We have seen in the last few months a wide range of attacks against large corporations where these resulted in leakage and exposure of sensitive data. Recently, data leaks from SKY, TIVIT e SICRED, STONE and MARRIOT have been reported.
If we put the attacks together in the recent past, why do companies still suffer from cyber attacks? What is missing for companies to be immune to these threats?
It really is hard to say because as an information security expert I have learned that no company is 100% safe.
Today the technological evolution is so fast that new devices, new software are launched at a level that is really difficult to keep up. Today we already use artificial intelligence to facilitate our daily lives. Machine Learning is now commonly used for faster information gathering and decision making.
If these technologies are to be used for good, they are also used for evil. There are reports that hackers use these mechanisms to perfect their attacks. But also security companies have been using this technology to protect against these attacks.
But even that is not enough. One of the biggest security holes found today is the human factor. But how so?
Social engineering: the weak link
One of the techniques most used by attackers is social engineering.
This mechanism aims to collect as much data as possible to be used as inputs to the success of the attack. This data can be collected on major social networks, for example. But how is this data used?
It is very common for people to post where they work and their positions. In addition, they leave daily information such as places where they go, mutual friends, symbolic dates, family names and surnames, among other information. This information is used by the hacker to generate attempts to access websites of companies they work for or companies they relate to and have access to their products. It is also common for users to use passwords with the data entered above, such as birthdays, theirs, family members, places they visited, pets, and so on. When we analyze leaked files that contain passwords, we notice this pattern. That’s when they don’t use easy-to-remember passwords like 123456 and others.
More than 23 million people still use the password 123456.
UK’s National Cyber Security Centre Report, via TechRepublic
The 5 most used passwords in the world, by number of users, are:
- 1) 123456 (23.2 million)
- 2) 123456789 (7.7 million)
- 3) qwerty (3.8 million)
- 4) password (3.6 million)
- 5) 111111 (3.1 million)
Statistics make it likely that on some of our systems they are being “protected” by one of these passwords. In this we come to a point. But what about the websites, systems, or other resources these people access, shouldn’t be safe? Without a doubt! However, as noted at the beginning of this article, technological evolution is so rapid that it is difficult to adapt. In addition, companies need to be aware that the model used to protect their environment used 2 years ago or more is obsolete.
Security on systems, sites, resources and applications
Firewall, Detectors and Intrusion Prevention or Antivirus are no longer adequate protection solutions as they are based on vulnerabilities that have been fixed for some time. It is true that these solutions have been updated, but they protect to some extent in the environment.
Today the attacks are aimed at the company’s applications in its database. These solutions only look at access but not their behavior. For example, a traditional firewall only releases or blocks access. But in releasing an access, it looks at its content, its code, its behavior. Unfortunately not. At most it alerts a known anomaly.
For that we need to go further. But, how to go further? What actions should I take to improve the security of my business?
DevSecOps, Continuous Testing, and AppSec Culture
First comes the changing culture of all users using information technology. Making her aware of actions such as using a stronger password that has no personal relationships, or paying attention to what type of file they are downloading.
This also includes the information technology team. The development team must have a safe development culture throughout its lifecycle, such as at DevSecOps, and perform constant testing to ensure code security, such as at Continuous Testing. Data administrators should always audit and protect not only database access, but also protect how this data is handled. Intrusion testing should be performed regularly, as, as reported in this article, the evolution and emergence of new threats is increasingly accelerated and new threats will always emerge at the same pace..
Servers must be customized to serve only the service that was proposed to it, and always up to date.
Edge security, detection and prevention devices, as well as antivirus devices must be constantly monitored, tested and updated.
It is also important to collect and store everything that occurs in the environment to take quicker action in case a threat attempts or breaks security barriers.
In addition to edge security solutions, as mentioned, companies should invest in:
- systems and data security, such as application firewall solutions
- real time code analysis solutions
- database auditing and control, not only protecting access but protecting how data is handled
Even so, these measures will not guarantee full protection against cyber attacks, but will greatly hinder the success of these attacks.
What did you think about the article? Write in the comments, like and share!
Article originally written by Luis Araújo and reviewed by the Yaman Marketing team.