Tarlogic’s Cybersecurity team has drawn up a basic manual for creating a minimum cyber defenses structure: limiting the exposure of services to the Internet, double authentication, security reviews, software updates…
In the world of cybersecurity, the Little Red Riding Hood tale could well be a bedtime book for outreach. One in which the role of the innocent little girl is played by the thousands and thousands of companies that every day put their lives on the line on the Net with hardly any cyber defenses and without properly assessing how much is at stake. And in which the Wolf is embodied by the countless threats that orbit the Internet: ransomware, malware, phishing, brute force attacks…
The moral of the story is surely the best description of the scenario faced by companies and institutions, anonymous citizens, and entities of all kinds: be wary. The bad guy can be in any corner.
Yes, the disturbing granny’s bed could even be hidden in any corner of the company. Seemingly innocent. Implacably ferocious.
That’s probably why government institutions, and cybersecurity companies like Tarlogic Security, have been warning of the need to arm yourself for years. To protect yourself in order to contain threats that are growing all the time.
Just one fact. According to Interpol, in the first four months of 2020, one of its providers detected 907,000 spam emails, 737 malware incidents, and 48,000 malicious URLs circulating on the Internet. And that’s just one operator.
In view of all this, Tarlogic’s Cybersecurity team has developed a simple manual for building a cyber defense wall. A structure designed with some basic protocols and actions to protect any kind of business.
It’s 10 tips that will help your company minimize damage and make it harder for hostile actors.
Let’s get down to business…
1 – Second-factor authentication
Using second-factor authentication exponentially prevents password theft and access to corporate applications. None is as cross-cutting as the email service.
Applications such as Google Authenticator, FortiToken, Yandex, or FreOTP, to name but a few, will save you a lot of headaches.
Any 2FA tool will allow you, for example, to contain the risks derived from such ridiculous passwords as 123456. The most widespread password in the world, according to many reports.
A password that is little less than candy for any brute force attack.
Losing control of email, or VPN access to the company’s network, can unleash a storm by providing hostile actors with critical information about the company’s operations. Who even knows if it could be a gateway to the company’s systems, the first step in spreading a ransomware attack.
Whether for email access, VPN access or access to your Fornite and social media accounts, always use second factor (2FA) in your personal and professional life. You will save yourself a lot of trouble.
2- A web application firewall
Any company that wants to optimize its cyber defenses should have this tool today. It helps mitigate denial-of-service attacks while enabling firewalls to block any attacks on your website, mobile application, or API.
A general web application firewall such as Cloudflare, or customised WAF solutions in managed environments such as those from SysAdminOK enable 24/7 protection against cyber-attacks without slowing down the website, a priority for domain managers.
The unstoppable rise of e-commerce and the proliferation of cloud services will force entrepreneurs to take care of their web platforms, which in many cases have become critical business generators.
To make an analogy, protecting a website or an app is now almost as much for thousands of companies as protecting the factory that produces their goods for sale.
And nobody would think of leaving the factory unattended at night with the doors wide open, would they?
A WAF doesn’t prevent regular web security audits, but it significantly reduces the number of successful attacks.
3- Firewall rules, the digital filter
Perimeter security has become a commandment when it comes to creating cyber defenses. And few aids are as effective in this area as firewall rules, a solution that limits the exposure of services to the Internet.
Again, an example is perhaps the most illustrative. Quite a few firms have, in addition to a conventional website, a server that is exposed to the Internet and offers valuable services for their activities.
Well, firewall rules limit access to this infrastructure to only the desired applications, and not to all the actors circulating on the Internet. This tool thus becomes a sort of firewall that minimizes damage, a very valuable filter when it comes to these services.
Limiting incoming connections to internet-accessible machines and servers in the DMZ with a firewall is important, but so is limiting these machines from being able to connect freely to the Internet. Otherwise, the bad guys are sure to take advantage of it to get company information from there.
4- Updating all the time
This is a basic, elementary rule, but one that is not always respected at the business level. Óscar Mallo, a cybersecurity advisor at Tarlogic Security, insists that it is vital to update all software you work with, but especially all software that is visible on the Internet.
«Failure to do so exposes you to potential attacks with known vulnerabilities», he warns. Software providers not only carry out regular updates to improve their services but above all to optimize the security of their programs.
Maintaining a strict policy in this area protects the brand from localized problems and makes staff aware of the need to protect their equipment. This issue of employee sensitivity is not a minor variable in cybersecurity.
It’s possible to find products on the market that detect obsolete, and therefore vulnerable, software versions, from solutions such as Tenable Nessus to carry out a security audit of internal systems and those exposed to the internet, to solutions aimed at updating the software of users’ PCs such as Microsoft SCCM or Patch my PC.
In the same vein, it’s highly advisable to ensure automatic updates of each employee’s workstation through group policies.It wouldn’t hurt to work with tools such as Snyk to monitor embedded components that may be out of date.
5- SPF, DKIM, and DMARC, the holy trinity of email
Let’s get one thing straight. Email is the main source of cybersecurity problems worldwide. It’s estimated that 82% of detected cyber-attacks originate from malicious emails.
On this basis, it seems reasonable that everything we do for our email service should be a low priority. SPF, DKIM, and DMARC are very helpful authentication protocols to prevent phishing.
