Cyberattack Best Practices
Across the U.S. and around the globe, mitigating risks around ransomware and malicious attack has become increasingly urgent. The rise of people working from home has brought with it a growing threat of cyberattack that is very real. In October 2020, the U.S. experienced an upsurge in ransomware attacks against hospitals, leading the FBI to issue a warning of increased hacking activity.
Yet despite these threats, the greatest security risk is not external, but lies with internal end users who can grant access to sensitive data to outside parties. Through ordinary, everyday actions, end users can easily put themselves and their companies at risk of malicious threats and attacks.
This makes for a harrowing outlook when combating these threats, but the good news is that companies can significantly reduce risk by taking a few simple actions. One of the biggest steps a company can take is turning to the cloud to manage their security and keep their IT environment up to date.
Common cyberattack risks
Security begins with maintaining a secure IT environment – neglecting to do so only opens up your chances of data breach and theft.
An IT environment should be frequently assessed and monitored for vulnerable areas, with these areas patched accordingly to address any gaps. These assessments can help companies stay aware of threats to their current system and remediate them as needed. Assessments can be performed monthly, weekly or hourly, depending on your IT environment’s needs. Make sure to keep software and applications up to date and be mindful of how integrated these technologies are in your system, monitoring other software dependencies that can become compromised as well.
Additionally, end users of your IT systems must be trained on best practices and protocols for operating within your company’s IT environment. A significant factor of data breach is social engineering, or the manipulation of people into performing actions or divulging sensitive information. End users must be trained to think critically about requests they receive for sensitive data. They must be aware that the very nature of being an internal employee of a company, with access to data and information that an external bad actor may want, puts them at risk for malicious attack. End users must understand that it’s important to adhere to security protocols because malicious threats can happen to them.
Exfiltration, lateral movement and phishing
There are three major components to data theft in compromised systems: exfiltration awareness, lateral movement and phishing.
Exfiltration is the movement of data from inside a secure system to some other unknown party. An attacker gets inside the walls of your IT system to access data and move it out to their own storage to parse through and use as they wish. For small IT teams, exfiltration monitoring is a very complicated endeavor, and it involves awareness that such actions are a threat to your system. There are tools, like Nessus and Snort, that can track data movement and send an alert when it identifies anomalous activity, which is powerful and effective for maintaining secure environments.
Lateral movement is when a bad actor comes in with a set of credentials and exploits a flaw in your security to elevate those credentials. Using the now-elevated credential set, they can move around as they wish. Cloud environments like Azure, AWS and Google Cloud offer monitoring that sends out alerts when lateral movement occurs between accounts. This activity is not unusual for IT administrators or DevOps staff to perform, but is uncommon for anyone outside of your IT department.
Finally, phishing attacks try to get end users to divulge information, open a file, or go to a website that isn’t safe, in an attempt to obtain sensitive information. Modern email systems like Office 365 and Google Mail have extraordinarily advanced detection of phishing attacks. Moving to a cloud-based mail solution provides the benefit of extremely advanced protection and notification against these attacks. Otherwise, there are limited controls when running these tools on in-house servers and datacenters.
How cloud-based file systems help
One of the big changes in threat modeling that’s occurred in the last decade is how we access data. It used to be that documents were sent back and forth between users. With cloud computing, users are now sent to the document, where it remains in cloud-backed storage.
Moving users to the document or file, instead of vice versa, significantly reduces the risk of attack. The document never traverses the internet, eliminating the opportunity for a man-in-the-middle attack, or when a bad actor secretly relays and possibly alters the communications between two parties.
In addition, using a cloud file system, such as a SharePoint-backed file system, allows IT teams to rollback changes with corrupted files. For instance, if a cloud-based document or file is attacked by ransomware and then is locked and encrypted, you can simply go back to the previous version of the file. This is a capability in Microsoft file servers. To work, it must be enabled, turned on and managed. But by leveraging these features, the encrypted file is now gone and users can go back to the previous version. Some work may be lost, but the threat will have been remediated.
How to securely migrate data
On the surface, it may seem that data in transit is essentially at risk. However, moving to the cloud creates a pathway to safely move data from older technologies into cloud environments that are more protected than self-managed data centers. Public cloud companies like Microsoft, Amazon and Google are able to identify and remediate security threats in a fraction of the time that the average company requires.
To maintain security while migrating to the cloud, all data being moved should be encrypted and never stored. This keeps the data hidden and inaccessible to unauthorized users. Additionally, compliance regulations must be followed for companies with extremely sensitive data, such as organizations in the sectors of health care, education or government. Maintaining data sovereignty is also important, when necessary, to ensure data that must stay local remains in-region or in-country.
Cyberthreats continue to become more sophisticated. The bad actors these days are no longer lone individuals operating in a cyber café trying to steal your identity; they’re now multinational organizations that are structured very much like a private company. Maintaining security protection against such threats requires constant monitoring to avoid breaches, theft and malicious attack.
The good news is that the tools to combat these malicious threats are also more sophisticated and continue to evolve. By staying vigilant and updated with their technology and security protocols, businesses can position themselves to remain secure, protected and impervious to attack.
By Rusty Chapin
Rusty Chapin is the manager of DevOps at BitTitan, where he leads a team of engineers to deliver first-class cloud solutions to MSPs and IT professionals. His areas of expertise include database development, SQL server clustering, large-scale SQL server deployment, datacenter operations, IT management and executive mentoring, monitoring system design, and process analysis.