An average of 5,000 to 7,000 new computer security threats are announced each year. That equates to as many as 19 new threats each and every day! In a case where a threat becomes successful at compromising the network of a small business operation, the focus is usually on finding specifically what threat caused the problem and what occurred after the hacker ‘broke in’. Certainly, it is essential to quickly minimize damage and recover from the results of the hack and that should be the priority once a security breach has occurred. However, a more strategic approach to minimizing and possibly even eliminating these events from crippling your business operation, is to focus on those underlying causes for why attempts to breach your security can be successful.
It has been estimated that there are likely hundreds of thousands of unique software vulnerabilities and hundreds of millions of unique malware designs. Regardless of the sheer volume of this onslaught, the potential for hacking success boils down to only a few different ‘targets in your network’ that are preyed upon. These are:
- Unpatched software
- Social engineering
- Misconfiguration of the network
- User errors
- Eavesdropping
- Password attacks
- Denial of service
- Physical attacks
The first two targets alone (called ‘vulnerabilities’ in this industry) account for a vast majority of the success hackers realize. If you button these up, your risk of unwanted guests and their thefts and disruptions on your network greatly decreases.
Mitigating the risk of unpatched software can be deftly handled by a monthly service provider delivering automated monitoring and patching of software systems. The mark of a good provider is one who focuses first and foremost on those highest risk programs running in your environment. The commonality of these types of software (i.e. Sun/Oracle Java, Adobe Acrobat, and internet browsers) is they are usually found in consistent locations and have known security flaws ripe for exploitation. Choosing the right monthly provider to consistently patch your unpatched software effectively, is an important part of your defense. Call us today to discuss putting this key strategy into place.
Social engineering hackers are quickly becoming famous (and in some cases, criminally wealthy) by talking end-users out of their passwords and thereby allowing the hacker or malware to gain privileged access to sensitive resources such as an email account. Users often mistakenly run Trojan horse programs or provide their logon credentials to fake emails and websites.
Is the strategy for mitigating this risk found in installing a device or software? Although tough for this IT technician to admit, the answer is NO. At this time, there is no software or device on the market that can adequately protect your business operation from attacks on social engineering. What can be done? TRAINING! Educating your users on what to look for is the best line of defense by far for this risk. We will talk more about the specifics of this in a future blog. Until then, contact us for help with this key strategy. We can offer IT help, or IT support in the Metro Atlanta area.
