Targeted cyber attacks on businesses are becoming more frequent. The sole purpose of these types of attacks is disruption and illegal financial gain, and the consequences can be devastating. So what can we do to avoid them?
We all know that firewalls are a good way to protect a network, but realistically there needs to be a strong infrastructure setup for firewall security across multiple touchpoints. With the increase in remote working – it’s known that personal firewalls are flimsy at best – having end-to-end firewall protection that’s controlled by the administrator is always the way to go. That’s one of the reasons why laptops used from home are business issued and not personal, due to personal security being generally lower than that which is controlled by network admins. There’s also usually multiple firewalls installed at the servers and their related connections.
IPv4 and IPv6
Some older configurations use the IPv4 standard which now is archaic. The majority of network infrastructure is built around IPv6 which does promote stronger security protocols and network addresses are more difficult to obtain based around assigned keys. IPv6 also limits route aggregation, allowing for a more controlled approach to where address data is held and thus stopping the potential of being singled out in the event of an attack.
SSL certificates are now standard for most websites, but the renewal of these is important. Not only do they present confidence to those visiting your site, but they also mean that your data is encrypted. To get a certificate, you must create a Certificate Signing Request (CSR) on your server. This process creates a private key and public key on your server. The CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key. The CA uses the CSR data file to create a data structure to match your private key without compromising the key itself. The CA never sees the private key. Via the SSL/TLS handshake, the private and public keys can be used with a publicly trusted certificate to negotiate an encrypted and authenticated communication session over the internet, even between two parties who have never met. This simple fact is the foundation of secure web browsing and electronic commerce as it is known today.
The event of a ransomware attack means that sometimes the affected entities sit in turmoil. Ensuring that there is a disaster recovery element in place where the infrastructure can be rolled back into a pre-attack state is important and isolates the attack to minimise end user inconveniences.
Fast response and deployment
Ensuring that your network security has alerts set up for any and all attacks means that any sort of attack is immediately identified and dealt with fast. Failure to pick up on these attacks can cause massive issues and gives the people who are attacking more chances to find data and request a ransom for it. Deploying your countermeasures should also be as fast, minimising the problems and downtime. Ransomware attacks are reliant on slow response times. Preparing for them adequately will always make things easier in the event of an attack.