If it is connected, it must be protected. Because if you don’t, cybercriminals will find it, probe open services, and ultimately exploit those services. Threat actors will do anything to compromise your network. October is cybersecurity awareness month, but this doesn’t mean it’s the only time you need to take things into account, consideration, and action. It is important to be cyber aware all year around. In this article, we aim to guide your cybersecurity efforts to focus on the most critical measures you need to improve and prepare your organization for a cyberattack.
Let’s look at things a little deeper than the basics SpearTip has continued to cover throughout this month. Some of these recommendations include:
- Collect more information from your network
- Utilize multi-factor authentication everywhere
- Go above antivirus detection
- Keep software up to date
- Offline backups
Preparation before an event occurs is critical to being successful. It is importance to collect data aka logging before an attack occurs to quickly and immediately triage events. When an organization has the ability to collect data log files, it sits at a better place than not having the data you need in an incident. A tool such as ShadowSpear®’s Identify capability provides an organization the information needed for when an environment is under an attack. The tool will alert an intrusion and clarify which machine the threat actors entered in from. Engineers and analysts are able to immediately respond and react to the attack appropriately. If an organization doesn’t have a tool like SpearTip’s ShadowLog, when an incident occurs, engineers will need to go in manually to image all machines to successfully restore the network.
No cybersecurity article written in 2020 is truly complete without at least one tie to multi-factor authentication. Utilizing multi-factor authentication is crucial for organizations. Multi-factor authentication is further defined as a multi-step process for access into any account preventing threat actors from compromising and stealing your data. After entering a password, you are prompted to enter in a one-time code sent to you via text message, a time-sensitive code on an authenticator application, or an email. These steps allow you to verify it is genuinely you requesting access to the particular account. Multi-factor authentication is the first step to a more secure network.
Speaking of a more secure network, an enterprise detection and response (EDR) tool in place over just an antivirus solution will put your network on a pedestal. Check to make sure the EDR tool chosen is able to immediately equip your network with next-gen antivirus capabilities, creating instant value by preventing advanced malware and exploitation techniques on deployment. The EDR tool should be able to provide protection against advanced threats including authorized remote access and ransomware. Lastly, it is crucial to have more than an antivirus to ensure malware isn’t able to gain a foothold in the environment threat actors are routinely exploiting hashes and other antivirus product capabilities as well as just uninstalling antivirus on machines prior to running ransomware.
Just like an EDR tool is another piece to the cybersecurity puzzle, so are software updates. If software isn’t up to date and employees are using outdated versions, vulnerabilities may occur. Therefore, it is an easy way for threat actors to gain access into your environment. If you push these software updates at night for your organization, great. If you don’t have a plan for it, make one and help your organization realize how important this is for everyone.
Finally, although backups should never be a primary defense, they must be utilized and more importantly tested to ensure when you need them, they are ready. Another great tip to stay ahead of bad actors is keeping backups offline and not accessible to the public, which will keep threat actors from attacking your network. When backups are left online and open through RDP (remote desktop protocol), threat actors have the ability to enter and access your entire network. And, if your organization doesn’t have backups, now is the time to create this process to improve your security posture.
Do your part and be cyber smart. SpearTip is on watch for its partners 24/7/365. SpearTip is constantly watching for new malware and manipulative programs. Our Security Operations Center (SOC) is fully staffed with cybersecurity professionals to monitor and protect your environment. Not only are our cybersecurity teammates continuously preventing cyberattacks, but they’re also able to deploy our proprietary tool, ShadowSpear® in an environment before or after an attack.