• SPF (Sender Policy Framework) is a mail protection that helps to prevent the receipt of forged mail. SPF identifies which mail servers (SMTP) are authorised to send emails for a domain.
• DKIM (Domain Keys Identified Mail) complements the above protection by adding a digital signature to each email so that it can be guaranteed that it is legitimate and has not been tampered with.
• DMARC (Domain-based Message Authentication, Reporting and Conformance) defines how anyone receiving mail that violates SPF or DKIM policies should proceed, by rejecting it, putting it in the spam folder, or accepting it.
The case of the Galician pharmaceutical company Zendal just a few months ago illustrates the importance of incorporating these protocols into any company’s line of cyber defenses.
The firm suffered the so-called CEO fraud, and hostile actors managed to steal more than nine million euros of the company’s funds.
In addition to the contributions in terms of impersonation, these protocols provide greater security to the destination servers, which in many cases prevents the mails we send from ending up in the spam folder.
6- One network, many networks
Carmen’s company, a small printing company located on the outskirts of Madrid, had been on a roll for some time. Working hard. And making some money. A scenario that blew up at the beginning of the year, when a ransomware attack forced her to pay a ransom of 25.000 euros, something like the net profit accumulated in 2020.
Her case is just one of many that illustrate the scale of the phenomenon. The list of ransoms paid in recent months for these cyber-attacks leaves no room for doubt. From Colonial’s 4 million to the 10 million claimed from Garmin.
Ransomware incidents have become one of the major players in the cybersecurity world for some time now.
It can be almost impossible to contain these attacks 100 percent given the intensity with which ransomware groups behave. For example, segment the company’s internal networks into different VLANs, deploy fortified hopping machines with good hardening that allow access from one environment to another.
Proper planning at the network architecture level will contain the ability of hostile actors to propagate their attack if they manage to penetrate your systems.
Segmenting networks will prevent bad guys from traversing your home like a highway, hijacking and encrypting data. Or in other words, stealing from under your nose.
The investment may not be cheap. But it pays off. At the end of the day, you will be gambling everything.
7- Backup, or who always saves always has
Few dare to argue that information is power. Data is the oil of this era and in any company, its control is decisive to guarantee business viability.
When it comes to creating cyber defenses, therefore, having a perfectly organized and structured backup policy can become your lifeline in episodes such as the aforementioned ransomware attacks.
In short, save your information to save your business.
But again, not everything goes. Óscar Mallo explains in detail: «If a company uses external providers or a cloud service (an increasingly widespread option), make sure it has adequate data encryption».
In some cases, it’s even recommended to periodically resort to physical media, hard drives, for example, to have the last option to safeguard the company’s activities.
Using external long-term storage systems such as Amazon Glacier, with a low cost per GB, configured so that the user performing the backup does not have deletion permissions, are a good alternative for backups and disaster recovery.
8- User roles: to each his own
Segmenting user roles is another decision that will help the company create a cyber defense strategy. Allowing all employees to become local administrators of their computers is like shooting yourself in the foot.
If they have these permissions, they could inadvertently install one of the thousands upon thousands of malicious programs circulating on the Web. Also keep in mind that, by being connected to your systems, this code will eventually spread to all your computers without interruption.
Thus, extending the problem to the whole organization.
Companies should limit the ability of their employees to manipulate their computers. This is the only way to minimize threats from the digital world.
9- No [malicious] software, no paradise…
Enforcing something as simple as software restriction policies will save you a lot of heartaches. Blocking an employee’s ability to run any .exe file will prevent them from spreading the many malicious codes that travel the Internet under the guise of legitimate software.
This is not a minor piece of advice. Nor are the previous ones, for that matter.
File-sharing programs such as Ares, BitTorrent, Vuze or the old eMule have familiarised millions of users with installing programs with all kinds of goodies (adware, malware…) on their computers.
Allowing this everyday habit to carry over into their businesses is a mistake. Critical, surely. Because any program outside their supervision can become a gateway for information theft.
10- Ciao to Office document macros
This is one of the critical points of infection at company level. This brings us to the last, but by no means least, of the advice we at Tarlogic propose: disable Office document macros. It will save you a lot of trouble.
Incibe has warned about this on several occasions. One of the latest, following the spread of a Crypt0l0ker-type virus that spreads via legitimate-looking e-mails.
The mail invites the recipient to open a self-executing attachment that infects computers via Office macros. This unleashes a ransomware that encrypts the user’s files. And, of course, demands a ransom in exchange for returning them to their rightful owner.
So you see, disabling macros can be extremely useful to give hostile actors a run for their money.
And finally… Render unto Caesar the things that are Caesar’s
We left a lot out of this equation, encrypting information, passwords, new generation antivirus (EDR/XDR)… so the last piece of advice in this basic manual is really an amendment to the whole. Cybersecurity has become a strategic discipline on the threshold of what has been dubbed the fourth industrial revolution.
Enlisting the services of a cybersecurity company, therefore, seems more of an obligation than an exercise in voluntarism.
Services such as pentesting or hardening, web security, and source code audits, or vulnerability control are already strategic allies for any company that wants to protect its business. And what about red team or blue team services?
And hardware hacking and reverse engineering for product companies.
Today’s companies have to find a solvent and innovative supplier if they want to think about the future.
Cybersecurity services cannot wait. Remember, the bad guys don’t rest.
Discover our work in www.tarlogic.com