Good network hygiene
“I thought that was a big escalation of what threat actors are doing,” he notes. “They've gone from going after individual computers, share drives, servers and databases; now they're compromising software to obtain greater scale.”
To better protect against attacks, Schilling suggests good network hygiene, such as shutting down shared services between work stations to prevent an actor from being able to move laterally, and also maintaining good backups of computer systems and data. Honeypots sniff out potential attackers within two minutes, he notes.
For potential victims of server attacks, “it's all about patching and staying up to date with all of the applications you run inside your webserver,” Schilling points out.
Despite the latest cyberthreats, SQL injection is “still a vector of compromise 15 to 20 years after being highlighted as something people should be looking out for,” points out Rush Taggart (left), CTO of CardConnect, a Philadelphia area-based financial technology company that processes card payments for 65,000 merchants, of which 125 are Fortune 500 and “probed daily by attackers.”
Keeping threats out might be your goal, but Wolf believes organizations should take the view that malware will get into your network. “You have to look at the behaviors in your network to know what's wrong,” he says.
Available tools rank and categorize the seriousness of threats and abnormalities, telling organizations via text or other communication means what they should attack first in terms of remediation because a lack of human resources to analyze the level of threat. “We can't react to everything all at once,” he explains.
Anti-virus tools can't keep up with hackers figuring out new ways to break in.
“There are constant [hacker] routines out there pinging every IP address known to mankind, trying to look for vulnerabilities and how to get through and plop some problematic injections into your networks to be used now or later,” Wolf explains.