According to Security magazine, 2017 marked another record year for cyber breaches and cyber incidents around the world.
The leak of NSA tools sparked a rash of many zero-day exploits for cybercriminals as discussed in this article from Wired.com. Wanna-Cry, Eternal Blue, Adobe Struts and NotPetya are a few of the weaponized exploits that came from those leaks. Wanna-Cry hit an estimated 300,000 computers in over 150 countries. To review, let’s take a look at the following 2017 incident highlights:
The good news is that over 90% could be prevented with the proper preparation and diligence. Businesses can protect their clients and assets from a breach, by following a few basic security measures.
- Risk Assessment – Know your internal systems, external systems and cloud base assets as well what risk each asset has for your business.
- Patching / Vulnerability Reports – Know what vulnerabilities your assets have and patch them on a regular basis. Have a process for scanning and remediating findings.
- Misconfigurations – Risk assessments and vulnerability scanning can help find and fix this issue.
- Data Confidentiality – Ensure data encryption management is properly followed and only those that need access, have access.
- Unsupported / End-Of-Life Devices – Have a plan of action on these devices. (i.e.) replacement or extended service agreements.
- Employee Training – Social engineering and employee accidental disclosure is the easiest way to compromise a business.
- Email- Have a solution to block malicious emails.
- Two-factor authentication on all public accessible assets and email