โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
How to spot malware
As technology continues to develop and grow, so does the likelihood of a cyber-attackโฆ According to Carbon Blackโs Global Threat Report Series, up to 88% of UK companies have suffered a breach in the last 12 months, many of which have been from a Malware attack.
Malware (short for Malicious Software), can come in various forms, most commonly known as Trojans, Worms, Spyware, Adware and Ransomware. There are many methods these attacks can gain access to your system, the most popular being phishing campaigns โ this a method in which an email is sent to a user that either contains a link to a malicious website, or an attachment that delivers a malware payload.
The impact of a breach really does depend on the attackersโ goal:
Ransomware is so prevalent due to the simplicity of the attack, lost cost availability of the tools to deliver the attack, and the potentially high reward. These attacks are very noisy, very disruptive, and can be very costly to recovery from.
Extortion attacks are, again, much more sophisticated and typically involve stealing, or cracking, a usersโ credentials and impersonating the victim. The attackers generally start internal phishing attacks targeting employees in the accounts department in order to trick them in to sending payments to an account that the attacker controls.
Data exfiltration attacks are less disruptive, are more sophisticated in their nature as its designed to raise the least amount of noise to avoid detection, and largely go undetected.
The damage caused by a breach can also extend beyond the organisationโs systems itself in the form of reputational damage resulting in losing customers, and therefore business.
Whilst this all sounds scary, there are certain things you can do to protect against this from happening, and even mitigate the impact if it is too late to prevent. Want to know what our cyber-security top tips are? Keep readingโฆ
user security
It is becoming outdated to rely solely on static passwords (essentially a password including a variety of characters), which is why we always recommend the use ofย Multi-Factor Authenticationย (MFA). This means that if a userโs password is compromised, hackers are faced with at least one additional barrier.
Despite the increase in the use of MFA, static passwords are still incredibly common, so if this is what you choose to use then you should ensure that it is at least strong!
You can make certain of this through using a minimum length of eight characters and the random use of characters (i.e. do not use capital letters as the first letter). We also recommend that you use a password keeper to avoid the headache of remembering a multitude of complicated passwords!
train your team
This is perhaps the most important step as most viruses and malware rely on an individual giving them access to the network. According to DataProt 2023 Malware Statistics, a staggering 560,000 new pieces of malware are detected every day! Do your staff know how to recognise a suspicious email or link? If not, make sure you employ regular training, ideally centring around phishing emails to ensure that your employees are educated and on alert. Itโs good practice to only open emails from senders you know or recognise and then delete anything that doesnโt look right. Spam emails can typically be spotted due to typos or grammatical errors, although donโt rely on this โ phishing emails are getting ever more sophisticated!
Maintain your anti-virus/malware platform
Ensuring that anti-virus software is installed on all computers is a must if you want to be protected from opportunistic attacks. But ensuring that the estate is fully managed is essential to maintain the security posture. Malware is becoming increasingly sophisticated and, in many cases, will attempt to disable protection mechanisms on the target. Being aware of, and reacting to, endpoints that have their protection disabled is key.
Ensuring that the security product has the latest updates is also crucial in detecting known threats and, again, will help prevent opportunistic attacks.
Back up, then back up again
If you enforce regular back-ups and your files are held to ransom, you wonโt have to pay an attacker if they are stored somewhere else! However, we would recommend that you employ offsite back-up in addition to the back-up that you hold onsite. With the ever-evolving sophistication of viruses, there is the potential of a crypto virus encrypting your onsite back up filesโฆ A disaster if you donโt have them backed up offsite! A full back up of your system and data using an external location would ensure the recovery of these files and therefore reduce the impact of the attack.
Test your backup solution
Our Senior Engineer, Matt, is always repeating the mantra โa backup is not a backup until it has been testedโ. Despite their critical function within the organisation we still find that many companies implement their backup systems as though they are โset and forgetโ with little review and testing.
By now I imagine weโve all heard the story of Maersk who were hit by the NotPetya ransomware in 2019 and discovered that of all their systems being backed up the most critical ones were not.
Are backups being monitored effectively?
Are the selection lists correct and up to date?
Are the selections reviewed frequently?
Are the backups being tested regularly?
Is there an offline/air gapped backup to prevent against security risks?
Hopefully itโll never happen to you, but if there is a disaster recovery scenario how confident are you that youโll be able to fully recover from an incident?
Firewalls and Perimeter Security
As the shift towards the cloud becomes ever more apparent the reliance on traditional firewalls is decreasing as the focus is shifting towards edge-security.
That being said brute forcing known ports, such as RDP, still remains one of the top attack vectors due to its low effort/high reward ratio and is an often-overlooked configuration.
What can be done? Implement MFA on any public facing portals, where applicable. Lock down your management ports. Implement IDS/IPS technology to combat the opportunistic attacks. Regularly review the inbound/outbound policies and remove any redundant policies.
Get Cyber Essentials certified
A Cyber Essentials accreditation is a great way to ensure that your cyber security is up to date and relevant. Through this accreditation, any threats or weaknesses in your current security policies would be highlighted, in turn allowing you to update your technology and protect against any future malware threats.
A big plus in undertaking this, is in demonstrating your commitment to data security! You will not only be giving your clients peace of mind but the current demand for cyber certification in tenders, means you could potentially increase your revenue in winning future business!
Fortunately, this government backed accreditation is very affordable and can be completed in just 3 months.
Over the last 5 years weโve helped a wide variety of businesses achieve their Cyber Essentials accreditation, so if youโre a business that takes their cyber security seriously and would like to put the approved measures in place to become certified then get in touch with our experts today. If you want to find out a little more, just click here.
At Stripe OLT, our experts work with cutting-edge Microsoft technology to ensure both cloud and on-premise environments are comprised of the most up to date technology and robust cyber security policies. If you have any questions about the above security tips, or would like to find out more about how Stripe OLT can help you protect your network, donโt hesitate to get in touch with one of our team.