Posted on Tuesday, April 23, 2019 in CybersecurityBlog written by Rob Swenson
Businesses that want to enhance protection of their electronic assets should complicate network pathways that hackers might follow, not just try to block them from entering, according to a national cybersecurity expert.
“Think in terms of a maze, not a wall,” said Greg Jackson, a senior cyber risk advisor with Dynetics in Huntsville, Ala. “What you want to do is build a good maze.”
A maze can frustrate hackers and prompt them to move on to their next target, said Jackson, who was among several speakers at the second annual Sioux Falls Cybersecurity Conference on April 18.
Collectively, conference speakers provided a lot of valuable information about cyber threats in interesting and practical ways. That’s important because risks aren’t just theoretical; they are very real.
In one conference session, Jackson and Craig Mitchell, a senior cybersecurity analyst with Dynetics, simulated a live hacking to demonstrate the relative ease and potentially devastating consequences that intrusions can have on a company. The two security experts explained what they were doing as the audience followed the demonstration, keystroke by keystroke, on two large screens.
As is often the case with successful hacks, the simulated intrusion began with a well-crafted phish – in this case, a phone call from the hacker to discuss a potential business opportunity with the target. That was followed by an infected email that supposedly contained more information about the business opportunity. Such emails include a tainted attachment or link that probably looks legitimate but is really just a way for intruders to get into a network and plant their electronic payload.
Once the recipient clicks on the link or attachment, the hackers are inside and could go undetected for weeks or months as they spy on company activities or look around the network for information to steal. Some hackers might opt to encrypt data of value to the business and then anonymously demand a ransom payment in bitcoin or some other cyber currency to make the information usable again.
No matter what a hacker’s intentions, people typically are the weakest link in any company’s cybersecurity strategy, Jackson and Mitchell said.
The Dynetics team’s suggestion to take a maze-like approach in building a secure defense is similar to the advice other cyber experts offered, including those at Sioux Falls-based SDN Communications. For years, SDN experts have encouraged businesses and organizations to take a layered approach to cybersecurity. That means taking steps to cover every stage of network activity, from network entry points to user input, data transport and storage.
SDN CEO Mark Shlanta provided conference-goers localized information on cyber threats active in the Sioux Falls region. He also warned businesses that threat activity seems to peak during the summer months, possibly because technology staffers at companies take time off or mischievous students have more free time. The reasons are not clear, but SDN’s data for the past two years supports the premise.
Like some other speakers, Shlanta emphasized the importance of good, ongoing training for employees to help them identify threats, such as phishing.
Most businesses eventually learn from an outside source, such as government agencies, that network information has been breached. Jackson and Mitchell advised companies to always assume that hackers have penetrated the perimeter of their network and to constantly monitor the interior of their networks for suspicious activity.
Here are some of the other suggestions offered by Dynetics to help build a “monitored maze” to protect and detect threats.
- Implement host-based firewalls to reduce pathways in networks.
- Restrict administrative privileges among employees.
- Use application whitelisting. In other words, identify approved software applications that are allowed in a system in advance.
- Cybercriminals are secretive but not invisible. So monitor activities at network endpoints and have a plan for responding to suspicious activity.
- Maintain a log of essential data, including web activity.
- Companies also might want to Include “honeypots,” or trap doors, in their networks to gather intelligence about intruders.
The Sioux Falls Area Chamber of Commerce’s half-day conference attracted about 150 local business and technology leaders to the Sioux Falls Convention Center. SDN Communications was the lead sponsor of the event.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington and the surrounding areas.