The threat landscape gets progressively worse by the day. Cross-site scripting, SQL injection, exploits of sensitive data, phishing and denial of service (DDoS) attacks are far too common. More and more sophisticated attacks are being spotted, and security teams are scrambling to keep up. Faced with many new types of issues, including advanced phishing attacks that are all too successful, and ransomware attacks that many seem helpless to prevent, endpoint security strategies are evolving rapidly.
How are the bad actors able to wreak havoc on enterprises and cause sensitive data loss and exposure? The answer is through a variety of cybersecurity vulnerabilities in processes, technical controls and user behaviors that allow the bad actors to perform malicious actions. Many different vulnerabilities exist, including code flaws in operating systems and applications, systems and services misconfiguration, poor or immature processes and technology implementations, and end user susceptibility to attack.
Some of the most common attacks that resulted in data breaches and outages included phishing, the use of stolen credentials, advanced malware, ransomware and privilege abuse, as well as backdoors and command and control channels on the network set up to allow continued access to and control over compromised assets.
The Goliath Cyber Advisory team is here to help lead your teams and business in reaching Cyber Resilience helping implement more effective technology, process and control within your organization.
We are ready to be your True Cyber Partner, let’s get started…….
- Poor endpoint security defenses
Invest in modern endpoint detection and response tools & services that incorporate next-generation antivirus, behavioral analysis and actual response capabilities.
- Poor data backup and recovery
Organizations need a multi-pronged backup and recovery strategy. This should include data center storage snapshots and replication, database storage, tape or disk backups, and end user storage (often cloud-based).
- Poor network segmentation and monitoring
Focus on controlling network access among systems within subnets, and building better detection and alerting strategies for lateral movement between systems that have no business communicating with one another. Focusing on odd DNS lookups, system-to-system communication with no apparent use, and odd behavioral trends in network traffic.
- Weak authentication and credential management
Implementing stringent password controls and use multifactor authentication for accessing data or sites.
- Poor security awareness
Organizations need to conduct regular training exercises, including phishing tests, pretexting and additional social engineering as needed. The training needs to be contextual and relevant to employees job functions whenever possible. Track users’ success or failure rates on testing, as well as “live fire” tests with phishing emails and other tactics. For users who don’t improve, look at remediation measures appropriate for your organization.