How to avoid serious network security incidents?

Technological development has increased cybersecurity risks. From the sharp increase in the number of online frauds to the increasing number of human error issues, critical and sensitive information of enterprises is under greater threat. What’s more, some serious cybersecurity risks will also spread life safety of personnel.

Although absolute security protection does not exist, enterprise organizations must make every effort to avoid serious security incidents that may affect the survival and development of enterprises. With the active support of national policies and regulations, more and more enterprises are constantly improving their security awareness, but there are still some deficiencies in responding to some large emergencies. This article summarizes the major network security incidents that some enterprise organizations may face, and gives corresponding protection policies, hoping to provide more targeted security protection experience and knowledge for enterprise organizations in case of emergencies.

01. Continuously strengthen security control

In order to solve the problems of cloud leakage and system exposure caused by configuration problems, enterprises must first increase their attention to configuration accidents and configuration problems.

Configuration incidents are varied, some are genuine errors or oversights (two-factor authentication is not required to access sensitive resources), some are systems that lack adequate protection against social engineering attacks, and some are caused by organizational ignorance of deliberate spelling Attacks such as error attacks.

There are many solutions to this problem. Organizations can set more reasonable default permissions, such as all content is private by default, and explicit steps must be taken to make certain content publicly visible before it can be used; it can also set unique strong passwords for cloud services, and Use two-factor authentication to avoid security incidents such as Colonial Pipeline attacks due to compromised passwords; in addition, organizations can use vulnerability scanning and Internet scanning tools such as Shodan and Censys to regularly assess their potential attack surface.

02. Maintain reliable VM data backups

Ransomware attacks may bring economic losses to enterprises and are a relatively serious type of attack. However, enterprise organizations usually have a fluke, and few enterprises actively customize protection schemes against such attacks. Although some enterprise organizations have a large number of old software products to deal with ransomware attacks, they are full of loopholes. Therefore, enterprise organizations should recognize the cost of upgrading and maintaining these old system products, and the business interruption and damage caused by ransomware attacks. Finances are more important than losses.

While many industry players believe that ransomware attacks don’t necessarily cause economic problems, for corporate organizations such as hospitals, it’s a matter of life and death. Although such attacks cannot be completely avoided, enterprise organizations can respond to attackers by backing up and implement effective solutions to back up key data, which can ensure that key business processes can be quickly restored after an attack occurs, and further reduce the risk of ransomware attacks. influences.

03. Data classification and classification management

Due to the sheer volume of all the data needed to keep the business running smoothly, it is difficult and expensive to back it all up, and data theft and ransomware attacks may only steal important and sensitive data in the enterprise. Therefore, there is no point in backing up large amounts of ordinary data. And in the event of a data breach and ransomware attack, it’s even more detrimental to the company. Therefore, the best preventive measure is to conduct a thorough analysis of existing data, make backups of important data, delete unnecessary data or transfer less important data. This way, organizations can protect the data that really matters, even if systems are compromised.

04. Threat Alert Automated Response Management

In daily work, the noise of massive threat alerts is also a problem that has always plagued enterprise organizations, and automation technology can help to solve this problem. Organizations can configure automated tools that can prioritize threat alerts to determine the importance of different alerts. Automated tools with contextual analysis capabilities have advantages in classifying and grading threat intelligence and automating response capabilities.

If they want to further improve their security protection capabilities, organizations can adopt the classic defense-in-depth model. In this mode, if a threat occurs in the internal environment, the enterprise can conduct a full range of detection, blocking and response internally, and there is a greater opportunity to stop the threat. The defense-in-depth model is helpful to nearly all enterprise security teams, providing a cost-effective and less time-consuming way for small teams to strengthen security; while freeing up more security for larger enterprise security teams time and resources to tackle bigger issues.

05. Plan recovery procedures in advance

As the saying goes, “Every hundred secrets are sparse.” No matter how tight an enterprise’s security system is, there may always be loopholes. Organizations can buy the best tools on the market, but attackers are adapting to new technologies to make their attacks more powerful. The passive nature of defenders is inevitable, and some new attack methods may not be able to be prevented by organizations.

In this situation, it is important to plan the recovery process in advance. When planning the recovery process, an enterprise needs to proceed step by step and cannot rush for success. The recovery process needs to be carried out under the premise of assuming failure. Therefore, organizations can choose to implement preventive measures in combination with their internal threat detection and response mechanisms. Some typical prevention mechanisms include: training employees on cybersecurity, using strong passwords that are not repeated, and two-factor authentication. In addition, the establishment of detection and response mechanisms should include multiple processes such as analyzing logs, network security insurance, and regularly backing up data. This should not be taken lightly.

06. Protect the source code of the application system

The problem of source code theft and disclosure has been around for a long time, dating back to the Microsoft Windows incident in 2004 and the Diebold voting machine incident in 2006. The source code is often stolen due to improper configuration of corporate multi-factor authentication (MFA) programs, attacker credential access accounts, vulnerabilities in corporate systems that allow remote access to local files, or malicious git repositories that should not be made public.

One way to prevent source code theft is to protect all code data equally, following the principle of least access as much as possible. For example, requiring that only the staff responsible for working on the source code have access to it, the downside of this approach is that it interferes with the developer’s workflow, leaving developers with access barriers, blocked development, and more.

So the best solution is to ensure that confidential information, passwords and keys never appear in the source code. For example, some software packages have features that prevent accidental and intentional disclosure of source code, such as data protection software on tools that scan email and other network traffic for sensitive data, which organizations can use to protect source code .

07. Strengthen employee safety awareness

In addition to doing practical precautions, it is also important to ensure the safety awareness of all employees throughout the organization. The best way to protect yourself is to raise the cyber security awareness of all employees of the company while doing practical work.

In fact, many of the protective measures to ensure corporate and personal network security are very basic, such as setting strong and unique passwords for important websites, using two-factor authentication, ensuring that software and operating systems are up-to-date, avoiding clicking on suspicious or illegal links, doing Good backup etc.

However, in the face of large-scale and above-mentioned complex work environments, it is not easy to do a good job of security protection consistently. At this time, raising the security awareness of all employees of the organization can play a huge role. Make corporate employees more proactive in cooperating with security measures. Even though security inspections, routine audits, etc. may seem costly and tedious, if the corporate organization is a potential target of the above-mentioned attacks, it can be understood that building good corporate security awareness matters. Important.