Like most criminals, hackers are opportunistic. For the same reason a thief is more likely to steal a car that has the keys in it or break into a house with unlocked doors, a hacker is looking for an easy way in… the path of least resistance. If it’s difficult – or takes a long time – there is a good chance they’ll get frustrated and move on. After all, it’s typically just business to them. They want to make the most money as quickly and as easily as possible. Here are three things you can do at your organization to slow down an attacker, and hopefully get them to move along without a breach.
#1. Properly configure your firewall.
According to one of Tyler’s Pen Testers, one of the most frustrating defenses he encounters as part of a cyber assessment engagement is a web application firewall or intrusion detection / prevention system that is configured properly to block suspicious traffic. “If I’m fuzzing an application, and the application detects that I am doing something malicious, then blocks my IP, it’s incredibly frustrating because it takes more time. It’s not to say that you can’t bypass it, but it slows the attack down.” On the flip side, it also deters the attacker who is just looking for low hanging fruit.
#2. Enforce a strong password policy.
Passwords are one of the most common weaknesses that our Tyler Pen Testers find. “Recently, we’ve seen ‘summer2016’ used as a password pretty frequently. And for those organizations who require employees to change their passwords every quarter, ‘fall2016’ will most likely be added to the mix shortly.” Tools that crack passwords can process a lot of data very quickly. According to an interactive website from BetterBuys, if you have a password as simple as "12345" or "password," it would take hacker just .29 milliseconds to crack it.
As an organization you can address the weak password issue with policies and technical controls. Provide employees with a password safe or password manager, and teach them how to create a strong password. Put in controls so best practices are followed, and be sure to enforce it. Also be sure to change default passwords on all applications and appliances. This will make it more difficult for the hacker to get in, and slowing down the attack increases the odds that they will move on.
#3. Limit access to your network.
Take a look at what users have access to, and make sure they don’t have access to information they don’t need. A hacker shouldn’t be able to log into your network as a receptionist and access HR data.
How do employees get access to data they don’t need? First of all, few organizations truly understand exactly what information they have, where it is, and who has access to it. The lack of awareness can lead to people having access to information that they don’t need to fulfill their job responsibilities.
The other reason is that from an engineering standpoint, it’s difficult and time-consuming to lock down a network. Especially if your organization has been around for a while. If you started before network security was a big deal, your network design may be hard to work with from a security perspective.
Don’t despair… there are tools available that can help you find and classify data on your network. Once data are inventoried and classified according to sensitivity and/or legal protections, then you can create Access Control Lists (ACL) to grant permissions to use information based on the concept of “least privilege” required to complete job functions.
Locking down access within your network makes it more difficult for hackers because they have to find specific credentials to get to the information they want. Limiting the pool of potential credentials will slow down the process.