Users: How to Identify Suspicious Network Activity
Are your end users trained to identify a spoofing email? Are they alert to suspicious browser behavior such as unintended redirects? If they come across something suspicious, do they know how to respond? Eric Dosal, writing for Compuquip, rightly identifies, “The single biggest cyber threat to any organization is that organization’s own employees.” Plan a training session to help your employees know how to avoid those tempting threats that look like friendly emails or fun online slideshows of the world’s top 15 vacation destinations.
Create Visibility and Expandability of the Network
Our firm is a Cisco Partner, so we are able to share the Cisco security solutions that we employ and what they are used to do.
Providing a secure internet gateway in the cloud, offering on- and off-network coverage is paramount to network protection. Being able to see what is going on in the network is the first step for having eyes on any bad actors that might be invading it.
Cisco Umbrella accomplishes this nicely, because it is delivered from the cloud and requires no additional appliances. It is the easiest way to protect all of your users. Furthermore, the setup required to protect your whole network takes only minutes, and you can try before you buy.
Cisco Meraki offers enterprise mobility management that will guard wireless devices connecting into the network, all endpoints, and security cameras. Meraki is the leader in cloud controlled WiFi, routing, and security.
For businesses that have on-prem networks, Cisco’s Web Security Appliance is able to guard the network as it interacts with the internet in similar fashion.
Having this level of network visibility, along with the firewall, antivirus and intrusion prevention solutions that should accompany a cloud security platform, will give your network a strong posture to deflect an attack. This might include:
- Cisco Next Generation Firewall (NGFW)
- Cisco’s Adaptive Security Appliance (ASA)
- Cisco Firepower Threat Defense – this is NGFW and ASA combined.
- Cisco’s AMP for Endpoints
IN PART 2:
Increasing the security of your Network Access, Penetration Testing, and being equipped with a Runbook and Incident Response Plan
Go to Part 2