Three Steps to Ending Cyber Attacks Now
By Nicholas J. Percoco, Trustwave
Recently, National Security Agency Director Gen. Keith Alexander told Congress that he would be establishing teams for a new cyber command unit. Gen. Alexander said the DoD would use the cyber teams for offensive measures only. This is sure to be the start of a long and interesting hearings on Capitol Hill, but businesses do not, and should not, have to wait before they start to protect themselves from cyber criminals.
The threat to businesses has never been higher. According to Trustwave’s recently released 2013 Global Security Report, for the first time the retail industry is the number one target for cyber attacks, supplanting food and beverage, and hospitality (the primary targets in 2011 and 2010, respectively). As these criminal organizations are clearly gaining momentum and wreaking havoc on the U.S. financial infrastructure through the theft of credit card data, there is still plenty that businesses can do right now to protect themselves.
The Digital Forensics and Incident Response Team at Trustwave have developed three easy steps to help lessen the chance of falling victim to a cyber attack.
1. Prevent Infiltration
Change default passwords – NEVER EVER use the passwords that came with a device or service. Create a unique and complex password containing no less than seven characters, made up of letters, numbers and special characters.
During those times when your IT staff does not need to access your network remotely, have that feature disabled. It is like going to sleep at night while leaving your front door open and a stack of money in the foyer.
Ensure a firewall is in place and has proper incoming traffic filtering in place. Without this there is nothing in place to restrict access to your network, be it the good, the bad, or the ugly.
2. Prevent Propagation
Implement the principle of least privilege. Frequently, systems administrators assign a higher level of privilege than necessary to user IDs or system processes in the name of "getting the job done". If not closely monitored, these IDs and processes can be taken advantage of by attackers.
Have a properly configured intrusion detection/ prevention system (IDS/IPS) and/or antivirus/desktop firewall in place. When these two components are used in conjunction, they can significantly contribute to the overall defense strategy of an organization.
Disable unused accounts. Many organizations have accounts that belong to employees that are no longer with the company or no longer in the role for which the account was initially created. These accounts should be removed to prevent usage by an attacker.
3. Prevent Exfiltration
Implement a data loss prevention (DLP) solution. A DLP solution ensures that specific types of data (credit card information, social security numbers, etc.) do not leave the organization's network (either intentionally or by accident).
Ensure a firewall is in place and that it has proper outgoing traffic filtering in place. While most firewalls are configured to restrict incoming traffic, very few are configured to restrict outgoing traffic. These firewalls should be configured to ensure that only business critical traffic is able to leave the network.
Nicholas J. Percoco is senior VP at Trustwave (www.trustwave.com). He has more than 14 years of information security experience. In his role at Trustwave, he leads the team that has performed more than 500 computer incident response and forensic investigations globally, as well as thousands of penetration and application security tests for clients ranging from the largest companies in the world to nimble startups. Nicholas acts as the lead security adviser to many of Trustwave's premier clients by assisting them in making strategic decisions around various security compliance regimes.