Most people think that installing ‘security’ software helps them to improve security but is that really true? How often do you hear in the media that there is another data breach related to a hack of a small group?

Hacked-1-1200x1200

IT Security is not achievable by using specific Apps

Lot’s of people thinking that installing Anti-Virus programs or other specificApps are enough to take out the bad boys but I guess we learned that those can more or less easily bypassed, the most known example for this id Ransomware which wasn’t detected when everything started by any known AV product - it was by the nature about how the attack works. Especially home user believe in their protected bubble and it’s maybe true that it might help to lower the attack scenario but it doesn’t solve anything. The same applies to anything in the IT Security business because you simply can’t restrict everything and then expect to work like you would on a normal PC/OS.

MacOS and the 'unhackable' myth

Running a Mac because it’s possible more secure? Oh boy, better start thinking again.  For many years people said Macs couldn’t be hacked and it’s not wrong that MacOS is by default a bit more secure because Apple does a good job - but at the same time there also doing things wrong. There were many reasons they gave to support this position, however in reality more malicious code was being written for Windows based systems because Microsoft is market leader when it comes to the operating system business.  Hackers didn’t want to waste time writing code that would fizzle out as soon as it spread to a couple machines since there weren’t enough Mac machines around to propagate it. As of today MacOS has gained more market share and there are more vulnerabilities than ever in the Mac world but it’s still not comparable with Windows.

Hacking has become monetized

The times are over to just hack ‘for the good’ it’s more profitable to get money from the hacking then just doing it for the 10 minutes of fame. Criminals around the world have figured out that hacking can reap huge profits, as mentioned Ransomware is one big example. This is where malicious code gets on your machine and encrypts all your files, then asks you to pay money to have them unencrypted. This means for a home user with let’s say 10 years of family photos or a bank with information vital to their operation, this can be a compelling fix to the problem and many of the victims pay in order to get their data back. The well known Kapersky Labs reported over 130k ransomware infections in 2014. Back in 2015, the number was already over 330k. And these are only the infections that affected one AV vendor and it’s only getting more worse. Because of the fact that big money is involved, the bad guys are staying one step ahead of the anti-virus companies.

Outsourced crime

Computer knowledge is no longer necessary for criminals to hack - hackers just have to outsource the crime to another organization that will do it for them or you only have to pay money in order to get some kits in the deep web (darknet).

You can't foresee and prevent all threats

The AV industries wants to make us believe that they can predict and secure us against all upcoming threats, this is not even possible with AI. Imagine someone with resources and money build something, how does an AI should know that, based on past events? And what does it say about the future, simply nothing.

Social Engineering

The biggest threat very often does not come from outside but is created by employee, but not out of intent of the employee remember that a chain is always as strong as it’s weakest link. Lot’s of criminals like eg. scammers often using social engineering to receive access to sensitive information from inside an organization. In our case criminals pretend to be technical staff that will repair faulty hardware o trying to fix something on your PC and therefore are in need of the password of the employee.

Even fake mails from the management are a popular way, designed to obtain the path to a secured network. Simply don’t give away high class security information like this and don’t open every eMail attachment.

What can you do?

  1. Get multiple layers of protection - See if you can harden all installed software and review all possibilities which the OS have to offer you. Most programs and OS are set so that everyone can use it which not represents what you might want to archive.
  2. Hire an IT expert which can take a look at your environment, small business is the most vulnerable because they typically have the worst IT and limited funds to invest in the enterprise tools.
  3. Think comprehensively which means you need to find ways to protect all machines, not only 9 out of 10 because one machine is enough to spread it trough your entire network.
  4. Educate your people - not only once, all the time! Based on the threats you should do at least monthly a meeting to build strategies to avoid getting infected.
  5. Backup and restore your data. Even in 2018 you should consider doing it on a daily basis so that you won't run into a scenario to not recover you data in case something really bad happened.
  6. Using a firewall is a must! Checking outgoing and ingoing packages is really a must especially in a business environment. Ensure that eg malware can't preload the malware by checking the outgoing connections in this case is a beginning.
  7. Always be up to date - You don't like Windows 10? Woo cares use it anyway because Windows 7 is less secure due it's missing security layers which are added in more recent Windows versions. Microsoft finally realize that and provides us with more security related updates and features to prevent us against several attack vectors.
  8. Security is not what you can get by installing something - Remember that this part is really the most import one, you can't just hardening the OS or your programs and think you're secure and lean back and do nothing, this is wrong - just keep yourself up to date and stay informed.

Can a IT-network be safe at all?

Theoretically yes if you regular maintain it, which means that you constantly monitor all the mentioned factors and when all possible safety regulations are maintained and companies are aware of the possible risks they should theoretically have no security problems. However, this is the theory but in th real world a residual risk always remains because people aren’t perfect and no one can predict what is coming in the future.

https://youtu.be/CGd_M_CpeDI

Conclusion

Security is often more perception than reality. New and more aggressive attacks showing us that the current mechanism to protect us against it are weak and this is not really a surprise because most of the implemented mechanism are already outdated.

One major point is that the well known problems still can be abused because people are not trained enough which means that there is still a lack of information how to protect you employees against simply things like infected eMail attachment or social engineering.

If you see or know something don’t close you eyes and try to share it with everyone in order to get attention on the security problem. Take often a look on your network in order to find possible problems.