Cybercrime – Are You Prepared For It?

Like everything else, technology has gotten its ugly face, which can no longer be ignored. With every patch released for a particular weakness, followed by the next exploit at the next minute, you can never be sure that your systems, your processes, your business and ultimately the economy are in safe hands. How good would it be if technology alone could help us to confidently secure it completely? Unfortunately, that is not the case.

With a healthy rise in internal employee fraud, gone are the days when only firewall or IDS or other security devices could protect our networks and systems. According to the 2010 Cyber ​​Security Watch survey, insiders were rated as the second biggest threat to hackers and also the worst, as they are mostly silent and thus hard to detect. Even a large list of policies, procedures and safe practices does not come about because of a small mistake, intentional or unintentional, by an employee. Putting money every time does not solve the problem. You can invest millions in building thousands of security checks, but a less inexpensive measure, if not taken, can cost you a fortune. According to the study report, the most frequently neglected simple measures are listed below:

1. Patch Management: With ever-growing business needs, the number of software and applications that satisfy them with a single constant that manages their complexity increases – the number of patches available. Each software vendor continuously releases a large number of patches. The big problem in many organizations is that the need for a patch is realized only before the business is affected. The strategy adopted is often reactive and not proactive. The requirement for a particular patch is sometimes realized six months after the patch is released.

The other problem is unmanaged changes. Patches, if not validated, approved and tested in a disciplined way, may cause other business functions or controls to fail or malfunction. The challenges of patch management are influenced by complex factors such as volume and complexity of patches, deployment rate, impact on business, events driving the need, and environmental change.

Therefore, an ongoing proactive process should be followed to identify the available patches, determine the organization’s needs, validate, test, implement and continuously monitor compliance patches.

2. Log analysis: Incorrect log analysis is a reason why many unauthorized and suspicious activities are not detected. Logs are often analyzed only to comply with regulatory and legal requirements. While focusing on compliance, an abnormal event is sometimes ignored. Organizations must establish rules to conduct continuous analysis of daily logs to detect, alert and act upon any suspicious activity found. When you do this, business-critical assets and the activities performed on them / by those to be monitored must be identified first. A baseline for security configuration settings should also be developed for each device / device type in an organization, and any violation of these settings should be warned. All networks, systems, and critical server logs must be closely monitored to understand the implementation and health of security controls within the organization and their compliance with organizational policies and procedures.

3. Restrictions on Privileges: Unmanaged user roles and privileges look like open doors in a treasury that can be escalated to gain control of critical systems within an organization. User roles and the privileges assigned to them, if not regularly administered and reviewed, can lead to attacks on privileges. Internet-facing services are riskier and therefore need foolproof protection against escalation of privileges. There may be few services like SSH used in the organization that require complete security throughout their life cycle. All such critical services and business critical applications must be identified. A list of different users requiring access to these services or applications must be compiled and privileges should be granted subject to their roles or “Principles of Least Privilege”. Such lists must be approved, approved and regularly reviewed.

4. Password expiration: Despite thousands of things said, written, spoken and published about password security, needless to say, the lack of awareness still persists. Password policies from different organizations have many aspects in common such as number of characters, password history, type of characters, etc. However, the expiration period often varies in different organizations from 30 days, 45 days, 60 days or 90 days. Password expiration is always recommended to be set depending on the value of the data to be protected. Some even suggest that they never expire passwords, rather than make them weaker by users adopting unsafe practices to select new passwords and remember them. Too short password expiration periods can cause inconvenience to users, leading to an increase in the number of password reset help desk calls. On the other hand, too long periods have their own disadvantages of password compromise due to user negligence or other reasons.

There is no default definition for password aging periods. The organization should set the expiration periods by striking a balance between data protection, password security and ease of use.

5. Termination of former employees: As of late, the access control cases broken by dismissed employees are constantly increasing. Discontented employees who take revenge by erasing all of the company’s data or by hacking their own company’s systems or by leaking the company’s confidential information are often heard. Despite numerous security controls, improper removal of access rights for employees who have been transferred, terminated or resigned can lead to a huge loss to business. The amount and severity of loss depends on the position, roles and responsibilities of the employee and the privileges assigned to him / her. Organizations must follow a well-defined closing procedure with a separate checklist for removing access rights from various systems to the IT department. Such removal should not be postponed for any reason and should have the highest priority upon termination of employee.

The list of access rights on all systems and applications must be prepared, updated and constantly reviewed.

These minor measures, if not overlooked, can save big losses on a company’s business and can be of great help if implemented proactively.