How to shrink your digital threat footprint: 7 areas to watch
Here’s what you can do ahead of time to make your firm less attractive to would-be attackers.
You don’t need to be reminded just how dangerous the digital threat landscape is today. You see the headlines every day.
There’s plenty to worry about. Like the sophisticated incident that ensnared Asiaciti Trust, CIL Trust, and a slew of other international firms in 2021.
Or the possibility of a sudden ransomware attack like the one that affected JBS, the global meat processor. Or the risk of a long-undiscovered breach that affects millions of customers, like the slow-burning Yahoo data incidents.
Your organization could be vulnerable to any of these types of risks — or all of them. Here’s what you can do ahead of time to make your firm less attractive to would-be attackers.
1. Regularly Update and Patch Software
Outdated software is vulnerable software. The same goes for your operating system.
This is true even before a given version’s support cycle ends — the point at which that version is well and truly obsolete, and totally vulnerable to compromise.
The older the version, and the longer since it’s been updated, the more time there’s been for malicious actors to probe its defenses. That’s why cyber security experts recommend updating software and operating platforms as soon as a new version becomes available.
It’s important to apply patches in between these scheduled updates, if and when they’re necessary. Usually, software publishers issue patches after discovering a vulnerability but before an entirely new version are ready.
2. Use Captchas to Protect Vulnerable Accounts
Technically known as reCAPTCHAs, these tools help control access to sensitive backend environments by requiring the user to perform tests that — at least in theory — only a human can pass.
That might mean identifying a specific item in a set of grainy images or translating a phrase written in hard-to-decipher script.
Captchas aren’t perfect, but they make “brute force” bot-driven attacks less likely and thereby reduce system downtime.
In exchange for a mild annoyance to your users, you get assurances that your system is secure from automated attacks.
3. Use Strong, Unique Passwords at All Times
Never reuse passwords. Use unique combinations of letters, numbers, and special characters. Change your passwords frequently.
You know these guidelines well. But are you abiding by them across your entire enterprise?
It’s easier to ask your employees to practice good password hygiene than to mandate it, of course — but it’s a measure worth taking.
4. Whitelist Employee and Contractor IP Addresses and Block All Others From Sensitive Applications
IP whitelisting offers another layer of protection both from brute-force attacks and from a potential insider or favored-user threats.
It’s recommended in the wake of incidents like those that affected Asiaciti Trust and Il Shin, but you needn’t wait for a compromise to take this step. Whitelisting is as easy as changing a network setting.
5. Monitor Your Entire Network
It’s not enough to monitor the usual ports for signs that your network has been compromised.
Due to the significant risk of an insider attack — and the difficulty of recognizing it early on — you need to be watching areas of your network that you typically treat as secure.
You’re looking for unusual patterns of activity, like logins in the middle of the night or rank-and-file users performing tasks that shouldn’t be allowed by their permissions.
Treat these activities as suspicious until proven otherwise.
6. Right-Size Your User Permissions
Addressing the insider threat requires more than responsive network monitoring. It demands a “trust but verify” approach to permissions.
Individual members of your team should obviously have all the tools they need to do their jobs. But they shouldn’t have “extra” permissions — ones they don’t need regularly but “might” need in the future.
When a rank-and-file user needs to perform a particular, higher-permission task, you can cross that bridge. Not before.
7. Monitor the Dark Web (And Regular Web) for Nonpublic Data
If your organization is compromised, you won’t see evidence of it on “respectable” websites.
You might not learn of it at all unless you’re monitoring the dark web — unindexed parts of the Internet where people buy stolen credentials (and other unsavory things too).
To monitor the dark web, you need to run regular dark web scans using special software. It’s best to leave this in the hands of a capable IT security professional, whether that’s a third-party contractor or an internal team member.
Your Digital Threat Footprint Won’t Shrink Itself
It’s true — your digital threat footprint doesn’t care how big it is or what’s being done to manage it. It’s an artifact of your preparedness to face the everyday risks of doing business in a connected world.
Good thing it’s always possible to enhance that preparedness.
You can’t prevent every data incident, but you can shore up your firm’s defenses and increase the chances that an attacker or thief bypasses you in favor of a less well-protected enterprise, as firms like Asiaciti Trust and JBS learned the hard way.
It’s worth making the effort. The alternative isn’t pretty.