Top vulnerabilities (and how to beat them)
Cyber criminals are turning intellectual data into money and effecting your bottom line through increased costs and brand and reputation damage, and they’ll take advantage of any vulnerability they can find. Attacks on corporate networks are steadily becoming more advanced, with security breaches making the headlines on an almost daily basis. 2014 has already seen some high profile cases including eBay and Heartbleed – resulting in the US government backing the public disclosure of software vulnerabilities.
So how do data security breaches occur? The two main ways are software and application vulnerabilities and insider error. Below is a summary of the top vulnerabilities identified in the report and advice on how to protect against them.
#1 - Exploit kits revisited
Hackers frequently use public sources such as CVE lists to target known vulnerabilities. The NTT Group’s 2014 Global Threat Intelligence Report (GTIR) shows that 78% of exploit kits contain vulnerabilities discovered in the past two years, but that some vulnerabilities exploited were over 10 years old. That’s a long time between patches, folks. Organisations with active vulnerability management programs are far less exposed to the threat of exploit kits. Put simply identify your critical assets and update your software regularly, and keep an eye on industry recommendations on server and software configuration changes to improve security.
#2 - Java - Write once, attack anywhere
The vast majority of exploits are targeted at Java. Organisations should consider this an area in which to focus active patch management and configuration efforts. These vulnerabilities are common, widely exploited, and well-documented.
#3 - Thinking 'inside' the box
Lack of user awareness and process often results in an internal breach. Perimeter defences are ineffective when malcode is released from inside an organisation as individuals click on links, open files from email, or plug in an infected USB drive. Perform effective user awareness training, ensure that processes are up-to date and in line with the business, keep antivirus software updated, and use experts for malware analysis and incident response. Advanced analysis with limited internal resources is often not practical.
#4 - There's an App for that!
Applications are critical to business and naturally these are the primary targets for the cybercriminal. In 2013, web application attacks were the fifth most common type of attack identified by NTT Group’s GTIR. Prioritise the proper configuration of applications, consider next generation firewalls, IDS and operating systems – too often we install and forget. Implement detailed logging for web applications and database transactions so that you can quickly identify a breach or attack. Use web application firewalls (WAF) to help detect and prevent attacks targeted against applications, such as SQL injection and cross site scripting attacks.
#5 - AV is not dead
Whilst anti-virus (AV) has had its critics over recent weeks, it is still an integral part of a business’s defence. Always install all of the latest patches and virus definitions. As we have seen in the GTIR some of the vulnerabilities being exploited were over 10 years old – is this the fault of the AV software or lack of business process and testing?
Hackers move and adapt quickly. Your organisation needs to do the same. As a matter of routine understand and identify your critical assets, test and review technology and processes to ensure continuing effectiveness. Improve your incident response procedures. If a breach occurs, you need to be aware quicklyand acting against it without delays. Stay aware of new technologies that become available, and implement those that suit your security setup.