Approximately 30% of Canadian organizations have seen a spike in cyberattack volume during the pandemic. Additionally, 25% of them experienced a breach of customer or employee data and 38% weren’t sure if their resources were breached.
Around the world, 2020 is being called the year of the “Cyber Pandemic” due to the step rise in attack volume for phishing, ransomware, fileless attacks, and other data breaches.
The increased volume of attacks is not the only thing making the cybersecurity landscape more treacherous for companies of all sizes. Other contributing factors are:
In answer to the rising threats to network security a model called “zero trust” has been becoming more popular.
This model takes a “trust no one” stance, which involves putting continuous monitoring and checks in place to combat the newest and most advanced cyber threats out there.
Most legacy cybersecurity strategies take a “castle and moat” approach, which means to put strong safeguards on the perimeter of a network, but not so much once a user or application makes it inside.
With a zero trust strategy, there are strong security measures put inside a network as well to continually monitor for any threats.
Here are some of the tenets involved with upgrading your cybersecurity to a zero trust approach.
77% of cloud account breaches are due to compromised login credentials. Hackers often log in as a user to bypass more stringent security measures.
Every login should be using multi-factor authentication (MFA) to add an important safeguard against hacked or compromised passwords, but SSO with advanced access management takes that a step farther.
Some of the things it allows you to do is to challenge users that have higher level privilege with additional authentication questions to confirm the user is authentic. You can also set up geofencing to restrict what a user can access if they are logging in from outside a specific geographic location.
Some small businesses give all their users admin privileges when setting up their account in a new cloud tool “just in case they might need to do something.” But this creates a much riskier environment because you’re giving a hacker more rich targets to go after.
Using the Rule of Least Privilege can help you reduce your risk level for a hacker gaining access to your most critical system resources. What this means is to give users the lowest possible access level you can that still allows them to complete their daily tasks.
A network attack can happen at 2:00 in the morning on a Saturday and completely devastate your systems by the time someone realizes it on Monday morning. It’s important to have your network continuously monitored for threats and a system in place that can react to quarantine the threat as soon as it’s found.
The best way to do this is through a combination of managed IT services and an advanced threat management application that uses AI to detect and respond to threats in real time.
Application whitelisting helps keep zero-day malware and other emerging threats from infiltrating a system because your network doesn’t have to know the signature of a theat. It only needs to know the applications that are already approved to execute commands. It blocks all others by default.
A related tactic is application ringfencing, which designates the types of commands those approved programs can run. This helps prevent fileless malware that sends malicious commands to a legitimate Windows application.
Remote desktop protocol (RDP) is being used more than ever due to the pandemic and resulting millions of newly work-from-home (WFH) employees. RDP is also being targeted by hackers trying to log in and gain access to company data.
A best practice you can use is to create a group of users that are approved to log into your system through RDP, this will then keep out any users trying to get in that aren’t on that approved list.
Haxxess can help your Northern Ontario business put the layers of safeguards in place that keep you protected from insider attacks as well as new and emerging threats.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.