In our last post, we revisited some of the most pressing cybersecurity trends in 2017 and tracked where the industry is at as the end of the year nears. Today, we will address an important subject: breaches and how many of them can be prevented.
This year has seen its fair share of major breaches – from WannaCry and Petya to Equifax and the recent Deloitte email server hack. All these breaches have something in common – and it is not just the fact that millions of records were exposed – they all could have been prevented or greatly reduced by simple patches and software updates.
Unfortunately, these are just a few of the attacks that could have been prevented by simply updating software systems and vulnerabilities. While security is no easy feat, it is becoming too common that many breaches are occurring due to companies’ negligence caused by failure to update software components that are known to be vulnerable for months or even years.
There is no excuse for breaches when there are known security updates available to fix the vulnerabilities. A large part of the issue today is that companies have not been prioritizing these fixes and other security solutions. Below are several recommendations from BOHH Labs that companies can employ to help bring better tools to their security strategy.
Update old systems and Implement Security Patches
Businesses often ignore server patches or updates until they encounter issues. When this happens, hackers use malware and other type of attacks to exploit these holes and get into your system. Because Software systems are constantly evolving, security updates and patches are commonly released to keep up with software improvements. Often, these patches come with instructions to make the updates and failure integrate these into your system can lead to vulnerability and allow hackers to gain access company and customer data.
Implement a Zero Trust Model
In today’s complex cyber world, there is no longer any trust in security. It is clear there are no longer a trusted and an untrusted engagement on our security devices, on our networks or even users. It is time companies eliminate the idea of a trusted network and start implementing a zero-trust model approach that views all users and network traffic as untrusted that must be verified and enforce strict access control. At BOHH Labs, we have embraced the Zero Trust Model into our security approach and prevent unauthorized third-party interaction with all data traffic by a keyless encryption algorithm that automatically invalidates data when accessed by unauthorized users, rendering it useless to the unauthorized party.
Break the Data Request for Better Security
Following off the concept of the Zero Trust Model, it is important not to assume that every data request that comes in is from a trusted source. As such, a user’s data request should never have direct access to the network server as there could be malicious attackers who have jumped on to the connection to get entrance into your system. One way to help prevent this situation is to break every data request before it goes into your network. At BOHH, we employ this technique and when a data request comes in to the company network, the BOHH security appliance receives the request first and decrypts the request before passing it through, knocking out any other requests trying to hop on the original request and get into the network.
Encrypt End-to-End
Encryption is a great tool to help keep data protected, but if the data is not encrypted from end-to-end in the transaction process, it leaves an opening for hackers to get access to that data once they have penetrated your system. At BOHH, we believe the parties at the two ends of the data message – the sender and requester – should only have access to that data message. At BOHH, we use keyless encryption from end-to-end to ensure all connections to backend assets reveal no infrastructure details to an attacker as to location of firewall, keystore, database, or other assets if they find a way in to the network. End-to-end encryption is key to keeping data encrypted, without any possibility of decrypting, even at the sever level.
There is no sign of hackers and attacks against companies stopping any time soon but these are a few tools companies can use to help stay better protected from tomorrow’s breach.
Now that we’ve highlighted some ways companies can increase their potential to prevent data breaches, check back in next Tuesday when we take a dive in to the world of bots and how they can be used to securely.
No comments:
Post a Comment