5 Ways Hackers Can Breach Your Company Undetected
Security breaches are, quite unfortunately, a common presence in corporate environments. Even companies making effective use of the most recent security solutions such as next generation firewalls, advanced threat protection and security incident and event management (SIEM) systems are not an exception. There are several ways you may be breached and not know about it.
Here are some practical examples and the best methods to deal with them.
- Unknown Software & Hardware Vulnerabilities
It is quite simple, most vulnerabilities can remain unknown for months or even years before being made public and patched. That was the case with the Meltdown and Spectre attacks, a pack of vulnerabilities in CPU hardware, discovered by Google researchers in June of last year and released to the general public in January 2018. Meltdown and Spectre made it possible for attackers to read the memory content of compromised computers, including passwords and sensitive data stored on the system.
The fact is, this vulnerability affected most CPU hardware from the last 10 years, and even though there is no confirmed case of exploitations in the wild so far, this does not mean cybercriminals and even government agencies could not have been taking advantage of it for the last decade.
Unfortunately, there is no way of dealing with an unknown security flaw other than following basic advice: maintain systems updated with latest security patches and keep an eye on the latest news regarding new vulnerabilities.
- Intentional or Unintentional Insider Threats
Insiders should never be regarded as a secondary threat when compared with other incident sources, such as cybercriminals. For instance, when not properly trained, employees can be prone to accidental errors such as sending an email message to the wrong recipient, sharing sensitive information in a public place, like a social network, or falling victim to an attack such as social engineering or phishing. All of those could go unnoticed for a long period of time.
It is also important to consider that there are insiders that would willingly commit a violation or even a crime. For example, an employee intending to leave the company could try to copy confidential files to a USB drive, even if it goes against the security policy.
A mix of endpoint protection solutions (e.g., antivirus, USB control) and technologies such as a Data Leak Protection (DLP) system, complemented by a SIEM and an experienced incident response team, is a great option in this situation. Aside from that, an excellent approach to reduce insider risk is creating a security awareness program for educating employees on basic security principles and policies adopted by the company.
- Third-Party Security Vulnerabilities
Third parties are someone you must entrust with corporate data, like a business partner, a Cloud service provider or even an individual consultant. Should a data leak occur when your data is in the possession of a third party, chances are you will not know.
For third-party personnel working within the company boundaries, aside from the previously mentioned security controls, consider having special rules for outsiders, such as limiting connections to a specific network segment with limited access (or even better: no access whatsoever) to corporate servers and endpoints. Physical controls should also be applied, including limiting access to restricted areas, the use of identification badges and inspecting backpacks and briefcases if necessary.
For cases where the data is stored or handled outside the company, there are several options for dealing with the third-party security risks, including having explicit security terms on contract, such as making a leak notice mandatory once it is detected, enforcing requirements such as encryption and data leak prevention, asking for an incident response team and retaining the right to audit the third-party infrastructure.
- Rouge Encryption & Unintended Consequences of Encryption
Encryption is probably one of the best security controls, as it allows sensitive data to be securely transmitted over unsecure networks. The problem is, it also works the other way around! As most Internet services such as browsing, instant messengers, email and Cloud storage already enforce strong encryption, it may be hard to control when sensitive data is leaving the company. Even worse, encryption is also widely adopted by malware for communicating with command and control servers.
To read the original article: