123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

7 Practices That Make Your Organization Vulnerable To Cyber Attacks

Profile Picture
By Author: Limeproxies
Total Articles: 4
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

When an attacker penetrates an organization’s computer network and lays hold of institutional or personal data, the effects can be devastating. A company is likely to lose any of the following in the wake of a breach: reputation, time spent dealing with the breach, financial loss from lost business and critical data that may impact operations.

Picture1

While protecting your organization’s data and networks may seem like intractable problems, strong cyber policy discipline can lower your data risk. To begin with, we drew on research by SANS, and recent events in the information security world, to bring you 7 important mistakes that make your organization vulnerable to cyber attacks. If you are able to avoid these, you will cut down on incidents of cyber attacks and operate more safely.

Practice 1: Prioritizing Ease Of Use Over Security In Server Access
Your data resides on your servers. For an attacker to access this data, they will typically route traffic through a web-based network. The attacker communicates with your servers and hosted services through common web protocols such as HTTP, SSH, ...
... and FTP.

When setting up your server access controls, you want to err on the side of making access too difficult for legitimate employees who have to have remote access rather than making it easy. Setting up a database port, for instance, with an open port that can be accessed publicly by all IP addresses, represents a serious security vulnerability that a hacker can use to attack your servers.

An example of this is the VeriSign computer network breach of 2010. Hackers were able to penetrate VeriSign’s servers and gain control over some of the company’s computer network. VeriSign is an authority in issuing SSL certificates that allow users to log in on servers across the internet. The fact that this breach happened to their servers meant that the effects were potentially very costly.

VeriSign handled the news of the breach in a way that made the situation potentially worse. They were hesitant to release information about the hack, thus depriving customers of critical security information that might have helped customers protect themselves.

Practice 2: Giving End Users Local Admin Rights on Their Workstations
If your organization gives admin rights to end users on their workstations, you are taking on a huge security risk. Admin rights allow a user to install software, which may expose your entire network to malware. By having so many admin users on your network, you have just increased the attack surface area available to an attacker. An attacker needs to gain access to just one of those admin accounts and your entire network could be at risk.

Picture2

The Stuxnet worm that attacked and crippled parts of Iran’s nuclear enrichment program is an example of a malware of this sort. As Wired explains in an analysis of Stuxnet, the malware was designed to spread from infected USB drives.

In effect, when you allow local users admin rights when such a malware enters the environment, it’s able to take admin action across the network. The result is that an attack that could have been limited to just one computer can quickly spread and take over your computer your network.

Practice 3: Using Shared Images to Create Environments, Where the Admin User has the Same Password
A common practice among I.T. departments is to create each user’s computer environment from a shared digital machine image. The problem here is that your admin user on all those instances of this environment will now typically have the same admin user and password. This effectively means that if a hacker can crack one admin password, they have access to all those other machines. They can then break in and steal all kinds of valuable data from the workstations.

An example is the Adobe data breach that occurred in October 2013. The cyber attack exposed user IDs and passwords for around 38 million users. Data of up to 150 million users was also exposed, making this a particularly severe cyber attack.

Practice 4: Allowing Web-based Personal Email Services Which Are Susceptible To Phishing Attacks
Picture3

A phishing attack occurs when an attacker routes a user to a website that poses as another website, typically, a big, popular website. These are websites like social media networks or personal email services like Gmail or Hotmail. In the process, the attacker has in place a mechanism to capture data that the user enters into the fake website. This can be usernames, passwords or other personally identifiable information.

In 2011, RSA suffered a phishing attack on some of its employees, which ended up stealing up to an estimated 40 million employee records, with potential impacts on RSA’s customers.

Practice 5: Being Slow To Apply Patches And Running Outdated Versions Of Software
Popular software like Microsoft Windows, Android and others are the targets of frequent exploits by hackers. As a result, the makers of the software regularly release patches to close off vulnerabilities as soon as they are made aware of them. In April 2017, for instance, the iOS and Android operating systems were discovered to be vulnerable to the “Chrysaor” exploit, which allowed hackers to spy on a user’s activities. Once a patch is made by the software vendors, you need to apply them quickly.

When your organization is slow to apply the security patches, you leave your data and networks vulnerable to cyber attack by hackers who actively study these vulnerabilities.

Practice 6: Using Permissive BYOD Policies
BYOD policies have gained popularity over the last several years. These policies have proven to boost employee morale and create digital working environments that allow employees to access data and work from personal devices. As mobile computing, in particular, has spread, BYOD seemed to be an inevitable switch since employees got used to having access to data from anywhere.

Picture4

The problem is that attackers can take over workers’ personal devices fairly easily since most users are unable to implement the strictest personal security practices.

In 2014, for instance, it was revealed that hackers had used Aviva’s BYOD practices to gain access to employees’ Apple devices. From there, the hackers used a vulnerability in the Apple software for iOS and were able to wipe all employees’ data as well as take down the health insurance company’s server.

Practice 7: Neglecting Or Infrequent Penetration Tests And Red-Team Exercises
Though your company can take action to address a cyber attack when you become aware of it, this is often the weakest way to address potential attacks. You need an active defense plan with regular penetrations tests and Red Team exercises. Red Team exercises simulate attacks on your system and actively play out how you would defend against actual attacks. In the process, you find and fix any attack vulnerabilities.

Nintendo, for example, has started a bug bounty program where they actively work with fans and hackers to discover vulnerabilities in their products. This active vigilance will help a company find and fix vulnerabilities before they are lethal.

If your organization has not held a Red Team exercise in more than 6 months, chances are, you are too lax in your security preparation.

Addressing Points Of Vulnerability
Picture5

Keeping your organization safe from data theft or breaches is an important part of your organization’s survival in the digital world. These 7 practices above are beginning points for security review and action. If you are doing any of the above, you will want to quickly address them because you are most likely leaving your organization vulnerable to cyber attacks.

Total Views: 691Word Count: 1229See All articles From Author

Add Comment

Computers Articles

1. Rental Management Software: A Complete Solution For Car, Property, And Coworking Space
Author: RentAAA

2. The Ai Revolution: What’s Coming In 2025
Author: Ben Gross

3. The Rising And Falling Trends Of Graphic Card Prices In 2024
Author: Alahdeen

4. What Is Test-driven Development And Which Three Rules Does It Follow?
Author: Byteahead

5. What Is Web Application Architecture?
Author: goodcoders

6. Understanding How Wifi Works: The Wireless Connection Process Explained
Author: Kr

7. What’s Coming In Cybersecurity For 2025?
Author: Ben Gross

8. Hire Magento Expert In India
Author: Yuvraj Raulji

9. Discovering Everything About C15 Power Cables
Author: Jennifer Truong

10. Want To Get Long-distance Power? Time To Grab Extension Power Cords
Author: Jennifer Truong

11. Best Android Development Tools To Use
Author: Best Android Development Tools To Use

12. Choosing The Right Kansas City Web Design Partner For Your Business Success
Author: naviworld1h

13. The Importance Of Choosing The Right Kansas City Ecommerce Developer And Logo Design Expert
Author: naviworld1h

14. Top Mobile App Companies And Developers In Kansas City
Author: naviworld1h

15. Boost Your Business With A Leading Web Design Company In Kansas City
Author: naviworld1h

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: