IT Security - May 3, 2021

On a secure footing.

Attacks on IT infrastructures are no longer the exception. Every day, an uncountable number of businesses fall victim to cyber criminals with the BSI Situation Report 2020 describing 117.4 million new, previously unknown versions of malicious software. That equates to more than 320,000 each day. In order to serve their purpose, they naturally have to spread and that means we see the same situation play out over and over again—an employee receives an e-mail and opens it without thinking. The result? Disaster. Carry on reading to find out how you can get your company onto a secure footing.

Times are changing. It’s not so long ago that the topic of IT security was one that only experts bothered with. Back then, everyone had a “that could never happen to us” attitude. These days however, IT infrastructure security has become business critical, attacks are not unusual and they impact every business owner. In 2019, 88% of German businesses were affected by data theft, industrial espionage or sabotage. It’s no wonder then that this subject has becoming a hot topic at management level. Making IT security a top priority.

The frontrunner – Manipulated e-mails.

Manipulated e-mails are right at the top of the list of successful attack methods with 91% and are related to the concept of social engineering. Despite not being the newest kid on the block anymore, e-mails are the most important communications tool in businesses and therefore a good way for attacks to access data and IT.

There are many reasons for the success behind this form of attack. First of all, many companies still don’t have much of an awareness of IT security. All too often, employees don’t know how to tell manipulated e-mails from legitimate ones. Is this message really from the boss or is a criminal behind it? It’s often hard to tell. On top of this is the fact that there is still a lot of potential from a technical point of view to bolster measures and close gaps in Office 365s e-mail security.

Attackers misuse identities.

Once an attacker has dealt with the human factor, it’s simple to compromise user accounts and exploit them. Recent studies back this up with some impressive figures. 70% of attacks on businesses result from the misuse of access data, but when we take a closer look, that is hardly a surprise. Bad or easy-to-guess passwords are still all too common in companies and organisations.

A lack of countermeasures such as restricting access to sensitive data or two or multi-factor authentication makes it easy for criminals to move freely within the network, extracting important data and gaining access to privileged accounts and thus to everything the hacker could possible desire. And worst of all, because the attackers are using the accounts of legitimate users, they can remain undetected for a very long time. On average, it takes nearly three months before an attack on a network is recognised. Three months in which an attacker can cause enormous amounts of damage and steal valuable CRM and product development data.

Professional attacks.

The lucrative market in corporate data and resources has become a huge draw for criminals in the past few years. New groups are regularly appearing offering Cybercrime as a Service. Sophisticated malware that makes it difficult to decrypt data is available on the market with corresponding evaluation and distribution services, and this oversupply also creates cut-throat competition and forces the providers to become increasingly professional. This makes possible what was previously considered too expensive and difficult to get done. Attacks on incorrectly configured firmware and the exploitation of badly or wrongly configured servers and micro-containers have increased over the last few years, and when these kind of resources are compromised, they can be misused for a whole range of purposes—from demands for ransoms to crypto mining, attackers have a world of opportunity open to them, which goes some way to explain why 27% of attacks these days involve ransomware.

There has been a shift in recent times with attackers turning their attention to employees’ personal environment. As working from home has become increasingly widespread, hackers are turning their sights to personal routers and computers being used for business purposes and it should come as no surprise to learn that Android, iOS and macOS devices are now much more at risk from advanced persistent threats.

Cyber criminals hot on the heels of businesses on the road to digitalisation.

The level of professionalism goes hand in hand with the migration of attackers into the cloud. In 2020, the numbers of attacks on cloud services and web apps shot up by 43% compared to the previous year, which shows how criminals are not far behind businesses as they make the switch to the cloud. As with most other illegal activities, access tends to be gained with stolen passwords or those cracked using brute force techniques with 80% of incidents being linked back to such methods. The other 20% are the result of attackers exploiting vulnerabilities.

This migration can also be seen in modern malware programs. Over 90% of tools in use leverage DNS systems to tap data and direct web traffic. When strategically planning security measures, particular attention should therefore be paid to applications that prevent access to malicious websites at the DNS query level to stop attacks before they can happen.

Simplicity is the order of the day.

With over 2,000 security solution vendors worldwide, the market for tools and applications to protect corporate IT from unauthorised access is saturated. The choices are endless and that’s not going to change any time soon meaning that businesses are also facing the challenge of managing these applications without completely overwhelming their IT. But the best tools in the world are useless if no-one has the time to monitor alerts and look into issues.

This is where management programs could play a role as they not only give IT staff an overview of existing security solutions, but also enable security operations centres to make automatic decisions on how to deal with the reported threat. This is the only way to ensure a corporate network comprehensively protected from most threats in the long-term, because as we know, nothing can be 100% secure, no matter how hard we wish for it.

IT security with Cisco and Bechtle – Strong partners.

Businesses grow and change as they do so, but change is also being driven by digitalisation and the workforce shifting to work remotely. In challenging times, things have to move very quickly meaning security issues are often left by the wayside and existing solutions are no longer regularly checked to see if they still meet current requirements.

Bechtle and Cisco offer a series of checks and additional services and application to help detect and close potential vulnerabilities. The e-mail security health check and visibility assessment services are ideal for analysing the status quo and mapping out potential solutions.

Security from A to Z.

When it comes down to plugging gaps in e-mail traffic, you don’t need to look much further than Cisco’s Cloud Mailbox Defense. It can be wholly integrated into Microsoft 365 and detects even complex threats as both internal and external e-mail traffic is monitored and controlled. If you want to detect anomalies within your infrastructure, there’s also Secure Cloud Analytics that can be used no matter if your services, servers and devices are located in the cloud or on-premise.

Cisco DUO brings two-factor authentication to the world of security. It can be easily integrated via SMA, app or token into existing systems and quickly and easily boosts security around corporate identities. Harmful access to prepared websites can be detected quite easily through the use of intelligent DNS protection. The Cisco Umbrella solution offers proactive protection by blocking access to malicious targets at the DNS level. To do so, Cisco uses its own network, which repeatedly checks several billion accesses every day, analysing them in real-time using machine learning.

To make sure you keep track of it all, there’s Cisco’s SecureX. The cloud-native platform links the Cisco security portfolio with the existing infrastructure, can be completely integrated, is easy to use and offers a uniform and transparent overview of everything that is happening in your network. Automated workflows reduce the time needed to detect attacks, ensure compliance and quickly and effectively launch a defence.

With the Bechtle experts’ knowledge and expertise, you can keep your systems up-to-date and make sure your businesses is protected against unauthorised access today and tomorrow.

Get in touch today. We are looking forward to hearing from you.

Share article

Published on May 3, 2021.