GET IN TOUCH

How To Defend Against Cyber Attacks

ValeurBit Infosec > Blog > Valeurbit > How To Defend Against Cyber Attacks

How to protect an organization

1. Use effective technical means of protection:

  • Systems for centralized management of updates and patches for the software used. To properly prioritize update plans, you need to consider the current security threats.
  • Antivirus protection systems with built-in sandboxed environment for dynamic file scanning, capable of detecting and blocking malicious files in corporate email before they are opened by employees and other virus threats. The most effective will be the use of anti-virus software built on solutions from several manufacturers at the same time, capable of detecting the hidden presence of malicious programs and allowing to detect and block malicious activity in various data streams – in mail, network and web traffic, in file storages, on web portals. It is important that the chosen solution allows scanning files not only in real time, but also automatically analyzes previously scanned ones, this will allow identifying previously undetected threats when updating the signature databases.
  • SIEM solutions – for timely detection and effective response to information security incidents. This will allow timely detection of malicious activity, attempts to hack infrastructure, the presence of an attacker and take prompt measures to neutralize threats.
  • Automated tools for analyzing security and identifying vulnerabilities in software.
  • Web application firewalls are a preventive measure to protect web resources.
  • Systems of deep analysis of network traffic – to detect complex targeted attacks both in real time and in saved copies of traffic. The use of such a solution will allow not only to see previously unseen facts of hacking, but also to monitor network attacks in real time, including the launch of malware and hacking tools, exploitation of software vulnerabilities and attacks on a domain controller. This approach will significantly reduce the time of the intruder’s hidden presence in the infrastructure, and thereby minimize the risks of leakage of important data and disruption of business systems, and reduce possible financial losses from the presence of intruders.
  • Dedicated anti-DDoS services.

2. Protect your data:

  • do not store sensitive information in the open or in the public domain;
  • regularly create backups of systems and store them on dedicated servers separate from network segments of working systems;
  • minimize, as much as possible, the privileges of users and services;
  • use different accounts and passwords to access different resources;
  • use two-factor authentication where possible, such as protecting privileged accounts.

3. Avoid using simple passwords:

  • Apply a password policy with strict requirements for the minimum length and complexity of passwords;
  • limit the period of use of passwords (no more than 90 days);
  • change the default passwords to new ones that meet the strict password policy.

4. Monitor the security of systems:

  • update your software in a timely manner as patches are released;
  • check and raise employee information security awareness;
  • control the appearance of unsafe resources at the network perimeter; regularly conduct an inventory of the resources available for connection from the Internet; analyze the security of such resources and eliminate vulnerabilities in the software used; It is good practice to constantly monitor publications about new vulnerabilities: this allows you to quickly identify such vulnerabilities in the company’s resources and eliminate them in a timely manner;
  • Effectively filter traffic to minimize network service interfaces available to an external attacker; special attention should be paid to interfaces for remote management of servers and network equipment;
  • regularly conduct penetration testing to timely identify new vectors of attacks on the internal infrastructure and assess the effectiveness of the protection measures taken;
  • regularly conduct analysis of the security of web applications, including analysis of the source code, in order to identify and eliminate vulnerabilities that allow attacks, including those against application clients;
  • track the number of requests to resources per second, adjust the configuration of servers and network devices in such a way as to neutralize typical attack scenarios (for example, TCP and UDP floods or multiple database requests).

5. Take care of customer safety:

  • increase customer awareness of information security issues;
  • regularly remind clients about the rules of safe Internet use, explain the methods of attacks and methods of protection;
  • warn customers against entering credentials on suspicious web resources, and even more so from communicating such information to anyone by e-mail or during a telephone conversation;
  • explain to clients how to proceed in case of suspicion of fraud;
  • notify customers about information security events.

How can a vendor protect their products:

  • Apply all the same protective measures recommended for the organization’s security ;
  • implement security processes throughout the entire software development cycle;
  • conduct regular analysis of the security of software and web applications, including analysis of the source code;
  • use up-to-date versions of web servers and DBMS;
  • stop using libraries and frameworks with known vulnerabilities. 

How to protect an ordinary user

1. Don’t skimp on security:

  • use only licensed software;
  • use effective anti-virus protection on all devices;
  • update your software in a timely manner as patches are released.

2. Protect your data:

  • Store the most important files not only on your computer’s hard drive, but also on removable media, external hard drives or in the cloud storage;
  • for daily work in the OS, use an account without administrator privileges;
  • use two-factor authentication where possible, such as protecting your email.

3. Don’t use simple passwords:

  • use complex passwords consisting of insignificant combinations of letters, numbers and symbols, at least 8 characters long. To create and store passwords, you can use the password manager (a secure vault with functions for generating new passwords);
  • do not use the same password for different systems (for websites, e-mail, etc.);
  • change all passwords at least once every six months, or better, every two to three months.

4. Be vigilant:

  • check all attachments received by email with antivirus software;
  • be careful about sites with incorrect certificates and keep in mind that the data entered on them can be intercepted by intruders;
  • be extremely careful when entering credentials on sites and when working with online payments;
  • do not follow links to unfamiliar suspicious resources, especially when the browser warns of danger;
  • do not click on links from pop-ups, even if the advertised company or product is familiar to you;
  • do not download files from suspicious web resources or from other unknown sources.