In a mobile-first, cloud-first world, cyber crime is rampant and malicious attackers have taken the opportunity to steal high-value data from a large number of digital resource pools. Unfortunately, it can be so easy for cyber criminals to get their hands on sensitive information, that the methods they use to obtain it doesn’t involve any form of hacking at all.
Microsoft insists that a good first step to combating cyber crime is to understand its current landscape before formulating strategies to fight it. The motivation behind such attacks, particularly the ones that target large organizations, is not usually just for the fun of it; perpetrators are usually seeking high-value company assets such as credit card numbers and identification information that can then be sold to other criminals for rather large sums of money.
The first set of precautions Microsoft advises organizations (government or private) take is to be on the lookout for phishing scams, and poor system hygiene. Phishing is one of those scams that doesn’t involve hacking, and instead relies on tricking users to provide information such as network credentials and passwords. An attacker would then use that information to gain unauthorized access to a computer or the network that computer is connected to. Other ways attackers may gain access to that information is by utilizing a system vulnerability, be it a vulnerability in the operating system or one of the applications that it is running. Microsoft’s advice is to ensure that all system updates are installed, and in a timely fashion, to ensure attackers do not take advantage of outdated systems and software.
The software giant also emphasizes the need to have least privilege principles enabled in a network, as it can thwart attackers from swiftly moving across a network in their attempts to steal information and compromise systems. Organizations should also identify their “crown jewels”, or high-value assets, isolate, and add additional security measures to protect them from cyber criminals. Additionally, organizations that hold information including card swipe data, pin input data, data in flight and data in storage, should not only be isolated, but encrypted too. It’s rather worrying that this even needs to be said.
Protecting administrator credentials is another important step that organizations should take, particularly to fight off an attack called “pass-the-hash”, which attackers have used successfully on numerous documented occasions. The attack is designed to harvest as many stolen credentials as possible and remain undetected for as long as possible. It’s a horrible one, and Microsoft has released a number of papers that detail how the attack works against Windows operating systems, and what security measures can be taken to fight it.
Microsoft also advises that organizations take a more holistic approach to protecting data, rather than just focusing on the protection and recovery stages. Companies need to be prepared to take the appropriate measures of fighting cyber crimes when an attack occurs to swiftly lock them out, rather than relying on third-parties such as law enforcement and application providers to sort the issue out. Organizations should instead establish an effective, ongoing and continuous strategy to monitor for imminent attacks, detect when an attack has occurred, manage it, and restore operational control.Further reading: Cybercrime, Microsoft, Security, Windows