It is war, if you like it or not, cybercriminals are after your data – and do not get this wrong, each type of data is interesting for cybercriminals, because in this age, data is knowledge, and people pay for knowledge.
I will now stop with bringing fear, because that is not something I want, I want you to understand why your company will get breached.
It all starts with the first 3 words of this post. It is war. Cybercriminals are arming themselves to their teeth’s. They literally have an arsenal of exploits and tools which allow them to perform successful cyberattacks, while your company or the company near you isn’t even aware of the fact that a war is waging. That is the first advantage that they have, and it is not weird.
A company has been setup to sell their key services or products, they have not been setup to defend themselves in war times, but day by day we are getting more aware that we can be targeted, and that is good.
Off topic but important; I have no military background, but I want you to understand.
Now let’s for the sake agree that we are at war. At war times, questions need to be answered. Try to answer these questions:
Do you have valuable data stored?
This can be personal information to customer records and intellectual property.
Do you have security policies which are implemented and used?
Using strong passwords and disabling USB access are just some examples.
Do you patch and update your software?
BIOS updates, Operating system patches and updated software will make it harder for the average cybercriminal to breach your company.
Do you train and inform your employees (cyber) security?
It is important to train the people that are around you. Being informed is already a step ahead.
Do you allow professionals to inform you so you can make well based decisions?
Knowledge is worth money, and being at war costs money. The advice you get will allow you to take proper steps in defending your stronghold.
I can continue with the questions, but it is more important that you start thinking about these questions and start asking yourself some questions about what is valuable in your environment.
Just to give you an idea, the chance is there that cybercriminals will breach your company in order to use it as an attack platform to target other companies. You decide how deep your cyber trenches have to be, but just make sure, that you have those trenches.
Here comes the next part. Encryption. Encryption is a must in this world. It helps the right people to communicate securely or to hold data securely, but on the other side it allows cybercriminals and hackers to use the same advantages. Deep pack inspection and decryption is possible but it is costly and time consuming, so as we can currently see, security solutions are starting to focus on patterns and behavior.
Getting weapons and ammunition to defend yourself. People start trying to sell you weapons (security solutions) and ammunition (security services). It is important to remember that you do not need all of those weapons and ammunitions, you only need the ones that will fit your campaign, and once you have purchased your weapon with ammunition – you will have to learn how to use it to the maximum. If you cannot learn it, hire people that can deal with weapons and ammunition.
Security solutions that are already implemented in your company can do a lot more if configured correctly. New solutions will improve your arsenal for future threats, because of course the cybercriminals are arming themselves daily to their teeth’s.
But let’s not forget the Trojan horse. The chance is there that you have already been compromised. In most cases the intruder will try to send out information to its team (infected machines) or command post (command and control server), so it is important to monitor your communication channels. Apply physical security and make sure that you monitor your network/file behavior.
My question to you; Can you leave one question you have asked yourself regarding to the security of your company
Note; you do not need to leave any information that can lead back to you. Think twice before you post your company name.