Page 152 - Cyber Defense eMagazine April 2023
P. 152

monitoring user activity, collecting login credentials, sending ransomware and other malware, and gaining
            access to a company's network.

            Ransomware is the number one cyber threat to businesses, according to  Secureworks researchers.
            These attacks are raising the stakes by creating a high demand for stolen credentials and data, as well
            as  broadening  the  toolkit  of  threat  actors.  Since  the  early  days  of  ransomware,  threat  actors  have
            understood that data is money and have honed their approaches. Ransomware has changed the game,
            so you'll need to rethink how you secure your endpoints from this threat.

            In order to protect all your employees and organisations as a whole against the latest cybersecurity
            threats, Salt offers the following recommendations:



               1.  Beware of common web app threats

            The presence of software vulnerabilities and threats to online apps is something that all business owners
            will have to recognise and protect themselves against. A well-functioning web application is frequently
            backed up by a security infrastructure that includes a number of complicated components. Databases,
            operating systems, firewalls, servers, and other application software or devices are all included. What
            most people don't realise is that all of these components need to be maintained and configured on a
            regular basis in order for the web application to function effectively.


            Directory traversal attacks are still being used against insecure web apps, allowing attackers access to
            sensitive data on the server hosting the online service. In the end, the attacker may gain access to
            sensitive data or perhaps complete control of the system. Administrators can reduce the risk of these
            attacks by updating their web application and server software on a regular basis and using  intrusion
            prevention systems to secure their servers.



               2.  Have a data access policy

            Many firms lack the simplest data storage, access, and usage protocols. Any organisation that wants to
            protect its data must define the data classification levels. In the case of personal or financial data, for
            example, data can have public, limited, or critical access. Since not every employee in a firm needs
            access to all of the company's data, a data storage strategy is more than merely encrypting data and
            hoping for the best. That's why an effective data storage strategy should include access restrictions for
            who can access and use data, as well as for how long.

            Each type of data should be defined in terms of which workers and departments have access to it. User
            authentication mechanisms, such as two-factor authentication, can be used to accomplish this. As well
            as at all times any security breach should be immediately reported to the protocol's administrators.










                                                                                                             152
   147   148   149   150   151   152   153   154   155   156   157